New research from Russian researchers at the Kaspersky Lab reveals that the someone — most likely the NSA — has developed spying software that can be hidden deep with hard drives. Known to work with hardware made by Western Digital, Seagate, Toshiba and more, it’s said to provide the agency with the means to eavesdrop “on the majority of the world’s computers”.
Kapersky Lab has in fact found a series of different backdoors, reports Reuters. It’s found such software on computers in over 30 countries around the world, including Iran, Russia, Pakistan, Afghanistan, China, Mali, Syria, Yemen and Algeria. The targets of the backdoors frequently included government and military institutions, telecom companies, banks, energy companies, nuclear researchers, media and Islamic activists.
While Kapersky Lab didn’t actually name the NSA as being behind the software, it did say it was linked to origins of Stuxnet — which was developed by the NSA. Also, a former NSA employee has “confirmed that the NSA had developed the prized technique of concealing spyware in hard drives, but said he did not know which spy efforts relied on it,” according to Reuters. Kapersky has, however, dubbed the the authors of the backdoors “the Equation group” — seemingly after their love of encryption formulae.
The backdoors place malicious software in the firmware of hard drives, launching it every time a computer boots. Kapersky claims the software “made a technological breakthrough” in the way it was placed there, allowing it to “infect the computer over and over.” Apparently that would have required access to the proprietary source code that controls the hard drives, something that wouldn’t be possible with publicly available data.
It’s not entirely clear how the NSA would have obtained that data — though an ex-employee has explained to Reuters that the Agency sometimes poses as a harmless Pentagon customer that merely needs to check software is secure in order to lay its hands on code. Either way, reconstructions of the software made by Kapersky show that it could work on disk drives made by Western Digital, Seagate Technology, Toshiba, IBM, Micron Technology and Samsung Electronics.
Kaspersky has now published the technical details of its research, in the hope that institutions affected by the spying will be able to detect software on their networks. They should certainly try — some of the spying conducted using the techniques apparently dates back to 2001. While the backdoors could have granted remote access to computers around the world, Kapersky explains that it believes the spies were highly selective and “only established full remote control over machines belonging to the most desirable foreign targets.”
Which is perhaps reassuring for you and I — but, int the end, the story is just another stark reminder of how deep the NSA’s tentacles stretch. [Reuters]