"End-to-end fraud" with hard drives: Seagate finds counterfeit workshop in Asia

Contents

Hundreds of readers contacted us at the beginning of the year to alert us to a scam that had been perpetrated on them: They had paid for new hard disks but received used drives. Most of the victims were from German-speaking countries, but we also received reports from far-away countries such as Australia and the USA.

According to our research, the used drives probably came from China and were used there as storage for the cryptocurrency Chia. Once mining this currency was no longer profitable, they were sold again –, which is of course legal in principle. It became fraudulent because the so-called SMART values for analyzing the hard drives were deleted and the models were then reintroduced into the retail distribution chain as new. The fraud only came to light because Seagate hard disks store other operating data in addition to the SMART values that cannot be easily deleted. To illustrate the extent of the fraud: we estimate that around one million drives were removed from the Chia network – how many of these have now been resold as new remains unclear.

As usual, the drives reached end customers via retailers who were probably happy about the low purchase prices; both large German online retailers and small eBay stores were affected. We assume that most of these dealers were unaware, at least initially, that they were defrauding their customers. Most of the defrauded customers were then able to return their drives.

Strike against counterfeiters

Seagate, of course, also investigated and is now sharing its initial findings. As Seagate has now informed us, members of the Seagate security team from Singapore and Malaysia, together with officials from the Malaysian Ministry of Domestic Trade, unearthed a first counterfeiting workshop in a cramped storage room outside Kuala Lumpur back in May. According to the company, this counterfeiting workshop was taking in thousands of US dollars every month.

During the raid, almost 700 Seagate internal hard disks of various models and with a capacity of up to 18 TByte were confiscated. The investigators also found drives from Western Digital and Toshiba. As we suspected earlier, drives from these companies were probably also affected by the fraud. The special thing was that not only the counterfeiting was done in the workshop but also online sales, logistics, and order processing—an “end-to-end fraud,” as Roy Khuan, Seagate's Senior Manager for Security, calls it.

The fraudsters sold the counterfeit drives online via Shopee and Lazada, two of the largest e-commerce platforms in Southeast Asia. A Malaysian sales manager noticed the unusually low prices for these high-capacity drives and alerted Seagate's security department.

After purchasing a drive and verifying that it was counterfeit, Seagate notified local law enforcement. “We conducted company audits and on-site investigations to determine the location of the warehouse,” Khuan explains.

Cooperation between Seagate and investigating authorities

Members of Seagate's security team then assisted officers on site with the investigation. They found six men in the warehouse who also gave the investigators information about their work. The officers also recorded the customer orders on video. The workers not only reset the SMART values of the drives, but also cleaned, relabeled and repackaged them before shipping them to the local e-commerce platforms.

The investigation also revealed that many of the drives had been illegally upgraded: For example, a used desktop hard disk was turned into a more expensive drive for surveillance systems. Based on the evidence found, Seagate suspects that the drives originate from China, which corroborates our research.

Criminal syndicates

According to Seagate's Vice President for Global Trust and Security, John Abrenilla, such fraud is taking place in all major marketplaces. Seagate is now assisting the Malaysian authorities in tracing the sources of the drives and identifying individuals responsible for this illegal operation. The apprehended workers are likely small fry who were paid a meager hourly wage for their labor.

Seagate's security team had initially kept a low profile during the raid, as instructed by officials. The top priority was the safety of the team. “We really didn't know what to expect when we went through those doors,” says Khuan, “many of the criminal operations in this area are run by syndicates.”

Seagate strengthens partner program

Seagate wants to avoid similar cases of fraud in the future and has strengthened its partner program to this end. Official Seagate partners will be contractually obligated to purchase and resell Seagate hard drives exclusively from authorized Seagate distributors. In this way, Seagate wants to ensure that official Seagate partners only resell new, original Seagate hard disks to end customers.

The revised partner program also requires Global Trade Screening (GTS). The manufacturer wants to prevent cooperation with fraudulent suppliers who are on the GTS sanctions list and even with those who are unknowingly involved in the trade in counterfeits.

Further cases likely

In recent months, we have only received a few more emails with information about this fraud. However, we doubt that the criminal swamp has been drained with the unearthing of this one workshop.

With the discovery of used hard disks from Toshiba and Western Digital, it is now clear that drives from these two manufacturers are also affected. Anything else would have surprised us. However, the fraud is more difficult to prove with these drives because, unlike the Seagate drives, they do not store non-erasable operating data.

Many retailers are now likely to have become more cautious when purchasing, so that at least buying from large online retailers in Germany and neighboring countries should be quite low-risk. However, we still advise you to compare several offers before making a purchase. If one of them is very far below the others and the retailer is unknown, it is better to steer clear: If something sounds too good, it usually is.

Empfohlener redaktioneller Inhalt

Mit Ihrer Zustimmung wird hier ein externer Preisvergleich (heise Preisvergleich) geladen.

Preisvergleiche immer laden Preisvergleich jetzt laden

Ich bin damit einverstanden, dass mir externe Inhalte angezeigt werden. Damit können personenbezogene Daten an Drittplattformen (heise Preisvergleich) übermittelt werden. Mehr dazu in unserer Datenschutzerklärung.

(ll)