http://www.zerohedge.com/news/2015-02-16/moscow-based-security-firm-reveals-what-may-be-biggest-nsa-backdoor-exploit-ever
Annonymous former NSA employees say NSA is behind it. Given the ZH Russophilia is off the scale, once has to take this with a grain of salt, but the if true I guess I would not be surprised. Perhaps people here more tech-minded can explain firmware and if there is a way to find out if a hack is present and/or what can be done about it.
Okay, this seems unlikely, but perhaps possible depending on what type of architecture the drive companies have adopted lately
A Drive typically talks over a SATA interface. - which is really just a fast, fast serial bus. This is the ONLY connection to the main computer.
One each drive there is a (typically green) PCB circuit board and on this is various circuity - this circuitry runs a program called "firmware" that knows how to translate a computers request for data to be read from ( or writen to ) the drive into the various actions for actually doing so ( spinning the drive at X rpm, moving the head to such and such a sector, doing multiple reads to make sure they all come out the same and so on)
Originally these programs were stored on an Integrated Chip (IC ) - indelibly -- literally hard coded into the silicon.
Later as long term, powered off memory became cheap and inexpensive, you could use "FLASH" roms (read only memory) to store this information. Flash Roms typically require you to hold a lead into them low or high, and this lets you overwrite old data ( if you ever updated a bios, its the same deal)
This is really cool if you have a mistake in your basic program. If its in an indelable IC, you are done. you have to replace the control board. If it is in falsh, you simply overwrite the data.
Typically on peripheral devices, like a drive, you would have to have a special cable to plug into a couple of jumper blocks and this would let you overwrite the drive. In today's better world they probably replaced that with a command you could send over the SATA that would put the drive into a special mode where you would overwrite the flash, using data also sent over the SATA link. If the morons did that, then yes you could potentially create a program that messes up how a drive works, making it copy data into special partitions etc. Retrieving that data from the OS and getting it over a network would require another program (or physical access to the infected drive) How this is helpful is beyond me, since if you have the OS access to do that, you probably haVE OS access to read the drive without mucking about with the firmware.
