The controversy surrounding used Seagate hard drives has significantly widened, with fraudsters now targeting the company’s IronWolf and IronWolf Pro NAS drives alongside the previously affected Exos server-grade HDDs.
According to recent investigations, fraudsters have developed more sophisticated methods to manipulate used drives to make them appear new, making detection increasingly challenging for buyers.
Initially limited to server-grade drives, the scandal now encompasses 8TB and 16TB NAS drives from Seagate’s IronWolf series. Unlike earlier cases where criminals simply erased SMART data and repackaged drives, the latest fraud features modified serial numbers, manipulated warranty periods, and convincing production date labels.
“Now drives are appearing that look new even at second glance,” reported Heise. “The production date on the sticker is quite recent, the SMART values are fresh, and a warranty query shows a remaining warranty period until 2029.”
However, forensic analysis using Field Accessible Reliability Metrics (FARM) values reveals these drives have logged thousands of operational hours, despite their apparently pristine condition, the report added.
Advanced counterfeiting techniques
The fraudsters have refined their techniques to include serial number manipulation, reusing numbers from genuine Seagate drives still under warranty. This sophisticated approach allows the counterfeit drives to temporarily pass online warranty verification.
Physical examination of these units has revealed subtle signs of previous use, including minor dents in the housing, worn SATA connectors, and misaligned stickers — details that might escape casual inspection.
Seagate has confirmed at least one instance of fraudulent resale following a customer support inquiry, the report said. In a notable case, the company declined to provide warranty service in Europe for a drive whose serial number was already registered to a US customer, confirming suspicions about serial number reuse across regions.
Serial number manipulation: a new layer of deception
In a troubling development, investigators reported that fraudsters are now modifying HDD serial numbers to further legitimize used products. They appear to be reusing genuine serial numbers from authentic Seagate drives still under warranty. This method allows the altered drives to pass online warranty checks — at least initially.
However, this approach carries inherent risks for the fraudsters: If the same serial number is used multiple times, Seagate will likely detect duplicate warranty claims and take corrective action.
Seagate’s standard policy grants a five-year warranty on retail versions of IronWolf Pro drives. Normally, the company accounts for the time required for distribution and grants slightly more than five years from the production date.
“But in the case of counterfeit drives, the warranty exactly matches five years from the printed production date, raising further suspicion,” the report added.
Seagate did not respond to a request for comment.
Industry-wide implications
Industry experts believe the problem may extend beyond Seagate and the scale of the fraudulent HDD market is significant.
“We have no evidence right now, but I believe there must be cases because Seagate is not alone in the storage world,” Luis Labs, who authored the investigation report, told Network World. “An estimated one million hard drives have recently been removed from the Chia network. Seagate’s 40% market share suggests around 400,000 Seagate drives may now be circulating in secondary markets. Similarly, we can expect approximately 400,000 Western Digital drives and 200,000 Toshiba drives to have entered the same channels.”
The surge of used hard drives in the secondary market can be traced back to cryptocurrency mining operations, particularly those that mined Chia. As the profitability of Chia mining declines, these drives — many of which have undergone heavy use — are being offloaded into the market, some of them deceptively repackaged as new.
The scale of this fraud has significant implications for enterprise storage buyers, particularly data centers relying on high-capacity drives for critical operations.
Protecting against fraud
Security experts recommend purchasing only from authorized retailers, preferably within one’s own country, and verifying warranty status directly through manufacturer websites.
“Thorough physical inspections upon receipt and validation using smartmontools and FARM values are essential steps,” Labs pointed out.
Labs also warned against unusually low prices, particularly from unfamiliar online sellers.
The scandal raises questions about the manufacturer’s responsibility in preventing such fraud. “They have to protect their HDDs better against fraudsters,” Labs argued. “Why can anyone with a simple program delete the SMART data? A unique feature on each individual hard drive could help trace their journey.”
He further suggested that Seagate, Toshiba, and Western Digital should provide customers with better tools to verify the authenticity of their purchases.
The role of law enforcement in tackling such fraud remains a question.
“I assume that Seagate is already cooperating with the relevant authorities,” Labs said. “The question is also who has suffered a loss here. If the end customers can return their hard drives and get their money back, then there is hardly any damage to them. The dealers, however, would have to indemnify their suppliers, and if that works, then there is hardly any damage there either. Seagate has certainly suffered the most damage: they can simply sell fewer drives at the moment. In principle, however, all those affected could press charges.”
Looking ahead
While the immediate financial impact on users may be limited due to return policies, Seagate faces significant challenges. The company must balance its technological advancement with addressing security vulnerabilities in its products while maintaining customer trust.
Seagate has established a fraud response team and encourages customers to report suspicious drives. The company is presumably working with law enforcement, though the international nature of the fraud complicates prosecution efforts.
As the investigation continues, this case highlights the critical need for stronger supply chain security and authentication mechanisms in the hardware industry. With storage technologies advancing and prices for high-capacity drives remaining significant, the incentive for sophisticated counterfeiting operations shows no signs of diminishing.
Source:: Network World