Kaspersky Lab uncovers a suite of surveillance platforms that hide in hard drive firmware

By Shawn Knight
Feb 16, 2015
Post New Reply
  1. Security researchers at Kaspersky Lab have unearthed a suite of surveillance platforms that can hide within the firmware of hard drives from more than a dozen manufacturers. The attackers, which Kaspersky is calling the Equation Group due to their complex...

    Read more
  2. How to detect?
  3. VitalyT

    VitalyT Russ-Puss Posts: 3,115   +1,379

    NSA is pretty much the same in all languages...

    Netzwerk von Schlecht Arschlöcher

    sorry, if my German isn't good.
  4. davislane1

    davislane1 TS Evangelist Posts: 3,391   +2,175

    The alarming thing about this news isn't that the NSA has been up to shenanigans. It is the fact that 90% or more of readers will be utterly unsurprised by the headline.
  5. Seventh Reign

    Seventh Reign TS Booster Posts: 131   +65

    I believe you grossly overestimate the intelligence of your average internet user. Remember these are the same people who STILL fall for the African Prince scam .. every .. single .. day.

    Unless it was a typo and you meant that 90% of users WOULD be surprised. That sounds much much more realistic.
    SalaSSin likes this.
  6. So how do you fix it? Install clean firmware?
  7. tonylukac

    tonylukac TS Evangelist Posts: 1,293   +55

    No wonder the seagate drive I built my machine with had that firmware problem. Seagate had a fix for the physical error it it had. A toshiba drive had the same error with no fix.,
  8. amstech

    amstech TechSpot Enthusiast Posts: 1,441   +594

    Uncle Sam has been pulling this $hit for 10 years.
    Nothing and I mean NOTHING you have is secure.
    Not on your PC and CERTAINLY not on your phone.
  9. Night Hacker

    Night Hacker TS Enthusiast Posts: 125   +20

    Expect things to get worse in the years to come.
    Auth3ntic0 likes this.
  10. davislane1

    davislane1 TS Evangelist Posts: 3,391   +2,175

    I was saving my "people are generally dim" post for the inevitable net neutrality pass vote story.

    Also, it is worth noting that not all of the Nigerian princes are frauds. I am expecting a deposit in my account sometime later this week, in fact. Nasim "Big Money" Gachanumba seems like a pretty decent guy. A bit trusting (probably how he was betrayed), but nice.
    mosu, trgz, noel24 and 3 others like this.
  11. So how to view the data on the disk by the spy agency that went all the way to implement it?

    They need to have some way through windows... how to view large sets of data in GBs without giving themselves out (streaming large files show in data usage)? What if the drive data is encrypted? what if someone uses Linex or Tails?

    There are too many variables yet after all what we learned about spy agencies I can't refute Kaspersky's find.
    Auth3ntic0 likes this.
  12. Kibaruk

    Kibaruk TechSpot Paladin Posts: 2,433   +473

    Hi techspot, thanks for fueling the conspiracy aspirations of users.

    Someone who doesn't care.

    PS: Because really, if the "NSA" or whomever is behind it, will get it one way, or the other, I'm gonna find you, I'm gonna get...
    PS2: Unless there is a patch or a way to reflash the drive's firmware.
  13. stewi0001

    stewi0001 TS Evangelist Posts: 1,148   +488

    no one has played PS or PS2 in quite a while. let us know when you get to PS4 ;P
  14. Kibaruk

    Kibaruk TechSpot Paladin Posts: 2,433   +473

    Mmm I can try?

    PS: Maybe I shouldn't.
    stewi0001 likes this.
  15. This firmware intrusion can of course be used to reserve certain disk areas for their own malware programs that can be run but not detected or deleted by other antivirus / antimalware programs. Vast amount of disk drives can be knocked out via simple virus programs spread to keyed in specific countries, areas or companies. Today the 21'century Internet media winter is up to debate, as we continue to replace all physical media (papers, books, contracts...) onto digital media located in vast Internet server plants.
  16. Peter Farkas

    Peter Farkas TS Addict Posts: 214   +67

    Do we know if modern SSDs are affected as well?
  17. Jad Chaar

    Jad Chaar TS Evangelist Posts: 6,477   +965

    If the NSA is in fact behind this, I would not be surprised one bit. They need an indestructible method of surveillance that someone cannot just erase by reformatting.
  18. Unfortunatelly this "news" came from a Russian company and like spread some propaganda to the world.
    Still nobody will proof that without source code of that disk firmware.
    So take this "news" with orange juice and let it go.
  19. I trust, and .etc. more than the crap outlets like Fox, CNN and NBC for example.

    When it comes to finding flaws/loopholes developed by NSA, CIA, Mossad or whatever, lots of knowledgeable and highly experienced people still don't know what to look for in the source code when it relates to things like surveillance tech . After all, the intelligence agencies often have the best breed of brains around!
  20. This sounds like a load of bull.
    What does this malware/worm do?
    How does it run? It doesn't load & run in your windows.
    More info needed...
    infiltrator likes this.
  21. infiltrator

    infiltrator TS Booster Posts: 140   +21

    I couldn't agree more, but you have to realize that, we are leaving in a digital world where anything is possible. Take for instance, the TOR network and how the NSA managed to infiltrate into it.

    What does this malware/worm do?

    It spies on the user, by recording and sending out bits of information to NSA servers.
    Now, I don't know what information it could potentially be sending out.
    But it could be on anything that could be used against you, if you are/were to commit a crime.

    How does it run? It doesn't load & run in your windows.

    That's a good question?

    It could be using a customized emulator to run, or a even when Windows itself is running. But to remain undetected, it could be using a specially customized rootkit program, that no AV is able to detect it.

    I am just throwing around some ideas.
  22. DaBandit

    DaBandit TS Member

    Can't be our Govt., N.o S.uch A.gency...
  23. JackB

    JackB TS Rookie

    Lol.. Don't believe it.
  24. BadThad

    BadThad TS Enthusiast Posts: 58   +26

    It could also use Windows Powershell like Poweliks.....undetectable.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...