Emergency method to erase all data off a machine within seconds

Information Security Asked by user238815 on November 21, 2021

Imagine you are carrying highly sensitive information with you, maybe on a mission in a war zone. You get in an ambush and quickly need to erase all the files before they fall in the wrong hands. This has to happen within seconds.

What devices are used for such operations, are there special hard drives which have a physical switch to erase all memory at once? I’m thinking of active storage devices, which lose all information once the power supply is separated.

Addendum 1: As Artem S. Tashkinov pointed out in his answer, for most use cases encryption is enough. But I think there is information so valuable, that even in 50 years, when quantum code breaking may become a reality, it can be harmful. So I edited my question to ask explicitly for a method, which does not leave any way, as computationally hard it may be, to recover any data. I guess this is only possible by physically destroying the components, which hold the information.

Addendum 2:

  • Issues with thermite: Data drives seem to be quite resilient to thermite and even military grade thermate as shown at a talk at defcon 23. It doesn’t seem like using either of these substances is a reliable way of getting rid of the data. The experimental results showed that the drive was mostly intact after the thermite/thermate attack and it seems unlikely that Curie temperature has been reached throughout the plate. (DEF CON 23 – Zoz – And That’s How I Lost My Other Eye…Explorations in Data Destruction (Fixed), thanks to Slava Knyazev for providing this ressource).
  • Issues with encryption: While quantum code breaking will not break all existing encryption (as pointed out by Conor Mancone) there is still a risk that flaws in the encryption are known or will be discovered in the future.

15 Answers

I watched the linked Defcon talks (2012 and 2015) and just wanted to summarize my key takeaways, which surprisingly no other answer has done before:

  • The talks focused on data centers, which means spinning platters (because those are still cheaper as of 2021 when you need hundreds of TB), even though solid state disks might be easier to destroy.
  • The talks focused on spectacular methods, rather than practical ones, because they were meant mainly to entertain not educate.

If on the other hand you choose your storage medium explicitly for fast destruction, it's pretty easy:

  • You can use a micro SD card. Thermite, even large amounts (250g if I remember correctly), were not effective in destroying spinning platters. That's largely because spinning disks are heavy, and to melt them (as a rule of thumb) you are going to need as much thermite as the drive weighs, or even more by some single digit factor. That's dangerous because you end up with a thermite amount in the low kilogram range. On the other hand, a micro SD card weighs much less than 1g. So you can take 15g of Thermite (so like 15 to 100 times the weight of the data storage medium), stuff the card right into the middle of it, ignite it, be really sure the card is melted completely (because you can calculate the heat capacity of the whole thing and the energy released and calculate the minimum temperature the SD card is heated to), and still contain the whole reaction in an easy to carry container (with some noxious gases escaping).
  • For a micro SD, a blow torch should also work fine if you have a minute.
  • The same works for an SSD, everything is just larger (thermite amount) or takes more time (propane torch).
  • Or you can just use volatile storage like RAM. You need a container that's just strong enough to resist your enemies for a few seconds while the data dissipates, if you include a temperature sensor which cuts power as soon as the inside temperature drops below 15 degree Celsius or so and cuts power when it detects the container is being opened.

Answered by Nobody on November 21, 2021

The framing of this question is just completely wrong, and I'd go so far as to suggest the question doesn't belong on Security SE but Worldbuilding SE if you're trying to make up a world where it does make sense. You don't carry sensitive information in cleartext, and you don't destroy media to make information inaccessible. You make proper use of encryption, and you either don't carry the key at all, or destroy the key in emergency rather than destroying the media the (potentially large) data is stored on.

The updates to the question about encryption are just wrong as well. "Torture to get the key" is not an issue because the key is not something small enough to be something you know. Either you don't possess it at all, or you possess it in a form that's easily destroyed (e.g. soluble or ingestable paper). There are plenty of forms of encryption which are not even theoretically susceptible to QC, and even for ones that are, most of the susceptibility is "theoretical" in that it relies on abstract mathematical objects that almost surely can never exist in reality. (But if you don't believe me on this last point, just choose something post-quantum.)

Answered by R.. GitHub STOP HELPING ICE on November 21, 2021

12 gauge slug round. Mill a slot in the leading face of the slug, just large enough to hold a microSD card. If you need to destroy the data, fire the slug against a hard surface. The SD card will impact the surface edgewise and in turn be impacted by the slug. If you keep this round chambered the data can be destroyed in a fraction of a second.

For extra certainty, use a custom slug which incorporates a disc of hardened material as its base.

Answered by Crash Gordon on November 21, 2021

Nitric acid injection

Nitric acid dissolves the platters which destroys any information contained within. A device to inject nitric acid directly between the platters could work by pushing it through the platter bearing.

Answered by Gensys LTD on November 21, 2021

Encryption is the way to go. But you want to destroy the data spectacularily.

Break the HDD platters manually.

A lot of disks can be run with the cover removed (or better yet, replaced with something easier to penetrate and still dust-proof). You may just use something hard (even a finger if you are brave) and break the platters.

Answered by fraxinus on November 21, 2021

1 TB MicroSD card and a blender

The best way is to physically destroy the data. A 1TB MicroSD card probably has enough storage for what you need, if not get multiple.

If you have it stored in a small self-powered blender (battery operated, or perhaps something more redundant than just batteries) you can immediately blend the MicroSD cards and turn them to basically dust. At this point it should not be feasible to recover any data.

Some methods such as magnetic erasing hard drives, shooting them etc may have some amount of recoverable media left. I would think it is less likely to recover the leftover MicroSD card dust.

Answered by H. Daun on November 21, 2021

Some of HPE's SmartArray RAID controllers (for instance, the P408i) support transparent disk encryption. One of the supported configuration modes involves keys that are only ever stored in a protected, volatile, on-chip data buffer. If you pull power to the system, the keys are gone for good and the data they protected is inaccessible. One of their sales engineers told us this mode was specifically made for your exact scenario, and he called it "embassy mode" (meaning if your embassy was under attack, you could pull one plug and destroy all your classified data before the enemy could get to it).

You could also go old-school. Encrypt your data using a one-time pad (uncrackable, even with infinite computational resources) and store the pad on nitrocellulose paper. Get in trouble and the nitrocellulose will burn in a matter of seconds. If you're merely transporting the data and don't need to access it yourself, then send the data and pad separately. The enemy would have to intercept both in order to steal your data. Don't send the pad until after you have confirmation that the data arrived safely. If the encrypted data gets intercepted, re-encrypt it using a new pad and try again. Alternatively, using a pre-shared pad means the pad is never in transit at all and thus there's no opportunity to intercept it.

Answered by bta on November 21, 2021

I love the straightforward logic in some of the other answers. Want data to definitely not fall into the wrong hands? Blow it up. I recognise that your question is looking for answers stronger than "encrypt it" but I do think there are some software based encoding ideas that can complement "blow it up" to make even surer that the secret is kept secret.

The fundamental idea is to ensure as much as possible that even if only a fraction of the data gets destroyed, such leftover signal as could still be recovered cannot be interpreted.

So, here's a few additional thoughts:

  • Reduce redundancy In normal computing, we use duplicate data, error correcting codes and other similar techniques to ensure that even if some data gets mangled the original can be recovered. Here, that's just giving your adversary a free extra life, so we'll want to turn that off.
  • Shuffle. In normal computing, we might localise data on a disk, so that data about the same topic gets grouped together. There are many reasons for this including efficiently accessing it, and giving your programmers a logical framework to reason about. But in this case, because the secret absoltely must not fall into enemy hands, do the opposite. When you write the data to the device, shuffle the bits around: first bit might be near the start, second near the middle, etc. The purpose of this is to ensure that even if your bomb only destroys half the data, the chunk that is left cannot be reasonably interpreted.
  • Add interdependence. In normal computing, to interpret one bit, we read one bit. That is useful for your recovery adversary. Modern encryption standards, however, use a technique called block chaining to ensure that previous bits change the encryption of future bits. Perhaps run your basic encryption forward and backwards, so that all data is tangled into interpreting all data. Again, the purpose here is to squib-proof your encoding. Even if the bomb destroys a tiny fraction of the data, the attacker is left having to guess not just that data but how that data affects the encryption. (There are other more complete ways to add interdependence, but they'd require world-class understanding of coding theory)
  • Use a lot of key. We want to make sure that they have to read several bits to correctly interpret one bit. There is a cipher called the "One time pad" which is mathematically unbreakable. That is, even an attacker with unlimited computational power can do no more than guess what the data said. It's also usually useless because you need at least as much key as you have data to encrypt, and if you had a technique to transmit that securely then you could just transmit the secret securely. Here, though, you can just put the key on the disk. The implication is that to understand one bit the attacker must correctly read 2, so if you manage to destroy either of the 2 you're safe. You can and should still use a more conventional encryption thing: the above forward and backwards chaining is strictly better. But the OTP approach inspires...
  • Shard the data. This is where the "lots of key" option really comes into its own. Instead of putting the data and key all on one device, you have two physical devices, one has the key and the other has the OTP encrypted data. Mathematically, those are equivalent because it is strictly impossible to interpret either without the other. This gives you the good kind of redundancy: you can have two completely separate self-destruct mechanisms just in case the battery in one of your detonators happened to run down.
  • All of the above. In particular: Remove redundancy, then generate a OTP and encrypt the real data with it, then encrypt both the OTP key and the data forwards and backwards with a block-chaining cipher, and then (separately) shuffle the bits of them both, and finally write them to the bomb-laden disks.

These all work together to reassure even the most paranoid intelligence operative that they will be able to destroy their data when it counts. Do be advised, however, when the data gets to the technician at the other end for the wonderful chore of decoding it... you'd better hope they're not licensed to kill!

Answered by Josiah on November 21, 2021

Hard Drive with glass platters

HDD’s with glass platters are common. All you need to do is make sure that your data is stored on one of them, and, in an emergency, chuck it at the ground really hard. This will shatter the platters and make recovery virtually untenable, especially if combined with encryption. If you have a gun, putting a couple of rounds into the drive will reduce them to powder.

If you have specially designed drives, you could likely integrate a small explosive charge that would disintegrate the platters without even breaching the container (much safer than thermite).

A neat concept I’d be curious about I’d if it would be possible to use an acoustic attack. In this paper they demonstrate that you can interfere with the platters of a drive using its resonance frequency. It may be possible to build in an acoustic device that, when powered on, shatters the glass platters.

Edit: an even better answer occurs to me.

MicroSD card: infinite possibilities

The tiny size of a microSD card offers even more possibilities. Crush it to powder between two rocks. Melt it with a cigarette lighter. Shoot it. Hell, if you want a chance at retrieving it, swallow it, or find a patch of dirt and shove it in. The chances of anyone being able to find it are minuscule. Anecdotally, aside from corroded contacts, data on a microSD card that passes through the digestive system is recoverable.

Answered by Daniel B on November 21, 2021

There are two DEFCON videos from 2012 and 2015 exploring this exact issue:

enter image description here

Summary of Viable Options

  • Plasma Cutter
  • Oxygen Injection (Difficult setup)
  • Nailguns (depending on adversary)
  • Damped High Explosives (Lots of kinetic energy)
  • HV Power Spike (Inconclusive forensics)

In essence, your only viable methods are physical destruction

Answered by Slava Knyazev on November 21, 2021

It used to be possible to buy CPU chips with a built-in PROM that would be destroyed on contact with the atmosphere, the idea being to prevent someone from reverse engineering the code that had been burned into the PROM by opening the package and examining the state of fusible links with a microscope. (I once had the pleasure of working with an engineer who reverse-engineered satellite dish video cipher decoders using just that method.)

Answered by Robb Smith on November 21, 2021

Use one of those small form factor M.2 SSDs and find a way to mount it so it can be removed easily. Note that this may need custom development, because I don't know of any modern tools that allow this. However, if you're on a mission in an active war zone carrying highly dangerous information, you probably got a team that can figure something out. Militaries around the world have been working on emergency data disposal for ages. When you're in trouble, pull it out of the drive bay and destroy it with whatever tools you got handy (gun, steel tipped boots, maybe even your bare hands,...). AFAIK it's not possible to recover any data from an SSD that has had the memory modules physically broken.

Answered by Nzall on November 21, 2021

A RAM disk

RAM is cool in that it is volatile memory. This essentially means that once power is cut, all data is lost completely and can never be recovered - essentially, this irreversibly and reliably wipes all the information instantly and does so in a way that cannot be stopped.

Not only is this data irrecoverable, but this method does not include any physical destruction of components and could even be implemented with a dead-man's trigger (i.e. something like a grenade pin that, when removed, cuts the power to the RAM disk to wipe it).

Answered by Daniel H. on November 21, 2021


Thermite burns at a temperature of thousands of degrees centigrade, which would be more than sufficient to destroy all the data stored in any modern data storage medium. It is also already used by militaries for the targeted destruction of equipment. Additionally, according to Wikipedia:

For example, thermite can be used for the emergency destruction of cryptographic equipment when there is a danger that it might be captured by enemy troops.

Answered by nick012000 on November 21, 2021

If you trust encryption then you could encrypt your entire drive using

  • Linux: LUKS (supported by all major distributions)
  • Windows: BitLocker

As soon as you physically switch off the device, all the information turns into random noise which no one will be able to recover unless he/she has the decryption key. However, this method has a major shortcoming: your adversary will know you've got encrypted data and they may force you to spill your secrets.

As for Linux LUKS: if you wipe the first megabyte block of your encrypted partition, the data can no longer be recovered under any circumstances even if you know the key.

If you don't want the adversary to even suspect anything you could use VeraCrypt or DiskCryptor (formerly TrueCrypt) which can create hidden encrypted partitions/containers, but those still can be discovered given enough persistence.

Lastly I'd personally do the following under these circumstances given you have a satellite connection available:

Run the entire system off a live Linux CD and store the data in an encrypted cloud (private or commercial). In this case the adversary will never even be able to deduct anything from your e.g. laptop which may contain a run-of-the-mill Windows OS with pictures of cats.

Also take a look at:

Answered by Artem S. Tashkinov on November 21, 2021

Add your own answers!

Related Questions

What’s a “safe” URL shortening algorithm?

3  Asked on December 31, 2020 by bensower


Securing internet connection with hostile ISP

1  Asked on December 29, 2020 by user242761


Is Chrome Browser/ Computer compromised by KMSPico?

0  Asked on December 27, 2020 by waterbyte


Web Cache Deception – exploitable without a cache server?

1  Asked on December 26, 2020 by citylight


Determine if private key belongs to certificate?

3  Asked on December 25, 2020 by thanatos


Filtering http responses for subdomain takeover

0  Asked on December 21, 2020 by kirill-z


Sql map Manual Vulnerability Assessment

1  Asked on December 20, 2020 by badddy


Unknown folders in OneDrive

1  Asked on December 19, 2020 by user851


Ask a Question

Get help from others!

© 2023 All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP