Kaspersky says US spyware is baked-into many HDD firmwares

[HEXUS]

'The Equation Group' infected HDD firmware with surveillance tools since 2001.

Read more.

[Chadders87]

The irony is the Ad at the top of the page for me was "Save money on great NSA* bundles" sponsored by WD.

*typo. Read NAS.

[shaithis]

Interesting that they think there is a link (however tenuously) back to the NSA.

Based on the Wiki-leaks stuff, it does make you wonder!

[peterb]

Just remind where Kapersky labs are based.....

[ZaO]

I've heard the guys from the Tor Project, and others like Alex Jones talk about this, years ago. And now, a major security company, Kaspersky Lab, are coming out with this info. This is a big deal. What the hell do you do about this.. How are people supposed to know what is safe to buy anymore..

[GuidoLS]

Just remind where Kapersky labs are based.....

There was a time that I'd use this as a tongue in cheek piece of light humor. Now? Sorry, but I trust state sponsored Russian companies as little or less than I trust the NSA.

[edzieba]

Kaspersky says US spyware is baked-into many HDD firmwares

No they bloody haven't!

They described a component of a tool that can install itself as a replacement firmware. What they did not state at any point was that this was installed on drives en-mass coming from the factory. That is a vastly different thing. Hexus are the only site I have seen to imply this, and with no others (including the liked FT article) mentioning anything like it.

[ysluxus]

Stop using or keep being spyed. no other way.

[crossy]

No they bloody haven't!

They described a component of a tool that can install itself as a replacement firmware. What they did not state at any point was that this was installed on drives en-mass coming from the factory. That is a vastly different thing. Hexus are the only site I have seen to imply this, and with no others (including the liked FT article) mentioning anything like it.

Quite correct, the Kaspersky article (what I managed to read around the non-removable coupon popup that seem to infect some sites with Chrome) says:

GReAT has been able to recover two modules which allow reprogramming of the hard drive firmware of more than a dozen of the popular HDD brands. This is perhaps the most powerful tool in the Equation group's arsenal and the first known malware capable of infecting the hard drives.

By reprogramming the hard drive firmware (i.e. rewriting the hard drive's operating system), the group achieves two purposes:

So unless I'm reading that bit incorrectly, the malware is reprogramming the drive installed in the infected system to provide a permanent "known bad" source of the malware. The article does not say that the drives are shipping with this malware.

That said, I do tend to be slightly defensive about AV companies "bigging up" the latest threat to perhaps sell more licenses. However, in this case I can't see an obvious sales pitch. You know "drives are being reprogrammed, use our new DriveCert(tm) software to reflash your drives with known good firmware"

[ET3D]

Kaspersky says US spyware is baked-into many HDD firmwares

No they bloody haven't!

They described a component of a tool that can install itself as a replacement firmware. What they did not state at any point was that this was installed on drives en-mass coming from the factory. That is a vastly different thing. Hexus are the only site I have seen to imply this, and with no others (including the liked FT article) mentioning anything like it.

Yes, I came here worried and after reading the article realised that I'm probably safe from spying. (For some level of "safe". I mean, not from this particular spying.)

[crossy]

Yes, I came here worried and after reading the article realised that I'm probably safe from spying. (For some level of "safe". I mean, not from this particular spying.)

Colleague of mine may a good comment ... "if you think you're important enough to be spied upon by the NSA then perhaps you shouldn't own a computer or a smartphone. But then again, if you don't have PC nor smartphone then maybe that's suspicious in itself"

As said in the Shockwave Rider ... new reasons for old paranoia.

[DanceswithUnix]

The article does not say that the drives are shipping with this malware.

GIven how factories tend to pull in a lot of short term contract staff it would be probably quite trivial to plant someone to infect final test machines. However, such an untargeted blunt move would seem rather risky for the limited usefulness of "infecting" countless DVR machines and laptops that just surf Facebook all day on the hope you might get a lucky hit. So yeah, I don't see this.

[Corky34]

Colleague of mine may a good comment ... "if you think you're important enough to be spied upon by the NSA then perhaps you shouldn't own a computer or a smartphone. But then again, if you don't have PC nor smartphone then maybe that's suspicious in itself"

It's not a matter of if you're important enough to be spied upon it's a matter of privacy, a matter of what you said yesterday not becoming tomorrows taboo, a matter of what happens when such spyware inevitably finds it's way into the wild.

Privacy is vital to a free society without it people become wary to discuss anything that goes against social norms in private, would people have questioned the laws that made Alan Turing a criminal if they had not dared to speak out against those laws, at first in private and later in public ?

[abaxas]

Maybe the hard drive is gay?

[davesom555]

If they are "practically blind to it" how do they know it's there? How does it communicate with external agencies then? Surely they could find that channel?

[crossy]

If they are "practically blind to it" how do they know it's there? How does it communicate with external agencies then? Surely they could find that channel?

Check out the Kaspersky document that the article links to. It says that the malware might be able to create a private area on the disk that is effectively a black hole to the normal utilities. Then, so I assume, the attacker will switch the firmware to allow access to that private area. Or it could be a lot simpler, if the malwarers put a trojan on a PC, then they could use corrupted disk firmware to ensure that their wiretap is reinstated if the victim spots it and removes it.

It's not a matter of if you're important enough to be spied upon it's a matter of privacy, a matter of what you said yesterday not becoming tomorrows taboo, a matter of what happens when such spyware inevitably finds it's way into the wild. Privacy is vital to a free society without it people become wary to discuss anything that goes against social norms in private, would people have questioned the laws that made Alan Turing a criminal if they had not dared to speak out against those laws, at first in private and later in public ?

I agree with what you're saying but the "A" agencies have become very adept at using the threat of terrorists and paedophiles to argue that "a little less" privacy is necessary. As John Stuart Mill said:

The only freedom which deserves the name, is that of pursuing our own good in our own way, so long as we do not attempt to deprive others of theirs, or impede their efforts to obtain it.

If we had truly wise leaders then they'd be able to balance the needs of protecting the populace without necessarily resorting to following the "1984" playbook. Unfortunately, I think the ease with with electronic surveillance of all types can be used has meant that it's become very attractive. Sorry for the digression.