Seagate ships infected drives
The China syndrome pt. II
According to Engadget some Maxtor-branded Seagate drives shipped with a handy little virus:
. . . drives produced by a company sub-contract manufacturer located in China were reportedly sent out with the Virus.Win32.AutoRun.ah program already loaded. Apparently, the molar virus is one that get its kicks by searching for passwords to online games (World of Warcraft included) and sending them back to a “server located in China,” and as if that wasn’t enough, it can also disable virus detection software and delete other molar viruses without breaking a sweat.
So many questions
So what would be different if Seagate was Chinese-owned (see The China syndrome)? I suppose it would be easier to build viruses into the firmware. Array vendors would be likely to see them, but would commodity-based cluster storage have any way to catch them?
What if the virus waited to engage until the drive had 7,000 hours of use? Even array vendors wouldn’t see that during integration.
The StorageMojo take
We can scare ourselves silly thinking about how the Chinese government could use disk drives to ferret out secrets. Ultimately though, any such data has to go through servers and networks to reach the outside world. Scanning outgoing data is the only way to protect against such espionage, be it human or virus based.
Where would that scanning take place? In a router? And where is code developed for routers? Some, at least, in China.
If the Chinese made a $30 billion investment in Seagate they’d have to weigh the short term advantage of surreptitious data gathering against the virtually 100% chance they’d get caught. The impact on their investment and their world image would be huge, especially in all the 3rd world countries that would have no idea how badly they’d been compromised.
Disk-based espionage seems highly unlikely. Router-based espionage seems much more likely.
Comments welcome, of course.
on November 13th, 2007 at 3:06 pm
To play the devil’s advocate, you make the assumption that the Chinese want to spy. Suppose their current friendly relationship with country x (hopefully not the US) goes south.
From a tactical information warfare viewpoint, the Chinese government may gain more by simultaneously blue screening that country’s commerce and defense capabilities and overloading their networks than by data gathering.
Data warfare is as much about preventing access to important information as gaining it.
on November 13th, 2007 at 3:50 pm
Jonathan, good point. I could see that happening to a small, irritating country - Vietnam, Korea, Taiwan, Mongolia - where China could move in militarily.
China’s export-led growth militates against such an act of war against major trading partners, such as the US, Japan and Europe, unless things got really crazy. Industrial espionage is much more valuable to the Chinese economy, just as it was to the 19th century US economy.
To mount such an attack, the Chinese government would have to ship millions of drives with a hidden logic bomb trusting that no one would find it. Then it would have to get a message to all those drives telling them to attack unless they were on a timer.
How likely is that?
There are much more obvious ways to take out the Internet for a few weeks. Using disk drives would be too much trouble with too great a risk of detection. Engineers who qualify disk drives are pretty smart and use a lot of different tests to discover drive firmware bugs. I wouldn’t want to be the bright guy who told the leadership that a disk drive logic bomb could be hidden for a few years.
Robin
on November 13th, 2007 at 5:37 pm
Robin, the Chinese don’t have to ship millions of infected drives and hope they’re not found. If they ship a couple of hundred infected drives and they’re caught quickly, it will raise and incredible amount of hell with the IT infrastructure.
Everyone with sensitive data and Seagate drives would have to insure that none of their drives were infected. That would be an enormous effort and cost a whole bunch of money. Meanwhile we’d be stuck with thousands or millions of suspect computers, some of which will undoubtedly be performing critical jobs..
This may not be a deliberate move in the Chinese information war, but it’s extremely troubling nonetheless. Prudent vendors may have to start checking every single drive before they install it.
on November 14th, 2007 at 9:43 pm
Chiropetra,
True. Which gets us back to the issue of “why?” The Chinese government has good reason not to do that, unless it is war.
If it is war, then disk drives might play a part. Yet who better than China to mount a massive cyber-attack on the Internet infrastructure of the Western world? That is a much more obvious vulnerability.
Robin
on November 14th, 2007 at 11:02 pm
Chinese govt? What about the US government - they’re ACTUALLY spying on us RIGHT NOW.
Granted, hypothetical discussions are interesting but this is a problem that needs to be solved now.
on November 29th, 2007 at 3:37 pm
[...] And, yeah, the most recent 3200 had that Chinese virus problem, but Avira’s AntiVir blocked it and a quick reformat wiped it clean… It’s kind of amusing to be personally affected by a tech meme, isn’t it? [...]