DIY Photography

Your one stop shop for everything photo-video

  • News
  • Inspiration
  • Reviews
  • Tutorials
  • DIY
  • Gear
Search

Submit A Story

NSA Uses Hidden Software In Hard Drives for International Cyber-Espionage

Feb 18, 2015 by Liron Samuels 8 Comments

  • Share
  • Tweet
  • Flipboard
  • WhatsApp

NSA HDDs

Earlier today it was revealed by Kaspersky, a leading software security group, that the NSA has been using leading brand hard drives to spy on targets worldwide. In fact, they have been doing so since 2001.

While you most likely use a hard drive manufactured by one of the companies involved, chances are that you haven’t been a victim. Not that you’ve got any way of knowing…

Infected computers were found in over 30 countries, including Iran, Russia, Pakistan and China.

If you think this sounds like something out of the latest James Bond movie, wait till you see how Kaspersky themselves describe this matter:

“For several years, Kaspersky Lab’s Global Research and Analysis Team (GReAT) has been closely monitoring more than 60 advanced threat actors responsible for cyber-attacks worldwide. The team has seen nearly everything, with attacks becoming increasingly complex as more nation-states got involved and tried to arm themselves with the most advanced tools. However, only now Kaspersky Lab’s experts can confirm they have discovered a threat actor that surpasses anything known in terms of complexity and sophistication of techniques, and that has been active for almost two decades – The Equation Group.”

You will notice that Kaspersky did not point a direct finger at the U.S. National Security Agency, but they made it very clear to who they are referring when they say “Equation Group”:

“There are solid links indicating that the Equation group has interacted with other powerful groups, such as the Stuxnet and Flame operators – generally from a position of superiority. The Equation group had access to zero-days before they were used by Stuxnet and Flame, and at some point they shared exploits with others”.

This was enough for Reuters to assign the actions of the Equation Group to the NSA. As you may remember, the NSA was accused of infecting Iran’s uranium enrichment facility with the Stuxnet virus. Additionally, Reuters received further confirmation regarding the NSA’s latest spy plot to be revealed from a former NSA employee and mentioned that a “former intelligence operative confirmed that the NSA had developed the prized technique of concealing spyware in hard drives”.

The NSA is said to use hard drives manufactured by over a dozen companies, some of which have been mentioned by name: Western Digital, Seagate, Toshiba, IBM, Micron and Samsung.

Kaspersky recovered a couple of modules allowing the reprogramming of the hard drives’ firmware, but it’s Director of Global Research and Analysis Team, Costin Raiu said that the spyware could not have been created without having access to the infected hard drives’ source code.

“There is zero chance that someone could rewrite the [hard drive] operating system using public information,” Raiu told Reauters.

The question is whether the NSA was given access to the source codes or if they had granted themselves access.

Western Digital’s Media Relations Director, teve Shattuck, issued the following statement:

“Prior to the report, we had no knowledge of the described cyber-espionage program. We take such threats very seriously. The integrity of our products and the security of our customers’ data are of paramount importance to us”.

He added that Western Digital “has not provided its source code to government agencies”.

Seagate spokesperson, Clive Over, said that “secure measures to prevent tampering or reverse engineering of its firmware and other technologies”.

Daniel Francisco of Micron stated that “we are not aware of any instances of foreign code”.

Toshiba and Samsung declined to comment on this matter, while IBM did not respond to requests for comment.

Reuters states that according to former intelligence operatives, one of the NSA’a various methods of obtaining source codes from tech companies is to simply ask to see it.

Apparently the government will sometime request to conduct a security audit to a company’s source code if the company is interested in selling its product to sensitive U.S. agencies.

“They don’t admit it, but they do say, ‘We’re going to do an evaluation, we need the source code,‘” said a former NSA analyst. “It’s usually the NSA doing the evaluation, and it’s a pretty small leap to say they’re going to keep that source code“.

However the NSA obtained the source codes, using drives by the above companies obviously gave the NSA the ability to control and eavesdrop on the vast majority of the world’s computers. That being said, Kaspersky reported that there were only thousands or maybe tens of thousands of infected computers worldwide.

Reuters stated that according to Raiu “the spies were selective and only established full remote control over machines belonging to the most desirable foreign targets” and that “Kaspersky found only a few especially high-value computers with the hard-drive infections”.

If that doesn’t put your mind at ease and you’re still worried that the NSA used your hard drive to steal your photos, you should know that Kaspersky reports that the infected computers were found in the following sectors: Government and diplomatic institutions, Telecommunications, Aerospace, Energy, Nuclear research, Oil and Gas, Military, Nanotechnology, Islamic activists and scholars, Mass media, Transportation, Financial institutions and companies developing encryption technologies.

A full breakdown of the countries and sectors in which the infected computers were found can be seen in the following image (click to enlarge):

Infection Map

Source: Kaspersky Lab

 

This could be a major blow to the NSA’s efforts as Kaspersky mentions that the spyware which was described as “very complicated and expensive to develop” and “outstandingly professional” is “perhaps the most powerful tool in the Equation group’s arsenal and the first known malware capable of infecting the hard drives”.

CNET had sent the NSA a request for comment and received the following statement:

“We are aware of the recently released report. We are not going to comment publicly on any allegations that the report raises, or discuss any details. On January 17, 2014, the President gave a detailed address about our signals intelligence activities, and he also issued Presidential Policy Directive 28 (PPD-28). As we have affirmed publicly many times, we continue to abide by the commitments made in the President’s speech and PPD-28. The U.S. Government calls on our intelligence agencies to protect the United States, its citizens, and its allies from a wide array of serious threats – including terrorist plots from al-Qaeda, ISIL, and others; the proliferation of weapons of mass destruction; foreign aggression against ourselves and our allies; and international criminal organizations”.

It will be interesting to see how the exposure of the HDD spyware will affect manufacturers, as American companies have already seen a drop in international business due to previous spy-related events.

[via Business Insider | Lead Image based on a photo by Justin]

FIND THIS INTERESTING? SHARE IT WITH YOUR FRIENDS!

  • Share
  • Tweet
  • Flipboard
  • WhatsApp

Related posts:

US Army ends DJI drone usage over “cyber vulnerabilities” Photoshop plugin veterans Alien Skin Software is changing its name to Exposure Software The Best Black Friday/Cyber Monday Deals (Updated Regularly) Black Friday and Cyber Monday Photography Deals Round-Up

Filed Under: news Tagged With: hard drive, IBM, Micron, nsa, Samsung, Seagate, Spyware, Toshiba, Western Digital

Liron Samuels: from diyphotography.net

About Liron Samuels

Liron Samuels is a wildlife and commercial photographer based in Israel.

When he isn't waking up at 4am to take photos of nature, he stays awake until 4am taking photos of the night skies or time lapses.

You can see more of his work on his website or follow him on Facebook.

« The First Nikon 4K Camera Rumored To Be Coming
Faceless Portraits Of 4th Graders Offers Telling Look At Family Life For Children Around The World »

Submit A Story

Get our FREE Lighting Book

DIYP lighting book cover

* download requires newsletter signup
DIYPhotography

Recent Comments

Free Resources

Advanced lighting book

Recent Posts

  • Irix announces native E mount versions of its 15mm f/2.4 and 150mm macro lenses
  • SheClicks launches brand new Women in Photography podcast
  • Expert advice for photographers: How to use Google Search Console
  • It’s time to dump Drobo as parent company goes into liquidation
  • Add ‘excitement’ to every shoot with StockCam’s gun-like camera accessory

Udi Tirosh: from diyphotography.netUdi Tirosh is an entrepreneur, photography inventor, journalist, educator, and writer based in Israel. With over 25 years of experience in the photo-video industry, Udi has built and sold several photography-related brands. Udi has a double degree in mass media communications and computer science.

Alex Baker: from diyphotography.netAlex Baker is a portrait and lifestyle driven photographer based in Valencia, Spain. She works on a range of projects from commercial to fine art and has had work featured in publications such as The Daily Mail, Conde Nast Traveller and El Mundo, and has exhibited work across Europe

David Williams: from diyphotography.netDave Williams is an accomplished travel photographer, writer, and best-selling author from the UK. He is also a photography educator and published Aurora expert. Dave has traveled extensively in recent years, capturing stunning images from around the world in a modified van. His work has been featured in various publications and he has worked with notable brands such as Skoda, EE, Boeing, Huawei, Microsoft, BMW, Conde Nast, Electronic Arts, Discovery, BBC, The Guardian, ESPN, NBC, and many others.

John Aldred: from diyphotography.netJohn Aldred is a photographer with over 20 years of experience in the portrait and commercial worlds. He is based in Scotland and has been an early adopter - and occasional beta tester - of almost every digital imaging technology in that time. As well as his creative visual work, John uses 3D printing, electronics and programming to create his own photography and filmmaking tools and consults for a number of brands across the industry.

Dunja Djudjic: from diyphotography.netDunja Djudjic is a multi-talented artist based in Novi Sad, Serbia. With 15 years of experience as a photographer, she specializes in capturing the beauty of nature, travel, and fine art. In addition to her photography, Dunja also expresses her creativity through writing, embroidery, and jewelry making.

Copyright © DIYPhotography 2006 - 2023 | About | Contact | Advertise | Write for DIYP | Full Disclosure | Privacy Policy