Reportedly the NSA is hiding spyware in hard drive firmware.
Wiping the hard drive and reinstalling the OS won't fix this.

Dunno how likely this all is or how likely your computer is to have infected firmware though.
posted by Confess, Fletch at 9:06 PM on April 16, 2016

I have an old friend who bought a used hard drive, and was subsequently busted for Kiddie Porn. This is his claim, and he is an activist of sort. It pretty much ruined his life. I figure almost any evidence can be made up these days, or exported to your machine,...I would never buy a used machine, or drive, I would never sell my camera, I would buy a new one and keep or destroy the old one, because of potential claims to my images.
posted by Oyéah at 9:10 PM on April 16, 2016

Just use a program like Dban (for Windows) or Apple's supplied Disk Utility to do a full secure erase of the hard disk, then reinstall from scratch.

The ultimate answer is that you cannot trust any computer once you've connected it to the internet, if the big boys want your data.

If you've erased the disk completely, there's no child porn, nuclear secrets or anything else.

How deeply paranoid do you want to be?
posted by blob at 9:55 PM on April 16, 2016 [13 favorites]

Seconding blob. You can pretty easily erase the stuff on a hard drive of a computer in a basically unrecoverable way, so if that's a concern, it's addressable. However, you have to be comfortable with reinstalling the OS on the computer afterwards.

There are some advanced persistent threats that can survive a hard drive wipe, but it isn't at all common to have a computer infected with that sort of thing, due to the difficulty in finding and exploiting issues of that nature. If you suspect you're a target for espionage from a nation-state, then worrying about this may be justified, but it's usually not an issue. And even if it were, a nation-state would probably have the resources to infect a new computer you might buy if it suited their interests.

My personal feeling is that it's perfectly fine to buy a used computer, but only if you're willing to do the work (or find someone to do the work) of erasing the hard drive and reinstalling the OS first.
posted by Aleyn at 10:33 PM on April 16, 2016 [4 favorites]

Potential risks? Sure, you have them covered here, albeit with what I'd think are pretty extreme examples. But let's not forget that you're not even safe with brand new hardware if you want to go the paranoid route.

If you want to eliminate potential and likely risks, remove the hard drive at the earliest opportunity, and obliterate it with a hammer. Brand new hard drives are cheap, or better yet, get a shiny new ssd and give the machine a speed boost too.
posted by Juso No Thankyou at 10:46 PM on April 16, 2016 [1 favorite]

There have been instances of malware that install themselves in the BIOS.
posted by Chocolate Pickle at 11:52 PM on April 16, 2016

Exotic malware aside, fully wiping the hard drive (i.e. not just re-installing Windows) will remove anything unpleasant that might be residing on it. If you want to be even more careful you can buy a new disk and just destroy the old one.

Do either of the above and the risks are absolutely minimal.
posted by anaximander at 3:22 AM on April 17, 2016 [2 favorites]

yes, there certainly is a theoretical possibility. but (1) the odds must be extremely low and (2) the same is true for new hardware - the nsa has been caught intercepting hardware that is being delivered to buyers.
posted by andrewcooke at 5:16 AM on April 17, 2016

I recently had occasion to use the PhotoRec data recovery utility to recover whatever I could from a customer's computer, after it had suffered a bout of ransomware and most of what remained accessible had become useless.

PhotoRec did good work: I got back about a third of the photo collection they'd lost, which was certainly more than they would have got back without it. But the part of that exercise that took most of the time was not running PhotoRec itself, but winnowing out the customer's photos from the hundreds of thousands of recovered porn images they were hiding amongst.

Turns out that the brother of the guy who had built them that system had borrowed a hard drive from shelf stock to take to a LAN party, where it had been loaded up to its full terabyte of capacity with whatever Kids These Days share at LAN parties when they're not blowing up each other's avatars in grisly ways. The system builder had then just taken the drive off the shelf, stuck it in the box and done a clean Windows 7 install on it. Hadn't zeroed it first. Who zeroes shelf stock? And in the two years my customer had owned this box, they'd only managed to use up about 10% of the drive.

My standard procedure for refurbing second-hand boxes includes writing zeroes to every sector on the hard drive before installing the OS (DBAN is indeed a good tool for this). I'll also flash it with its latest available BIOS: not so much to wipe out malware, though that's a bonus, but just to ensure the BIOS chip contains no faded data. I've seen old BIOS chips spontaneously corrupt themselves before now.

The single best move you can make for avoiding the effects of malware that hides inside firmware (which is still super rare) is to install something other than Windows. As far as I know, all the BIOS-resident malware that actually exists in the wild is still designed to attack the Windows boot sequence, and will not succeed if the hard drive is set up to boot something else.
posted by flabdablet at 5:31 AM on April 17, 2016 [3 favorites]

The best way to consider risks like this is to think about what security professionals call the threat model. What are you protecting, who are you protecting it from, and what are the attack vectors for both of those? For any machine, esp a used machine, the above advice about zeroing the hard drive is necessary. Immediately zero the drive and reinstall the operating system. Will that remove all risk? No, but there's very little you can do to actually remove ALL risk. Even if you assume the drive is safe, and that there's nothing hidden in the bios, and that there isn't a hardware key logger installed....well, those chips were probably manufactured in China, and there's a risk there's a hole in the silicon itself that can be exploited. But very, very few people are actually targets of groups/institutions that would be able to pull one of those exploits off.

As they say, if your "enemy" is a US three-letter-agency, there's very little you can do, ultimately, to prevent some information leakage. It's possible, but professionals screw that up _all the time_ and anyone who isn't a professional at computer security has very little chance to hold off a determined attacker.
posted by griffey at 3:33 PM on April 17, 2016 [1 favorite]

also it's worth pointing out that although NSA and friends *can* implant malware in hard disk firmware, they have an incentive to only do so to specifically targeted individuals. the more copies of their jigged firmware are out there, the more likely that some random researcher will find it and get a sweet Defcon or CCC presentation out of it (at which point that implant becomes useless because the entire security industry knows about it). Its basically the same reason the FBI is refusing to say how they ended up getting into that iPhone.

these threats exist, but they're effectively zero-risk unless a serious agency has decided that *you* *specifically* need to be looked at.
posted by russm at 11:57 PM on April 17, 2016

Seconding what Aleyn and anaximander said. There's no sense avoiding a used computer because of an infinitesimally small chance of hardware infecting malware. You could just as easily pick that up on day 1 of a new computer purchase. Making sure you have the license information you need (or a new operating system) just DBAN the hard drive and install a clean OS.

If you're buying a Windows computer, let it upgrade to Windows 10, then make media using the built-in tool for this and wipe it. This effectively gives you a free Windows 10 install.
posted by cnc at 9:59 AM on April 18, 2016

As above, use something like DBAN to wipe the disk is the main thing to do, and then a completely fresh install - that way you know what's on the system.

I'd advocate against buying used hard disks, but more because they're not very reliable in my experience and new hardware is relatively cheap.

However ignore the concerns about exotic malware and three letter agencies, possible isn't probable - if you are directly or indirectly targeted by that kind of adversary then buying new rather than used hardware won't really alter the level of risk you're under and certainly shouldn't affect your purchasing decisions.
posted by DancingYear at 1:49 PM on April 18, 2016

This thread is closed to new comments.