The National Security Agency knows how to plant secret snooping software into hard drives manufactured by Western Digital, Seagate, Toshiba, and others, giving the US initiative a means to spy on computers all around the globe, according to security researchers and former cyber espionage operatives.
The ability to hide the software deep in hard drives is just one of many different spying programs found by Russian security firm Kaspersky Lab, which declined to comment on the perpetrator’s origin. However, Kaspersky did say that the spying program is closely linked to Stuxnet, an NSA-created worm which attacked a nuclear plant in Iran.
But a former NSA employee told Reuters news agency that Kaspserky has hit the nail on the head, with other former secret operative confirming that the NSA was indeed behind the scheme to hide spyware in hard drives.
Kaspersky is calling the group of spying programs The Equation Group, and said that it is “a threat actor that surpasses anything known in terms of complexity and sophistication of techniques, and that has been active for almost two decades”.
PCs in 30 countries were found to be infected by at least one of the spying programs in The Equation Group, with most infections founds in Iran. This was followed by Russia, Pakistan, and China. Most of the targets included governmental and military institutions, as well as telcos, banks, and Islamic activists.
Kaspersky said: “There are solid links indicating that The Equation group has interacted with other powerful groups, such as the Stuxnet and Flame operators – generally from a position of superiority. The Equation group had access to zero-days before they were used by Stuxnet and Flame, and at some point they shared exploits with others.”
Hard drives from vendors such as IBM, Samung, and Maxtor were also found to be compromised, and the revelations could chill relations between the West and the victims, relations already marred by the Snowden leaks.
Kaspersky said that by reprogramming the hard drive firmware, the spying software lays untouched by any disk formatting or OS reinstallation.
“Another dangerous thing is that once the hard drive gets infected with this malicious payload, it is impossible to scan its firmware. To put it simply: for most hard drives there are functions to write into the hardware firmware area, but there are no functions to read it back. It means that
The program also gave the perpetrators the ability to create an invisible, persistent area hidden inside the hard drive. This is used to save exfiltrated information which can be later retrieved by the attackers.
Kaspersky said that the method of spying was a “technological breakthrough” because the perpetrators figured out “how to lodge malicious software in the obscure code called firmware that launches every time a computer is turned on”.
“Disk drive firmware is viewed by spies and cybersecurity experts as the second-most valuable real estate on a PC for a hacker, second only to the BIOS code invoked automatically as a computer boots up,” said that Russian firm.
How much do you know about hacking and viruses? Take our quiz here!
Tesla shareholders to be asked to reinstate Elon Musk's $56 billion pay package, days after…
Catching WhatsApp? Billionaire founder of Telegram claims encrypted platform will reach one billion users within…
Good news for Mark Zuckerberg as judge dismisses some claims in dozens of lawsuits alleging…
Consequences of Assembly Bill 886. Google begins removing California news websites from some search results
CEO Tim Cook during visit to Jakarta says Apple will look into building a manufacturing…
Introduction of digital services tax on tech firms will begin in 2024 Canadian government confirms,…