My guess would be that it’s stored in some kind of non-volatile memory, i.e. EEPROM. Not sure if anyone ever tried that, but with the dedication of some hardware hackers that seems at least feasible. Reverse engineering / overriding the HDD’s firmware would be another approach to return fake or manipulated values.
I haven’t seen something like that in the wild so far. What I have seen are manipulated USB sticks though: advertising the wrong size (could be tested with h2testw) or worse.