Kaspersky Lab uncovers a suite of surveillance platforms that hide in hard drive firmware

Shawn Knight

Shawn Knight

Posts: 15,291   +192
Staff member

Security researchers at Kaspersky Lab have unearthed a suite of surveillance platforms that can hide within the firmware of hard drives from more than a dozen manufacturers. The attackers, which Kaspersky is calling the Equation Group due to their complex skill set, are the most advanced that the researchers have encountered to date.

The programs, some of which date back to 2001, appear to have been developed in succession with each new program being more sophisticated than the last according to Wired.

Personal computers in more than 30 different countries have been discovered to carry the infection, Kaspersky said.

nsa toshiba seagate western digital stuxnet spying surveillance hard drives edward snowden equation group

One of the worms uncovered has direct connections with Stuxnet and may have even been used as a test to help figure out the best route for the malware to reach systems involved in Iran’s nuclear program. Researchers didn’t name who they believe might be behind the attacks although there’s a good bit of circumstantial evidence that points to the NSA.

One component of the suite, GrayFish, is able to reflash the firmware on hard drives. Because it resides in the firmware, reformatting the drive doesn’t get rid of the infection. Key to being able to rewrite the firmware is having access to source code. If the NSA is indeed behind the attacks, getting source code wouldn’t present too much of an issue.

In addition to physically intercepting shipments (in this case, hard drives) and loading them with malware before repackaging and sending to targets, the NSA could have simply asked manufacturers for their source code (directly or indirectly) or posed as software developers. 

Permalink to story.

https://www.techspot.com/news/59768-kaspersky-lab-uncovers-suite-surveillance-platforms-hide-hard.html

 
NSA is pretty much the same in all languages...

Netzwerk von Schlecht Arschlöcher

sorry, if my German isn't good.
 
The alarming thing about this news isn't that the NSA has been up to shenanigans. It is the fact that 90% or more of readers will be utterly unsurprised by the headline.
 
davislane1 said:
The alarming thing about this news isn't that the NSA has been up to shenanigans. It is the fact that 90% or more of readers will be utterly unsurprised by the headline.
Click to expand...


I believe you grossly overestimate the intelligence of your average internet user. Remember these are the same people who STILL fall for the African Prince scam .. every .. single .. day.

Unless it was a typo and you meant that 90% of users WOULD be surprised. That sounds much much more realistic.
 
  • Like
Reactions: SalaSSin
No wonder the seagate drive I built my machine with had that firmware problem. Seagate had a fix for the physical error it it had. A toshiba drive had the same error with no fix.,
 
Uncle Sam has been pulling this $hit for 10 years.
Nothing and I mean NOTHING you have is secure.
Not on your PC and CERTAINLY not on your phone.
 
Seventh Reign said:
I believe you grossly overestimate the intelligence of your average internet user. Remember these are the same people who STILL fall for the African Prince scam .. every .. single .. day.

Unless it was a typo and you meant that 90% of users WOULD be surprised. That sounds much much more realistic.
Click to expand...

I was saving my "people are generally dim" post for the inevitable net neutrality pass vote story.

Also, it is worth noting that not all of the Nigerian princes are frauds. I am expecting a deposit in my account sometime later this week, in fact. Nasim "Big Money" Gachanumba seems like a pretty decent guy. A bit trusting (probably how he was betrayed), but nice.
 
  • Like
Reactions: captaincranky, mosu, trgz and 4 others
So how to view the data on the disk by the spy agency that went all the way to implement it?

They need to have some way through windows... how to view large sets of data in GBs without giving themselves out (streaming large files show in data usage)? What if the drive data is encrypted? what if someone uses Linex or Tails?

There are too many variables yet after all what we learned about spy agencies I can't refute Kaspersky's find.
 
  • Like
Reactions: CustosInanis
Hi techspot, thanks for fueling the conspiracy aspirations of users.

Regards,
Someone who doesn't care.

PS: Because really, if the "NSA" or whomever is behind it, will get it one way, or the other, I'm gonna find you, I'm gonna get...
PS2: Unless there is a patch or a way to reflash the drive's firmware.
 
Kibaruk said:
Hi techspot, thanks for fueling the conspiracy aspirations of users.

Regards,
Someone who doesn't care.

PS: Because really, if the "NSA" or whomever is behind it, will get it one way, or the other, I'm gonna find you, I'm gonna get...
PS2: Unless there is a patch or a way to reflash the drive's firmware.
Click to expand...

no one has played PS or PS2 in quite a while. let us know when you get to PS4 ;P
 
This firmware intrusion can of course be used to reserve certain disk areas for their own malware programs that can be run but not detected or deleted by other antivirus / antimalware programs. Vast amount of disk drives can be knocked out via simple virus programs spread to keyed in specific countries, areas or companies. Today the 21'century Internet media winter is up to debate, as we continue to replace all physical media (papers, books, contracts...) onto digital media located in vast Internet server plants.
 
If the NSA is in fact behind this, I would not be surprised one bit. They need an indestructible method of surveillance that someone cannot just erase by reformatting.
 
Unfortunatelly this "news" came from a Russian company and like RT.com spread some propaganda to the world.
Still nobody will proof that without source code of that disk firmware.
So take this "news" with orange juice and let it go.
 
I trust RT.com, Presstv.com and english.pravda.ru .etc. more than the crap outlets like Fox, CNN and NBC for example.

When it comes to finding flaws/loopholes developed by NSA, CIA, Mossad or whatever, lots of knowledgeable and highly experienced people still don't know what to look for in the source code when it relates to things like surveillance tech . After all, the intelligence agencies often have the best breed of brains around!
 
This sounds like a load of bull.
What does this malware/worm do?
How does it run? It doesn't load & run in your windows.
More info needed...
 
  • Like
Reactions: infiltrator
Guest said:
This sounds like a load of bull.
More info needed...
Click to expand...

I couldn't agree more, but you have to realize that, we are leaving in a digital world where anything is possible. Take for instance, the TOR network and how the NSA managed to infiltrate into it.

What does this malware/worm do?

It spies on the user, by recording and sending out bits of information to NSA servers.
Now, I don't know what information it could potentially be sending out.
But it could be on anything that could be used against you, if you are/were to commit a crime.

How does it run? It doesn't load & run in your windows.

That's a good question?

It could be using a customized emulator to run, or a even when Windows itself is running. But to remain undetected, it could be using a specially customized rootkit program, that no AV is able to detect it.

I am just throwing around some ideas.
 
infiltrator said:
Guest said:
This sounds like a load of bull.
More info needed...
Click to expand...

I couldn't agree more, but you have to realize that, we are leaving in a digital world where anything is possible. Take for instance, the TOR network and how the NSA managed to infiltrate into it.

What does this malware/worm do?

It spies on the user, by recording and sending out bits of information to NSA servers.
Now, I don't know what information it could potentially be sending out.
But it could be on anything that could be used against you, if you are/were to commit a crime.

How does it run? It doesn't load & run in your windows.

That's a good question?

It could be using a customized emulator to run, or a even when Windows itself is running. But to remain undetected, it could be using a specially customized rootkit program, that no AV is able to detect it.

I am just throwing around some ideas.
Click to expand...

It could also use Windows Powershell like Poweliks.....undetectable.
 
Ever wonder why so many states have made or are making "Living-off-the-grid" illegal?
I did.

Even when the filtered water they can provide for themselves and the clean solar power they have, can be proven to be of superior quality than that made available by the local power/water grid, these "Off-gridders" can still be in legal trouble.

It probably just means that the NSA can't surreptitiously access your PC if you are self-sufficient...and I seriously doubt they like that too much....even if the NSA weren't continually monitoring your computer and/or internet use, it gives them easy access to your PC if you were to come under scrutiny.
 
You must log in or register to reply here.

Similar threads

Daniel Sims
LG TV owners should update their firmware, webOS vulnerability found in a few models
Replies
8
Views
134
subnex
S
midian182
Canada bans WeChat and Kaspersky apps from government devices over security concerns
Replies
3
Views
244
Benses
Benses
Shawn Knight
HDD revenue retrospect: Charting nearly 70 years of hard drive financial data
Replies
1
Views
165
Nassim Bahloul
Nassim Bahloul

Latest posts

Back