Security firm Kaspersky reveals malicious National Security Agency (NSA) malware hidden in drivers and firmware around the world. Read the summary here.
Kaspersky exposes NSA malware built into hard drives worldwide
Sitting on millions of hard drives across the globe lays a deep rooted NSA malware designed to spy on computer activity, which has also been noted to have done so for over a decade! The NSA is responsible for gathering electronic intelligence on behalf of the U.S. government.
The majority of brands such as Seagate, Toshiba, Western Digital and many others, have had the tampered firmware built into their hard drives, according to the security software giant Kaspersky.
As many as 30 countries around the globe have the spyware infection implanted on their personal computers. Prime targets have been found to be military and government bodies, banks, energy companies, telecommunication firms and many others.
Most of the targets are from countries such as Afghanistan, Algeria, China, Mali, Mexico, Pakistan, Russia, Syria and Yemen; however it has been picked up in other western countries such as the UK, and parts of Europe.
The party behind all of this has been branded with the name “The equation Group”, who cleverly gained access to the various different firmware’s source code and cracked complex encryption algorithms. They’ve used their highly skilled ability to infect and access very specific targets.
Kaspersky has not named the firm responsible for all the spying operations. It’s believed to be strongly related to the Stuxnet attack which was led by the NSA. Stuxnet was a campaign designed to attack the uranium enrichment facility in Iran.
The Factors behind the Malware’s success
- The malware, reported as a dll file, is able to resist computer reformats and hard disk wipes in a ploy to reinfect the host.
- Ironically, this has impressed Kaspersky Labs in the sense of a piece of hardware having the ability to cause re-infection to a pc. They described it as “ground-breaking technology”.
- The malware was coded into the hard drive’s firmware, which is the software that allows it (the hardware) to run. For instance, when a computer is switched on it’ll access the firmware to talk to hard drives and other system hardware.
- The hard disk’s firmware is a prime target for many hackers. However, if hackers could also access a computer’s BIOS, this would be everyone’s worst nightmare as it would infect the core of the computer. To understand how bad it would be, the BIOS is always accessed automatically by a PC upon it starting up.
- In the case of the dll file, a computer will end up getting re-infected as the firmware is needed to use the hard drives.
- The spy program could work on any hard disk currently sold on the market.
How did it get there in the first place?
It begs the question as to how such malware could have been embedded into the firmware of so many hard drives and to the majority of hard drive companies in the first place?
According to Kaspersky’s director, Costin Raiu, the makers of the spyware must have been able to have had access to the actual source code of each and every infected hard drive. The source code holds the structure, and when in the hands of a third party programmer, this can permit vulnerabilities to be identified and used to harbor malware within it and used for attack.
Raiu continued to add, that’s there’s little chance for the hard drive firmware to be rewritten by just anyone with the use of public information.
Most hard drive companies would not officially disclose whether or not they’ve allowed any such NSA agency officials to access the source code. However Western Digital, Seagate and Micron spokesmen have stated that they have not allowed their source code to be tampered with and take security very seriously.
Despite this, it is still possible for undercover NSA coders to have been employed by any given hard drive manufacturer over a decade ago or disguised as software developers to acquire the source code. It is also likely for hard disk code evaluations to have been requested on behalf of the Pentagon. All are theories of how social engineering could have been part of “the equation”.
This has now made many corporate giants, like Google and others in the US, rethink who could have attacked them back in 2009, which was originally pinned on China.
Evidence exists of hackers having reached the source code from various large American technology and defense corporations, according to reports from investigators.
For more ways to secure your data and systems, contact your local IT professionals.
