Hackers Claim Vast Access To Western Digital Systems (techcrunch.com) 29
An anonymous reader quotes a report from TechCrunch: The hackers who breached data storage giant Western Digital claim to have stolen around 10 terabytes of data from the company, including reams of customer information. The extortionists are pushing the company to negotiate a ransom -- of "minimum 8 figures" -- in exchange for not publishing the stolen data. On April 3, Western Digital disclosed "a network security incident" saying hackers had exfiltrated data after hacking into "a number of the Company's systems." At the time, Western Digital provided few details about exactly what data the hackers stole, saying in a statement that the hackers "obtained certain data from its systems and [Western Digital] is working to understand the nature and scope of that data."
One of the hackers spoke with TechCrunch and provided more details, with the goal of verifying their claims. The hacker shared a file that was digitally signed with Western Digital's code-signing certificate, showing they could now digitally sign files to impersonate Western Digital. Two security researchers also looked at the file and agreed it is signed with the company's certificate. The hackers also shared phone numbers allegedly belonging to several company executives. TechCrunch called the numbers. Most of the calls rang but went to automated voicemail messages. Two of the phone numbers had voicemail greetings that mentioned the names of the executives that the hackers claimed were associated with the numbers. The two phone numbers are not public.
Screenshots shared by the hacker show a folder from a Box account apparently belonging to Western Digital, an internal email, files stored in a PrivateArk instance (a cybersecurity product), and a screenshot of a group call where one of the participants is identified as Western Digital's chief information security officer. They also said they were able to steal data from the company's SAP Backoffice, a backend interface that helps companies manage e-commerce data. The hacker said that their goal when they hacked Western Digital was to make money, though they decided against using ransomware to encrypt the company's files. [...] If Western Digital doesn't get back to them, the hacker said, they are ready to start publishing the stolen data on the website of the ransomware gang Alphv. The hacker said they are not directly affiliated with Alphv but "I know them to be professional." Western Digital said they're declining to comment or answer questions about the hacker's claims.
One of the hackers spoke with TechCrunch and provided more details, with the goal of verifying their claims. The hacker shared a file that was digitally signed with Western Digital's code-signing certificate, showing they could now digitally sign files to impersonate Western Digital. Two security researchers also looked at the file and agreed it is signed with the company's certificate. The hackers also shared phone numbers allegedly belonging to several company executives. TechCrunch called the numbers. Most of the calls rang but went to automated voicemail messages. Two of the phone numbers had voicemail greetings that mentioned the names of the executives that the hackers claimed were associated with the numbers. The two phone numbers are not public.
Screenshots shared by the hacker show a folder from a Box account apparently belonging to Western Digital, an internal email, files stored in a PrivateArk instance (a cybersecurity product), and a screenshot of a group call where one of the participants is identified as Western Digital's chief information security officer. They also said they were able to steal data from the company's SAP Backoffice, a backend interface that helps companies manage e-commerce data. The hacker said that their goal when they hacked Western Digital was to make money, though they decided against using ransomware to encrypt the company's files. [...] If Western Digital doesn't get back to them, the hacker said, they are ready to start publishing the stolen data on the website of the ransomware gang Alphv. The hacker said they are not directly affiliated with Alphv but "I know them to be professional." Western Digital said they're declining to comment or answer questions about the hacker's claims.
Fuck that. (Score:1)
Re: (Score:2)
Give them 8 figures, or anything really, and you're creating a much larger problem for everyone else.
True. But since when did US businesses care about anything other than themselves?
Re: (Score:2)
If you give them anything, can you guarantee they won't publish the data anyway? Or sell copies to others?
Re: (Score:2)
If you give them anything, can you guarantee they won't publish the data anyway? Or sell copies to others?
I was going to mod this "insightful" but it's so forehead-slappingly obvious that no blackmailer would ever delete files like these that it seems redundant.
Re: (Score:3)
But none of that is a guarantee.
Re: (Score:3)
Give them 8 figures, or anything really, and you're creating a much larger problem for everyone else.
The only possible reason to do that would be to keep it a secret from investors but this cat is out of the bag.
(Kudos to WD for disclosing it immediately)
Re: (Score:3)
And you just showed everyone that they are a juicy target which does not mind paying.
Good idea, signalling to all the bad guys that they are worth hacking.
"I know them to be professional" (Score:2)
You keep using that word. I do not think it means what you think it means.
Re: (Score:3)
Technically correct. The best kind of correct.
Randomly posting Futurama quotes on Slashdot since 2003
Firmware on WD drives not trustable (Score:1)
Re: (Score:2)
Everyone should assume that firmware on WD drives cannot be trusted at this point.
It's worth scrutinizing. It would suck if the firmware watched for a read operation that returned a key sequence of bytes and substituted something else - say an alternate object file.
Re: (Score:1)
It's worth scrutinizing. It would suck if the firmware watched for a read operation that returned a key sequence of bytes and substituted something else - say an alternate object file.
Your antivirus would see that, too.
Signed files would still fail the signature check.
Re: (Score:2)
It's worth scrutinizing. It would suck if the firmware watched for a read operation that returned a key sequence of bytes and substituted something else - say an alternate object file.
Your antivirus would see that, too.
Signed files would still fail the signature check.
Assuming that the platform is running antivirus and that the virus definitions include the changes that the firmware could make. Not all platforms run antivirus. Same deal for signature checks, a lot of platforms don't check signatures on signed files. Even when signatures are being checked, they will be checked for a certificate that chains up to a trusted root certificate - the trusted roots are also read from storage, and really clever firmware could inject additional trusted roots allowing signature che
Re: (Score:1)
You seem to be under the impression that drive firmware was ever secure in the first place.
I have to say, it would be REALLY interesting to get the source code for firmwares like this. Is their encryption system actually secure? Do they have 3-letter backdoors? How awesome would it be to run open-source drive firmware!
Re: (Score:2)
Everyone should assume that firmware on WD drives cannot be trusted at this point.
I don't know the details but every digital signature system ought to have built-in revocation. It's security 101.
Re: (Score:3)
Someone who hacked a company with the goal of infecting their firmware wouldn't publicise the hack or demand a ransom.
If anything, a high profile hack and data leak is very bad for anyone looking to spread malicious firmware - it potentially exposes them, draws more scrutiny and focus on security.
Re: (Score:2)
Does drive firmware automatically update itself? I have never seen that happen to any drive that I have ever had.
Re:Firmware on WD drives not trustable (Score:4, Funny)
Everyone should assume that firmware on WD drives cannot be trusted at this point.
Maybe, but seems too much work when we already have Intel ME :)
Western Digital Starting to Rot? (Score:1)
SanDisk was acquired by Western Digital (Score:4, Informative)
https://en.wikipedia.org/wiki/... [wikipedia.org]
Re: (Score:2)
Just supplying some trivia, not criticizing (Score:2)
It's like when WD bought HGST, but still used their drives, you have to check to know what's under the label. People still sometimes shuck their external drives when they get steeply discounted, as they often contain premium HDDs in them.
Re: (Score:2)
10 years ago, WD closed the deal on Hitachi GST (HGST) and bought SanDisk. Because of their joint research agreement, SanDisk was held separate from the WD in general to insure the agreements were not compromised. Even though WD bought HGST, it was HGST leadership that took over w/ the old WD executives being pushed out. HGST (which was the former IBM hard drive business) and WD had very different cultures. It never really came together. Then WD dropped the ball and went with MAMR which they abandoned after
It has not been good for WD for sometime (Score:2)