Now Reading
NSA Spying Goes Deeper, to Hard Drive Firmware

NSA Spying Goes Deeper, to Hard Drive Firmware

by P. H. MadoreFebruary 17, 2015

Reuters is reporting on a chilling, recent discovery by Russian cyber-security firm Kaspersky Labs that spy agencies have reached a milestone in the ability to spy on PCs. In examining computers from Iran, Russia, China, and others, the company discovered that the Stuxnet-like malware was embedded deeper than ever before, in the firmware of the hard drives. Firmware is the base software hard coded in order to facilitate input/output operations.

Re-Install The Operating System All You Want

fingerprintAn infection this deep means that the malware can re-install itself anytime it is thwarted, even if the very operating system were wiped and replaced. It is likely the last place a security researcher would look for an infection unless tipped off. The firmware is separate from everything else on the hard drive, so no matter how many times the hard drive is zeroed out, the infection can keep happening again and again until the hard drive is replaced.

Kaspersky Labs declined to say which country or spy agency they thought was responsible for the infections it found in its clients’ computers, but it hinted that the software was related to the Stuxnet attacks leveraged against Iran by British and American cyberspies a few years ago.

Interestingly, Kaspersky says that in order to write this malware effectively, whoever is responsible must have had access to the source code of the firmware. The company said it had found the malware to be functional on at least a dozen brands of hard drive, including all the major ones. None of the companies named in Reuter’s report was willing to provide comment, which could be taken by some as an admission of complicity. Only Western Digital took the opportunity to deny that it had ever provided source code to the government.

Tainted Hardware

Last spring, Edward Snowden revealed that the NSA had installed backdoors in CISCO networking hardware destined for foreign markets. While there are a number of ways the NSA could have obtained the firmware source code to the hard drives – including by posing as software developers or demanding it when the companies wanted to contract with the government – it is not a stretch to believe that these companies actively co-operated in the tainting of their hardware bound for certain destinations.

The Equation Group

Kaspersky Labs is calling the group of NSA spies responsible for this software, Stuxnet, and other major accomplishments (in their eyes) the Equation Group, in reference to their use of encryption technologies. Composing the group are the highest talents in the cyber-security industry, legally achieving the same ends as their outlaw counterparts with greater success rates.

Images from Shutterstock.

Advertised sites are not endorsed by us. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
What's your reaction?
Love it
Hate it
  • Canadian1969

    How to detect if your HDD firmware is compromised would have been a helpful aspect of this article.

    • P. H. Madore

      I agree.

      The problem is, this isn’t commonly available knowledge at present.

      Thanks to your comment, though, I’ll be obsessively researching this beginning now.

      • Canadian1969

        Seagate and WD drives can be firmware updated by the end user (to my knowledge), the solution may be a simple as re-flashing your drive after delivery (just to be safe). Doing this incorrectly will brick your drive so caution should be taken.

        • P. H. Madore

          Well, this presumes that the companies were not complicit, of course.

          However, I did discover this in my research:

          Perhaps, over time, a vendor will exploit this opportunity to write replacement firmware for hard drives.

          • Canadian1969

            Great find. Reminds me of TSOPing old Satellite receivers. HDD vendors need to release some tools to verify their BIOS code, or give the consumer a way to visually confirm the BIOS is in its factory state. Whether that means publishing CRC values for their BIOS’s or free utils (Like Intel and CPUID) I do not know. Having seen that you can load Linux on a HDD (and I do not mean in the traditional manner) and just how easily it was done I think the ball is in the manufacturers court now. If they are not complicit they should take the lead. I really liked the idea of hacking your HDD to make it unclonable. Cool.