Recently, it seems that you can’t go two days without finding out some new piece of information which somehow relates to the NSA’s spying program, and with every day that passes it becomes more and more clear that the scope of the program, and the abuse of privacy which it involves are of an incredible magnitude and inescapable pervasiveness.
Now, in yet another part of the elaborate plot that is the illegal NSA spying program, Moscow based firm Kaspersky has uncovered software hidden deep within the firmware of computers’ hard drives’ that is designed to spy on the user. According to Kaspersky, this method of espionage would allow the ‘sophisticated threat actor’ (which Kaspersky calls the ‘Equation group’) to spy on PC’s worldwide, and may have been going on for as long as 15 years (since around 2001.)
In its report, Kaspersky (the firm that was responsible for breaking the Stuxnetstory), discovered that the ‘Equation group’ has the ability to hide spyware in hard drives of important manufacturers such as Western Digital, Seagate, Toshiba, IBM, Micron Technology Inc and Samsung Electronics.
According to information released to Reuters, the Russian firm found evidence of this spyware in the hard drives of 30 nations, but found that these were most prolific in the hard drives of countries such as Iran, Russia, Pakistan, Afghanistan, China, Mali, Syria, Yemen and Algeria.
Talking to Reuters about where the spyware was found to be most prolific, Kaspersky said,
‘The targets included government and military institutions, telecommunication companies, banks, energy companies, nuclear researchers, media, and Islamic activists’
Although NSA spokeswoman Vanee Vines refused to pass comment on the new revelations, a former NSA employee told Reuters that what Kaspersky had uncovered was indeed true, and that the NSA valued its ability to get spyware into sensitive locations as highly as it does viral spyware such as Stuxnet (a worm computer virus the NSA used to mount a cyber attack on Iran’s nuclear power plant.)
Peter Swire, (a member of the US Review Group on Intelligence and Communications Technology) said that these new revelations about how the NSA carries out its espionage could have a seriously negative impact on diplomatic relations and trade agreements, and urged Obama’s administration to think hard about how they sought to proceed with their spy programs in the future, lest they face serious international backlash and loss of faith.
According to lead Kaspersky researcher Costin Raiu, putting spyware in the firmware of the hard drives is perfect for the NSA’s espionage efforts because,
‘The hardware will be able to infect the computer over and over’
Although spokespeople from both Seagate and Micron have made statements denying that they know anything about foreign code appearing in the firmware of their hard drives, Vincent Liu, a partner at Bishop Fox and former NSA analyst, explains that if a company wants to sell a product to the Pentagon they are asked to cooperate with security auditing for those products by handing over the source code,
‘They don’t admit it, but they do say, “We’re going to do an evaluation, we need the source code,” It’s usually the NSA doing the evaluation, and it’s a pretty small leap to say they’re going to keep that source code.’
Although the link to the NSA is currently only circumstantial, according to Kaspersky’s report, the Equation group’s obvious links to Flame and Stuxnet make it almost inevitable that these hacks and spyware installations are coming from a position of wealth and authority that is unlikely to be anything but a large and well organized intelligence agency. In the report Kaspersky lays it out like this,
‘There are solid links indicating that the Equation group has interacted with other powerful groups, such as the Stuxnet and Flame operators–generally from a position of superiority. The Equation group had access to zero-days before they were used by Stuxnet and Flame, and at some point they shared exploits with others.’