General Discussion
Related: Editorials & Other Articles, Issue Forums, Alliance Forums, Region ForumsSomeone (Probably The NSA) Has Been Hiding Viruses In Hard Drive Firmware
The NSA may be hiding payloads in the firmware of consumer hard drives, according to a new report from Kaspersky Lab.
The report tracks a group that researchers have dubbed "Equation," which uses previously undiscovered methods to plant targeted malware in hard drive firmware, where it is difficult to detect or remove. The report found exploits for hard drives made by many of the largest brands in the industry, including Samsung, Western Digital, Seagate, Maxtor, Toshiba and Hitachi. The group is closely tied to Stuxnet, using many overlapping vulnerabilities and techniques over the same time period, and those similarities combined with previously published NSA hard drive exploits have led many to speculate that Encounter may be part of the NSA.
If true, the program would give the NSA unprecedented access to the world's computers, even when disconnected from the larger web. Viruses stored on a hard drive's firmware are typically activated as soon as a device is plugged in, with no further action required. They're also usually undetectable and survive reformatting, making them difficult to detect and remove. In July, independent researchers discovered a similar exploit targeting USB firmware dubbed BadUSB but there was no indication of the bugs being developed and deployed at this scale.
It also raises real questions about device manufacturer's complicity in the program. It would take extensive and sustained reverse engineering to successfully rewrite a device's firmware. The NSA would certainly be capable of it, but it's also possible the NSA compelled companies to hand over the firmware code or intercepted it through other means. Reached by Reuters, only Western Digital actively denied sharing source code with the NSA; the other companies declined to comment.
http://www.malaysiandigest.com/technology/542226-someone-probably-the-nsa-has-been-hiding-viruses-in-hard-drive-firmware.html
Tierra_y_Libertad
(50,414 posts)Feb 16 (Reuters) - The U.S. National Security Agency has figured out how to hide spying software deep within hard drives made by Western Digital, Seagate, Toshiba and other top manufacturers, giving the agency the means to eavesdrop on the majority of the world's computers, according to cyber researchers and former operatives.
That long-sought and closely guarded ability was part of a cluster of spying programs discovered by Kaspersky Lab, the Moscow-based security software maker that has exposed a series of Western cyberespionage operations.
Kaspersky said it found personal computers in 30 countries infected with one or more of the spying programs, with the most infections seen in Iran, followed by Russia, Pakistan, Afghanistan, China, Mali, Syria, Yemen and Algeria. The targets included government and military institutions, telecommunication companies, banks, energy companies, nuclear researchers, media, and Islamic activists, Kaspersky said. (reut.rs/1L5knm0)
The firm declined to publicly name the country behind the spying campaign, but said it was closely linked to Stuxnet, the NSA-led cyberweapon that was used to attack Iran's uranium enrichment facility. The NSA is the U.S. agency responsible for gathering electronic intelligence.
A former NSA employee told Reuters that Kaspersky's analysis was correct, and that people still in the spy agency valued these espionage programs as highly as Stuxnet. Another former intelligence operative confirmed that the NSA had developed the prized technique of concealing spyware in hard drives, but said he did not know which spy efforts relied on it.
dgibby
(9,474 posts)I just ordered a Western Digital external hardrive for my genealogy programs. On a positive note, whoever's spying on that is going to be bored to tears (except for all the black sheep in the family).
woo me with science
(32,139 posts)Nothing is more important than wresting our nation from these fascists.
Blue_Tires
(55,445 posts)And a these coincidences are unconnected?
I'll just leave this here: http://www.wired.com/2012/07/ff_kaspersky/all/