All times are UTC - 5 hours [ DST ]




Post new topic Reply to topic  [ 5 posts ] 
Author Message
 Post subject: Hacked SSD has hidden partition in "dead sector" help?
PostPosted: February 12th, 2019, 12:41 
Offline

Banned User

Joined: February 12th, 2019, 12:29
Posts: 1
Location: Detroit
Greetings,

Recently I had the unfortunate opportunity to obtain a Conficker worm which created a backdoor for mr hacker to hop on over to my Linux drive.

I'm trying to clean this PC and a brand new SSD suddenly is reporting bad sectors which was strange. I formatted the drive and wiped the empty space, and about 1 hour after getting back online, this hacker strikes again with some kind of heartbleed attack and my kernel crashed. Upon reboot, logs indicate something like dbus session created. I don't recall specifically; BUT previously he was accessing this drive through a hacked M.2 windows drive by bridging the bus and creating a terminal session.

ANYWAY! I know this drive has some kind of hidden and protected partition in an area with sectors marked as dead. How do I go about restoring this drive?......because formatting didn't do the trick, neither did secure wipe in UEFI.

Anyone know how to fix this?


Top
 Profile  
 
 Post subject: Re: Hacked SSD has hidden partition in "dead sector" help?
PostPosted: April 19th, 2019, 8:46 
Offline
User avatar

Joined: April 22nd, 2015, 20:32
Posts: 226
Location: Portugal
What is the SSD model?

_________________
BTC Wallet - 3AoQPTBsz9PbfoanCx44Lw76Y2TwtKa1x5


Top
 Profile  
 
 Post subject: Re: Hacked SSD has hidden partition in "dead sector" help?
PostPosted: April 29th, 2019, 22:05 
Offline

Joined: April 29th, 2019, 21:06
Posts: 1
Location: Australia
I am wondering if the drive model matters.

I have been professionally "burned" by a Chinese hacking operation at one of my client sites because of their circumstances investigating a Chinese state owned manufacturer it was most likely a State security operation. Part of their infiltration process was to target SSD drives and create a complete virtual PC in the reserved storage space of the SSD's They did not bother with the few spinning disk drives, only SSD's

This all happened about 9 months ago and I spent a lot of time researching known disk hacking techniques and asked on some security technology forums. Yes people had seen this a few times, no they did not know how they accessed the SSD firmware, patched it and then had a inaccessible residence to do what they liked which in this case was surveillance and document retrieval. The only fix was to buy new SSD's, re sterilize the systems and rebuild onto the new SSD's, motherboards and HDD's ( I replaced ALL storage just to be safe ). Fortunately they had ignored the very high end video cards.

At the heart of this debacle was that the hacking compromised the firmware of all the SSD's which were Samsung, Intel and Crucial devices ranging from 480GB to 960GB. Now some may call me cynical but guess where most of our software development for embedded devices now occurs either directly or through subcontracting? China. Even if you take Intel and Crucial as American based operations they still use the firmware kits of the same SSD controllers chips that are used everywhere else. I have no idea how much source code is given to manufacturers but it hardly matters when spooks get involved and money is freely available.

I was left with the only option being to replace these devices. The client was super angry. During the whole process the Chinese were interactively attempting to stay onsite. Yes they had also hacked the firewall UTM (password sniffed) and the Linux based phone system and handsets so they was also replaced - I kid you NOT! Client almost went under financially as a result so this is quite serious.

I have mentally given up trying to pull it all apart and understand technically exactly how they did it. Even if I did get to that point, who says their techniques are fixed? Experienced state level hacking is not something I can protect against, ever.

So if your SSD has been hacked then put a screwdriver though it. Hackers are smarter than us and without proper defensive or recovery tools you cannot save the drive. Remember there is at least 10% reserved storage for flash wear replacement, 20% in the Pro and Enterprise devices, That is a lot of space for a virtual PC!

Oh and all of this experience brought to light the wonders of our new UEFI firmware in motherboard BIOS and Graphic cards... Extremely hackable despite all the "assurances" by manufactures and industry bodies. What a joke our security is nowadays when the underlying foundations we trust in are so easily compromised. :x

What I really wanted back then and still want is a utility that will format EVERY bit of flash in an SSD including cells marked as bad or are reserved. It would also be nice to be able to checksum the drives firmware and forceably replace it via JTAG etc.


Top
 Profile  
 
 Post subject: Re: Hacked SSD has hidden partition in "dead sector" help?
PostPosted: April 30th, 2019, 10:59 
Offline
User avatar

Joined: December 4th, 2012, 1:35
Posts: 3387
Location: Adelaide, Australia
what was the evidence pointing to hacked firmware? not including symptoms or lack of any other explanation.


Top
 Profile  
 
 Post subject: Re: Hacked SSD has hidden partition in "dead sector" help?
PostPosted: April 30th, 2019, 14:31 
Offline
User avatar

Joined: April 22nd, 2015, 20:32
Posts: 226
Location: Portugal
HaQue wrote:
what was the evidence pointing to hacked firmware? not including symptoms or lack of any other explanation.


this.

_________________
BTC Wallet - 3AoQPTBsz9PbfoanCx44Lw76Y2TwtKa1x5


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 5 posts ] 

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group