Pastor and missionary in Costa Rica
Random header image... Refresh for more!

Maxtor disk drives shipped with “password-stealing trojans”

by greg

This came across my computer screen today and I thought I’d just pass it along. Too many people think that “out of the box” computer stuff is just peachy and “clean.” Not so. As wisdom teaches: “Be nice to everyone; trust no one.” Listen to what ComputerWorld had to say today about Maxtor hard drives coming from China (see full article here).

Seagate Technology LLC has shipped Maxtor disk drives that contain Trojan horses that upload data to a pair of Chinese Web sites, the Taiwanese government’s security service warned this weekend.

They say “the drives were infected out of the box” and that “the method of attack was unusual, adding that it suspected Chinese authorities were involved.” Lovely. Another quote from the article:

The two Trojans, said the Investigation Bureau, “phone home” to a pair of Web sites hosted in Beijing and report all data recorded on the compromised drive… This is not the first time that the government of mainland China — the People’s Republic of China — has been accused of cyberspying or other computer hacks and attacks.

So, what do you do? Well, the safest thing to do is to “low-level format” your hard drive before you ever install anything on it (whether you get it second-hand or whether you get it new). For the techies out there, I know it’s not really “low-level formatting” (I know because I read this), but that’s what a lot of folks call it, including the drive manufacturers that provide the utilities to do it. A “low-level format” (which is actually a “mid-level format” or a re-initialization of the drive) will generally turn all the bits on a drive back to “zero” effectively erasing everything on the drive.

What would I recommend? I found a really neat utility, and I think it’s really neat because it caters to my cyber-paranoia. :-) Check it out: It’s called Darik’s Boot and Nuke. Here’s what “Darik” says about it:

Darik’s Boot and Nuke (“DBAN”) is a self-contained boot floppy that securely wipes the hard disks of most computers. DBAN will automatically and completely delete the contents of any hard disk that it can detect, which makes it an appropriate utility for bulk or emergency data destruction. DBAN is a means of ensuring due diligence in computer recycling, a way of preventing identity theft if you want to sell a computer, and a good way to totally clean a Microsoft Windows installation of viruses and spyware. DBAN prevents or thoroughly hinders all known techniques of hard disk forensic analysis.

Enjoy! ~Greg