NSA Spying Goes Deeper, to Hard Drive Firmware
Reuters is reporting on a chilling, recent discovery by Russian cyber-security firm Kaspersky Labs that spy agencies have reached a milestone in the ability to spy on PCs. In examining computers from Iran, Russia, China, and others, the company discovered that the Stuxnet-like malware was embedded deeper than ever before, in the firmware of the hard drives. Firmware is the base software hard coded in order to facilitate input/output operations.
Re-Install The Operating System All You Want
An infection this deep means that the malware can re-install itself anytime it is thwarted, even if the very operating system were wiped and replaced. It is likely the last place a security researcher would look for an infection unless tipped off. The firmware is separate from everything else on the hard drive, so no matter how many times the hard drive is zeroed out, the infection can keep happening again and again until the hard drive is replaced.
Kaspersky Labs declined to say which country or spy agency they thought was responsible for the infections it found in its clients’ computers, but it hinted that the software was related to the Stuxnet attacks leveraged against Iran by British and American cyberspies a few years ago.
Interestingly, Kaspersky says that in order to write this malware effectively, whoever is responsible must have had access to the source code of the firmware. The company said it had found the malware to be functional on at least a dozen brands of hard drive, including all the major ones. None of the companies named in Reuter’s report was willing to provide comment, which could be taken by some as an admission of complicity. Only Western Digital took the opportunity to deny that it had ever provided source code to the government.
Last spring, Edward Snowden revealed that the NSA had installed backdoors in CISCO networking hardware destined for foreign markets. While there are a number of ways the NSA could have obtained the firmware source code to the hard drives – including by posing as software developers or demanding it when the companies wanted to contract with the government – it is not a stretch to believe that these companies actively co-operated in the tainting of their hardware bound for certain destinations.
The Equation Group
Kaspersky Labs is calling the group of NSA spies responsible for this software, Stuxnet, and other major accomplishments (in their eyes) the Equation Group, in reference to their use of encryption technologies. Composing the group are the highest talents in the cyber-security industry, legally achieving the same ends as their outlaw counterparts with greater success rates.
Images from Shutterstock.