I want a Model 22 HDD Hard Drive Disintegrator

Here at Microsoft we have an active internal discussion group where most security-minded folk hang out. The topic of data destruction came up recently, it’s actually a lot more difficult than most people think. CIPHER /W and SDELETE do a reasonable job, but they aren’t perfect: the paper One big file is not enough: a critical evaluation of the dominant free-space sanitization technique dives into some interesting detail. Frequently people talk about DoD (U.S. Department of Defense) compliance, but seven wipes really aren’t necessary, according to Secure deletion: a single overwrite will do it. I’ve always thought the notion that bits will somehow “soak” down into the disk and could be recovered by “shaving off” the disk’s top layer is silly—probably invented by the folks who want to sell you secure wipe utilities. If that were really true, then it would be a fairly simple operation to “wash” away encryption, no?

For thorough data destruction, I’ve been a fan of shotgun washing. But for those without shotguns at the office, a company called Security Engineered Machinery has introduced the Model 22 HDD Hard Drive Disintegrator.


This system is built specifically to destroy hard disk drives. Load up to 10 drives on to the automatically indexing conveyor and in 30 minutes you’ll have nothing but a pile of metal chips. The unit comes as a complete system, including sound-dampening enclosure and HEPA vacuum to remove airborne contaminants. The disintegrator’s rotating knives transform the drives into unreconstructable fragments, leaving all data unrecoverable. the bin is made of aluminum, to prevent magnetic pieces from sticking to it

Watch the video, it’s pretty cool. I love the narrator’s dead-pan delivery, but the resemblance to the Illudium Q-36 Explosive Space Modulator really made me chuckle. They should do a marketing tie-in with Marvin the Martian.


“Oh, recoverable data makes me very angry. Very angry indeed!” (h/t Scott Culp for the quote.)


Speaking of washers and aluminum, my six-year-old Frigidaire front-load clothes washer started making a loud thumping sound during the spin cycle. So I did a little bit of searching and found out that this particular unit, a popular model made by Electrolux and sold under the Frigidaire, Kenmore, and General Electric brands, was apparently designed by someone who lacked a high school understanding of chemistry. An aluminum spider arm is connected to the stainless steel inner basket, which of course gets wet during use. What happens when you apply water to the interface of aluminum and steel? Galvanic action! The aluminum disintegrates. Some owners have posted videos of their washers here and here.


I’ll attempt the $300 three-hour repair, and I’ll paint the new spider arm with some primer and anti-rust paint. Or maybe I’ll convert it into my very own Illudium Q-22 HDD Explosive Hard Drive Disintegrator.

Comments (10)

  1. Anonymous says:

    Add a zinc sacrificial anode to your tub as well. It doesn’t matter how well you prime/paint the arm, water will get in!

  2. Anonymous says:

    A while back, if you recall, I wrote about the Model 22 HDD Hard Drive Disintegrator (check the link

  3. Anonymous says:

    Those pieces look pretty big Steve, although it may well be security theatre, I have been in the room when the idea of tumbling drives (similar to this shredder in end result) was questioned due to the amount of data on a piece could be several documents (in TB Sized Drives). So the policy of that org was to tumble then smelt like Pete suggests.

  4. Pete says:

    When I worked for a DoD contractor w/ classified systems, we developed a good relationship with the local steal company and used their furnace to destroy everything from Hard Drives to Tapes to boxes of classified documents.  The heat and power was amazing…now those hard drives are probably sitting in some steal beam…..

  5. gbromage says:

    " I’ve always thought the notion that bits will somehow “soak” down into the disk and could be recovered by “shaving off” the disk’s top layer is silly"

    It’s not that silly – same principle (or rather, the opposite principle) to a noise cancelling microphone.

    With the microphone, you record the the background noise with one mic, and the speaker with another. Feed both parts into an op-amp and effectively "subtract" the background noise from the speaker’s mic, to give a clearer voice signal.

    With hard disks, you read the magnetic resonance at a more raw level. The strongest signal (the one most recently written) is what the disk head interprets as the current data, so you feed that (what you expect the disk to say, or what the disk controller says that it says) and the raw signal in, and subtract the clean feed, and what you’re left with is the background noise. Faint, but because it’s digital, sometimes readable.

    But, because you can realistically only read the write-before-last this way, it’s most effective when the bit patterns change, then two wipes with reasonable random data is perfectly sufficient.

    "If that were really true, then it would be a fairly simple operation to “wash” away encryption, no?"

    Yes. So if you have pre-existing data on a hard disk, then just encrypt it sector by sector, it would be possible to remove that and read the unencrypted data below.

    Of course, if you’re overwriting encrypted data with other encrypted data, you’re quite safe – this sort of recovery isn’t an exact science, and a few corrupted bits here and there will make all the difference to whether it could be decrypted even if you had the key.

    Still, I recommend my clients encrypt the disk BEFORE placing any data of consequence on there. Which, for USB disks or secondary disks is fine.  For the boot volume, if you encrypt straight after install then the most the attacker would get is the base OS image.

    And I figure that if the attacker has enough money to own the equipment to be able to do this sort of attack, they probably have enough money to buy the OS install media. Even at the price of Vista Ultimate. 😉

  6. Andrew says:

    Indeed – The pieces being ejected from that disintegration would be considered too big for highly classified data. The disintegrators I’ve seen (which are at least 4-6 times bigger than this unit with a higher capacity) eject pieces no bigger than about 3-4mm. Impressive – And incredibly noisy – stuff.

  7. Diego says:

    I just take the top off the drive and drill some holes in the platters. Leaves me feeling confident that nothing will come off that drive.

  8. Morgan Storey says:

    Zdnet actually did an article on this recently using one of their sponsors to try and recover data, it ended badly because the company couldn’t get data back from the drive that they just hit with a hammer for 30min.

    That being said I usually do 9+ wipes on high value stuff, then open the hard drive, rip out the platters and scratch them with a screw driver before breaking the disk with pliers into 1cm X 1cm peices, then sort them into 4 piles, one goes to the secure recycling at work, another to the secure recycling at another site and the other two piles do the same thing a month later. I reacon that is enough for my envrionment. But I do agree with the confetti then burn/melt approach, but a dedicated machine seems a bit wasteful.

  9. mats says:

    Diego: IBAS has recoverd such disks.

    about 250 grams of C4 will give you very very very small fragmensts left. Unfortunally they choised to melt their drives instead

  10. Drew says:

    HDDErase is much faster and thorough than using cipher.exe.


    From the Readme:

    "HDDerase.exe is a DOS-based utility that securely erases "sanitizes" all data on ATA hard disk drives in Intel architecture computers (PCs).  It offers the option to run the drive internal secure erase command, security erase unit, based on the ATA specification by the T13 technical committee."