[kozukumi]

Is there such a thing as a drive controller rootkit that can intercept/process data? Something that can understand common FS such as NTFS and they "lie" about what is really there? Perhaps inject additional executable data into an exe that is called? Could it break hardware encryption on the drives?

[frozenport]

Yes, indeed. This has been done as a proof of principle [1]. I don't think its being used in mainstream malware.

[1] http://spritesmods.com/?art=hddhack&page=5

[nitrogen]

I seem to remember Snowden docs indicating that the NSA had HDD firmware hacks in their toolkit, and that such hacks are an example of what they mean by "advanced persistent threat".

[frozenport]

Indeed, additionally I recall that the HP server's Iran used had some similar security issue on the RAID(?) controllers. But I hate to write stuff on HN without a source :-)