Earlier today it was revealed by Kaspersky, a leading software security group, that the NSA has been using leading brand hard drives to spy on targets worldwide. In fact, they have been doing so since 2001.
While you most likely use a hard drive manufactured by one of the companies involved, chances are that you haven’t been a victim. Not that you’ve got any way of knowing…
Infected computers were found in over 30 countries, including Iran, Russia, Pakistan and China.
If you think this sounds like something out of the latest James Bond movie, wait till you see how Kaspersky themselves describe this matter:
“For several years, Kaspersky Lab’s Global Research and Analysis Team (GReAT) has been closely monitoring more than 60 advanced threat actors responsible for cyber-attacks worldwide. The team has seen nearly everything, with attacks becoming increasingly complex as more nation-states got involved and tried to arm themselves with the most advanced tools. However, only now Kaspersky Lab’s experts can confirm they have discovered a threat actor that surpasses anything known in terms of complexity and sophistication of techniques, and that has been active for almost two decades – The Equation Group.”
You will notice that Kaspersky did not point a direct finger at the U.S. National Security Agency, but they made it very clear to who they are referring when they say “Equation Group”:
“There are solid links indicating that the Equation group has interacted with other powerful groups, such as the Stuxnet and Flame operators – generally from a position of superiority. The Equation group had access to zero-days before they were used by Stuxnet and Flame, and at some point they shared exploits with others”.
This was enough for Reuters to assign the actions of the Equation Group to the NSA. As you may remember, the NSA was accused of infecting Iran’s uranium enrichment facility with the Stuxnet virus. Additionally, Reuters received further confirmation regarding the NSA’s latest spy plot to be revealed from a former NSA employee and mentioned that a “former intelligence operative confirmed that the NSA had developed the prized technique of concealing spyware in hard drives”.
The NSA is said to use hard drives manufactured by over a dozen companies, some of which have been mentioned by name: Western Digital, Seagate, Toshiba, IBM, Micron and Samsung.
Kaspersky recovered a couple of modules allowing the reprogramming of the hard drives’ firmware, but it’s Director of Global Research and Analysis Team, Costin Raiu said that the spyware could not have been created without having access to the infected hard drives’ source code.
“There is zero chance that someone could rewrite the [hard drive] operating system using public information,” Raiu told Reauters.
The question is whether the NSA was given access to the source codes or if they had granted themselves access.
Western Digital’s Media Relations Director, teve Shattuck, issued the following statement:
“Prior to the report, we had no knowledge of the described cyber-espionage program. We take such threats very seriously. The integrity of our products and the security of our customers’ data are of paramount importance to us”.
He added that Western Digital “has not provided its source code to government agencies”.
Seagate spokesperson, Clive Over, said that “secure measures to prevent tampering or reverse engineering of its firmware and other technologies”.
Daniel Francisco of Micron stated that “we are not aware of any instances of foreign code”.
Toshiba and Samsung declined to comment on this matter, while IBM did not respond to requests for comment.
Reuters states that according to former intelligence operatives, one of the NSA’a various methods of obtaining source codes from tech companies is to simply ask to see it.
Apparently the government will sometime request to conduct a security audit to a company’s source code if the company is interested in selling its product to sensitive U.S. agencies.
“They don’t admit it, but they do say, ‘We’re going to do an evaluation, we need the source code,‘” said a former NSA analyst. “It’s usually the NSA doing the evaluation, and it’s a pretty small leap to say they’re going to keep that source code“.
However the NSA obtained the source codes, using drives by the above companies obviously gave the NSA the ability to control and eavesdrop on the vast majority of the world’s computers. That being said, Kaspersky reported that there were only thousands or maybe tens of thousands of infected computers worldwide.
Reuters stated that according to Raiu “the spies were selective and only established full remote control over machines belonging to the most desirable foreign targets” and that “Kaspersky found only a few especially high-value computers with the hard-drive infections”.
If that doesn’t put your mind at ease and you’re still worried that the NSA used your hard drive to steal your photos, you should know that Kaspersky reports that the infected computers were found in the following sectors: Government and diplomatic institutions, Telecommunications, Aerospace, Energy, Nuclear research, Oil and Gas, Military, Nanotechnology, Islamic activists and scholars, Mass media, Transportation, Financial institutions and companies developing encryption technologies.
A full breakdown of the countries and sectors in which the infected computers were found can be seen in the following image (click to enlarge):
This could be a major blow to the NSA’s efforts as Kaspersky mentions that the spyware which was described as “very complicated and expensive to develop” and “outstandingly professional” is “perhaps the most powerful tool in the Equation group’s arsenal and the first known malware capable of infecting the hard drives”.
CNET had sent the NSA a request for comment and received the following statement:
“We are aware of the recently released report. We are not going to comment publicly on any allegations that the report raises, or discuss any details. On January 17, 2014, the President gave a detailed address about our signals intelligence activities, and he also issued Presidential Policy Directive 28 (PPD-28). As we have affirmed publicly many times, we continue to abide by the commitments made in the President’s speech and PPD-28. The U.S. Government calls on our intelligence agencies to protect the United States, its citizens, and its allies from a wide array of serious threats – including terrorist plots from al-Qaeda, ISIL, and others; the proliferation of weapons of mass destruction; foreign aggression against ourselves and our allies; and international criminal organizations”.
It will be interesting to see how the exposure of the HDD spyware will affect manufacturers, as American companies have already seen a drop in international business due to previous spy-related events.