I’ve got some malicious firmware which is affecting the hard drive’s operation with windows and the bios.
Using WD’s own tool Data lifeguard diagnostics, the hard drive a 4TB blue is reporting itself in Windows 7 pro as a 3.63TB after formatting drive, but the Data lifeguard diagnostics program is reporting the drive as a 1677.80GB drive. I have photos of this but someone keeps deleting the photos and screen dumps.
Now this is a new pc, had a new bios installed by flashing with pomona soic clip and a raspberrypi with jumper cables as it got hacked, Gigabyte the motherboard manufacturer have released a new special bios to help try to resolve the situation with the bios hacking, but when I access their website, I have to lower my security to TLS1.0 to get through to them which is vulnerable to the BEAST attack which makes it possible to pull usernames and passwords out, and as this malware seems to be targeting the firmware of devices in a computer (bios, sata controllers and hard disks) but also targets network switches which are typically sold in the only major high street store here in the UK, pcworld.co.uk, our Linksys & Cisco phone systems, as the caller Id international standard uses the v.23 protocol, an old dial up modem protocol as an unrestricted attack vector into my computer systems, its a very joined up piece or suite of malicious code.
Despite using various Linux distro’s from the front cover of magazines to load a live instance of various Linux distros beit latest Ubuntu, Q4OS a windows XP look a like-ee, or even older distros I have like a 2014 parted magic, and despite doing dd if=/dev/zero of=/dev/sda bs=4M so the drive is totally wiped clean which takes 26 hrs to wipe these 4TB blue incidentally, the malware seems to be persistent. Where magazine distro’s have been used previously in an online computer system, we have been prevented from booting from the bios and using the Linux distro to wipe clean the hard drives before reinstalling windows, so the logging of every magazine cd/dvd that’s been put into our computers here has been taking place.
As windows no longer provides a proper disk cleaning routine, last seen in Windows XP, facilitating criminal activity who can hack the hardware, is there anything I can do to wipe the firmware of the hard drives and reinstall new firmware to the hard drives?
I’ve been looking at the hacking detailed at spritemods com in particular this link Sprites mods - Hard disk hacking - Intro and would also note on page 7, the author highlights that a magic string can be used to reactive malicious firmware.
One attack vector with windows users, is windows use of a swap file, a relic from the days when pc’s had very little ram and needed to use a swap file on the hard drive as virtual memory. So if a system can be compromised from a zero day, the activity is to head straight to the firmware to get firmly embedded. Then even if a system is totally wiped down, dd /dev/zero’ed the threat is still persistent. Then to activate again anything online either a websites own content or simply an advert embedded in some media companies online websites can be used to deliver the magic string to the computer again which in turn can then be used to activate the malware on the hard disk as it goes through the windows swap file on the hard drive.
Considering how effective the advertising tracking is, the ability to consistently deploy malware through the advertising network is a very effective one.
So does anyone from Western Digital read these forums, and does anyone know if they provide any firmware verification or updating tools?
Is there a separate channel I need to go through as I cant trust the phone system here what with all the hacking that’s been taking place on the phone system here with both British Telecom and TalkTalk.
Thanks for your help.
Richard Rose
Intelligent Silicon Ltd
