How to Quickly and Securely Wipe Files and Clean HDD/SSD Before a Search
As has been discussed many times, in the current climate, almost every resident of Belarus and Russia faces the risk of physical detention. Anyone can be anonymously reported, for example, for allegedly financing extremists. Law enforcement may then conduct a search of the suspect’s home, sometimes forcibly entering. All computers and mobile devices are seized for examination.
It’s common for authorities to find plenty of evidence that can be used to charge a person under multiple articles. In such situations, it’s crucial to securely delete all information from drives and mobile devices before a search, so that malicious actors cannot access your contacts, social media, or messenger accounts—otherwise, you risk exposing your friends and providing more evidence to investigators.
Time Buffer
One of the main goals is to ensure at least a small time buffer before someone gains access to your drives. This time is needed to perform all necessary actions—such as starting data destruction processes on your devices.
It’s important to have an uninterruptible power supply (UPS) for all computers. This will allow you to complete necessary actions even if the power is cut.
Early warning systems can be organized in several ways:
- Allies in law enforcement who have access to information about new criminal cases and investigative actions (in practice, this is one of the most effective early warning methods; hundreds of peaceful citizens have managed to evacuate just before hostile actions began);
- Outdoor surveillance cameras at the entrance to your yard, building, or apartment. Modern building-wide surveillance systems sometimes provide residents with accounts to access video streams. You can supplement these with personal cameras on your floor and set up remote access to monitor from your phone;
- Reinforced doors and windows.
Backups
Everyone should make backups, but in this context, it’s absolutely essential. The classic 3-2-1 backup scheme needs to be adjusted so that no backups remain at your primary residence. Store backups in cloud storage, on remote hosting, or on a spare server physically located elsewhere.
Access to backups must be impossible for someone who knows your password and has access to your computer or mobile devices. Two-factor authentication using a device that cannot be seized (e.g., stored in a foreign bank safe deposit box) is one option. Another is Shamir’s Secret Sharing, requiring several trusted parties to access the backup.
Direct Data Wiping
Linux
SSD
For fast SSD wiping, use the ATA/NVMe Sanitize Crypto Scramble method (also known as Secure Erase or Crypto Erase). This changes the encryption key for self-encrypting SSDs, turning all data into meaningless garbage.
If you have more time, you can use physical block erasure (ATA/NVMe Sanitize Block Erase) or multiple overwrites (ATA/NVMe Sanitize Overwrite). These are slow but guarantee 100% data removal.
Unfortunately, there are no simple, universal open-source tools for these operations. You’ll need to use manufacturer-provided programs (Secure Erase or Sanitize options in BIOS/UEFI) or free utilities like hdparm and nvme-cli from the proprietary Parted Magic suite. Note: Parted Magic is paid, but some utilities are free and open source.
The simplest option is to reinstall the OS with full disk reformatting and encryption (full disk encryption).
General steps:
- Check BIOS/UEFI for Secure Erase or Sanitize options. If available, use them. Here’s official documentation for erasing drives from BIOS for various laptop brands:
- Lenovo ThinkPad
- HP
- Dell
- If not available, you can buy or download from torrents the Parted Magic image (latest: parted_magic_2021_05.12.iso) and create a bootable USB or DVD using Rufus (Windows) or Etcher (macOS).
The program provides a simple interface for wiping HDD/SSD. Note: these options are for wiping the entire disk, not individual folders or partitions.
For external drives on Linux, use the blkdiscard command to zero all blocks:
$ blkdiscard /dev/sdX
If your controller or drive doesn’t support this, you can re-encrypt the entire disk (using LUKS or Veracrypt).
A less secure method is to manually delete files and overwrite sectors with random data, e.g., using BleachBit or the secure-delete command-line tool:
$ apt-get install secure-delete
This package includes four tools, such as srm for secure file deletion and sfill for wiping free space:
$ srm private/* $ sfill /home/username
You can include these commands in bash scripts for remote deletion of private directories.
HDD
For internal/system HDDs, follow the same steps: check BIOS for Secure Erase or Sanitize options. If not available, reinstall the OS with full disk encryption. Since this is slow, alternatives include booting from System Rescue CD, Darik’s Boot And Nuke (DBAN), or ShredOS.
Windows
As usual, the simplest and most reliable solution is to check BIOS/UEFI for Secure Erase or Sanitize options. If not available, look for manufacturer utilities for wiping HDDs and SSDs.
Alternatively, use bootable images like System Rescue CD, DBAN, or ShredOS, or the slowest method: reinstall Windows and re-encrypt the entire disk (Veracrypt or Bitlocker).
A less secure method is to delete files and overwrite sectors several times with random data using programs like BleachBit or PrivaZer. For SSDs, as a last resort, run Defrag in Optimize mode.
Individual files can be deleted with the same tools, but this is unreliable since traces remain elsewhere in the system (cache, swap, indexes, etc.). It’s safer to wipe entire drives.
Temporary Evacuation
If you have enough time, you can not only delete all information but also temporarily evacuate to a safe area. In practice, there are two options:
- Evacuate abroad
- Evacuate to a rural area
For the first, choose countries where it’s harder for malicious actors to reach you. For the second, take extra precautions: new SIM card, new digital identity, avoid cashless payments, etc. See “Virtual Identities, Anonymity, Disposable SIMs—Harsh Reality in a World of Total Surveillance” and “Practical Guide to Online Anonymity” for more details.
For internal relocation, you can rent a house in a village and pay cash. Travel by rideshare or taxi, pay cash, and get dropped off several kilometers from your destination.
Family and friends can help with daily needs during evacuation, but it’s best not to involve them or share your plans or location (for their own safety). This mainly applies to internal relocation. If you go abroad (even to nearby countries like Ukraine, Lithuania, or Poland), you can feel relatively safe, communicate openly, work officially, get paid, and live a normal life. In this sense, going abroad is preferable to rural relocation, which requires strict secrecy.
Experience in Belarus shows that the choice of evacuation depends on the expected punishment: for administrative detention, it’s easier to hide in a village for a few months; for prison time, it’s better to leave the country temporarily.
“Red Button” Apps
For emergencies, special mobile apps like the “Red Button” have been developed. The idea is that in case of danger, you discreetly press a button on your phone (e.g., in your pocket, unnoticed).
Currently, these apps are limited—they only send SMS and emergency notifications with GPS coordinates to a contact list. For Belarus, a “Delayed Start” feature was added, since police often detain people abruptly and seize phones, or disable mobile internet during protests—making it impossible to press the button. So, before attending a protest, you set a timer. If it expires and isn’t canceled, your data is automatically sent to human rights defenders.
It would be useful to expand these apps’ functionality. For example, after sending notifications, they could wipe all data from the phone (factory reset). Since detainees always give up their PINs, only true data deletion is effective—though this may arouse suspicion. Ideally, the real system should be replaced with innocent files.
It would also be helpful to enable SSH access to a remote server, so pressing the “red button” could trigger a bash script to wipe server drives, since after a person is detained with their phone, a home search is likely. This could potentially be implemented with other apps, assigning remote script execution to a side button on the smartphone.