I have a client who’s been hosting a lot of sensitive files on a dedicated server that’s co-located at a major provider. We did some juggling and were able to move the files to a different server, and as a result it was time to decommission the old one. Because of the nature of the files, as well as recent high-profile news about security breaches at big companies, he wanted to be sure the files were truly gone. I have no idea how most co-location providers decommission servers and what happens to the old hard drives, but I figured it would be safer to assume the drives could be reused for another client at some point. Someone malicious or just curious would have a treasure trove of information, so I thought about how to completely destroy the data and in fact the server itself.
This isn’t something I do very often (obviously) but after a little thought I came up with a few things that would take care of what was needed. In escalating severity:
Delete all of the files. This is simple, but on a modern filesystem a delete command really just removes an entry in the folder that “points” to the file data. The data itself remains on the disk and can be recovered with advanced filesystem tools. Mac, Windows, and Linux all work this way, so deleting a file is really just superficial. This can be good if you do it on accident and want to spend the time to recover the file, but bad if someone is malicious and wants to find data.
Delete the disk partition table. This ensures that the system won’t reboot because it won’t know how the disk itself is structured. The system can still run without a partition table, but once it’s rebooted it’s toast.
Delete user accounts and access keys. This prevents anyone from being able to login to the server. I could continue working on it in this state, but as soon as I logout I wouldn’t be able to get back in.
Nuke the operating system. I removed all of the boot programs and the operating system “kernel”, so nothing that’s not already running will be able to start.
Zero the disk. There’s about 900GB of space on the disk, and the files are somewhere in there. As mentioned above, a determined person could scan the disk looking for data and reconstruct the files. I created a single massive 900GB file that contains nothing but binary zeros. This will take a while and eventually fill up the disk, but it’s basically erasing all of that hidden file data because the operating system needs to use that space for all of its exciting new zeros. It took about four hours to consume the disk:
root # cat /dev/zero > /zero.dat
cat: write error: No space left on device
root # ls -l /zero.dat
-rw-r–r– 1 root root 929906020352 Dec 5 13:19 /zero.dat
Nice! That’s a big file. Now for the final step:
Nuke the disk. Once the disk filled up with zeros, I simply removed every file on the server. I’d already wiped out the file data with the zero-file; this step will make sure no one can do anything at all on the server. Here goes…
root # rm -rf *
Connection to xx.xx.xx.xx closed.
I don’t know how far the delete got– since it’s typically alphabetic, it probably wiped out all of the programs in /bin, then the hardware devices in /dev, configuration in /etc, shared libraries in /lib, and at some point couldn’t continue supporting my remote shell connection. It kicked me out, and that was that.
Fun stuff. I don’t often get the opportunity to think about destroying stuff.