# NSA Hides Spying Backdoors into Hard Drive Firmware



## btarunr (Feb 17, 2015)

Russian cyber-security company Kaspersky Labs exposed a breakthrough U.S. spying program, which taps into one of the most widely proliferated PC components - hard drives. With the last 5 years seeing the number of hard drive manufacturing nations reduce from three (Korean Samsung, Japanese Hitachi and Toshiba, and American Seagate and WD) to one (American Seagate or WD), swallowing-up or partnering with Japanese and Korean businesses as US-based subsidiaries or spin-offs such as HGST, a shadow of suspicion has been cast on Seagate and WD. 

According to Kaspersky, American cyber-surveillance agency, the NSA, is taking advantage of the centralization of hard-drive manufacturing to the US, by making WD and Seagate embed its spying back-doors straight into the hard-drive firmware, which lets the agency directly access raw data, agnostic of partition method (low-level format), file-system (high-level format), operating system, or even user access-level. Kaspersky says it found PCs in 30 countries with one or more of the spying programs, with the most infections seen in Iran, followed by Russia, Pakistan, Afghanistan, China, Mali, Syria, Yemen and Algeria.






Kaspersky claims that the HDD firmware backdoors are already being used to spy on foreign governments, military organizations, telecom companies, banks, nuclear researchers, the media, and Islamic activities. Kaspersky declined to name the company which designed the malware, but said that it has close ties to the development of Stuxnet, the cyber-weapon used by NSA to destabilize Iran's uranium-enrichment facilities.

Kaspersky claims that the new backdoor is perfect in design. Each time you turn your PC on, the system BIOS loads the firmware of all hardware components onto the system memory, even before the OS is booted. This is when the malware activates, gaining access to critical OS components, probably including network access and file-system. This makes HDD firmware the second most valuable real-estate for hackers, after system BIOS.

Both WD and Seagate denied sharing the source-code of their HDD firmware with any government agency, and maintained that their HDD firmware is designed to prevent tampering or reverse-engineering. Former NSA operatives stated that it's fairly easy for the agency to obtain source-code of critical software. This includes asking directly and posing as a software developer. The government can seek source-code of hard drive firmware by simply telling a manufacturer that it needs to inspect the code to make sure it's clean, before it can buy PCs running their hard-drives.

What is, however, surprising is how "tampered" HDD firmware made it to mass-production. Seagate and WD have manufacturing facilities in countries like Thailand and China, located in high-security zones to prevent intellectual property theft or sabotage. We can't imagine tampered firmware making it to production drives without the companies' collaboration.

*View at TechPowerUp Main Site*


----------



## revin (Feb 17, 2015)

Wicked eh !
So would one have to flash the drive/firmware/BIOS ??? to get rid of any crap hiding?


----------



## Naito (Feb 17, 2015)

revin said:


> Wicked eh !
> So would one have to flash the drive/firmware/BIOS ??? to get rid of any crap hiding?



If the allegations are true, the spyware is embedded into the firmware from the factory. That means all and any firmware capable of being written to the drives in question will have it by default. Besides, it is very difficult to reverse engineer such firmwares to remove it and just as difficult to install it back on to the drive.


This news just doesn't surprise me. Maybe this will push more people to buy SSDs from Asian companies? That's if they are any safer from espionage.


----------



## btarunr (Feb 17, 2015)

Before you post "thank God I use SSD," don't be so sure. Most SSD manufacturers are tiny sub-billion-dollar outfits that are just easier to coerce by the government of their biggest market.

Chinese government and PLA use only SSDs in their PCs, and that too only from select China-based companies such as Renice, Runcore, etc., so they have control over the firmware.


----------



## lZKoce (Feb 17, 2015)

btarunr said:


> Before you post "thank God I use SSD," don't be so sure. Most SSD manufacturers are tiny sub-billion-dollar outfits that are easier to coerce by the government of their biggest market.
> 
> Chinese government and PLA use only SSDs in their PCs, and that too only from select China-based companies such as Renice, so they have control over the firmware.



While reading this, I was just thinking, meh I am using SSD's on both RIGs.  Now your comment, kills the hope....of not being potentialy spied on.


----------



## Naito (Feb 17, 2015)

btarunr said:


> Most SSD manufacturers are tiny sub-billion-dollar outfits that are easier to coerce by the government of their biggest market.



I'd assume companies like Samsung, Plextor, Sandisk, etc may be in a position to avoid such things, however one can never be sure. Makes you wonder if Sandforce controllers are hiding undesirable code in the firmware, as to my knowledge, their firmware is quite closed-source.

EDIT: It seems SandForce was acquired by LSI Corp./Avago Technologies, whose SSD controller division was in turn acquired by Seagate. Hmm...


----------



## Prima.Vera (Feb 17, 2015)

What if the HDD/SSD is encrypted, can they still have access to the encrypted data?


----------



## btarunr (Feb 17, 2015)

Prima.Vera said:


> What if the HDD/SSD is encrypted, can they still have access to the encrypted data?



They have access to 1s and 0s. They can take those 1s and 0s, and run them through their multi billion dollar decryption farms.


----------



## RazorBurn (Feb 17, 2015)

Should i be worried with my Hentai Tentacle collection?


----------



## btarunr (Feb 17, 2015)

RazorBurn said:


> Should i be worried with my Hentai Tentacle collection?



Maybe not that your hentai collection will incriminate you, but that there's someone out there who knows you're a hentai collector. So the next time you take evidence of corruption to the press/court, the government can kill-the-messenger by calling you a hentai-collector.

Your government has your dirt. That's what should scare you.


----------



## lZKoce (Feb 17, 2015)

btarunr said:


> They have access to 1s and 0s. They can take those 1s and 0s, and run them through their multi billion dollar decryption farms.



How much computational power do you need to decrypt a maintstream HDD? And how much time it's gonna take per single unit? I thought it was impossible with current tech.


----------



## Relayer (Feb 17, 2015)

lZKoce said:


> While reading this, I was just thinking, meh I am using SSD's on both RIGs.  Now your comment, kills the hope....of not being potentialy spied on.




Well, unless you are an Iranian nuclear scientist or someone else mentioned, you really don't have to worry. They are actually quite busy with important stuff not what pr0n sites we go on or how much money we have in the bank.


----------



## btarunr (Feb 17, 2015)

Relayer said:


> Well, unless you are an Iranian nuclear scientist or someone else mentioned, you really don't have to worry. They are actually quite busy with important stuff not what pr0n sites we go on or how much money we have in the bank.



That is a very common fallacy used by governments in the face of such allegations. What should worry you is that you'll never be able to fight "the powers that be," if they screw you over, because they have your dirt, and they can use that to trivialize/discredit/vilify you at whim.


----------



## Relayer (Feb 17, 2015)

btarunr said:


> That is a very common fallacy used by governments in the face of such allegations. What should worry you is that you'll never be able to fight "the powers that be," if they screw you over, because they have your dirt, and they can use that to trivialize/discredit/vilify you at whim.



Listen, I'm not saying I like it or it's OK to spy on the citizenship of a country. I'm sure that's not the reason that this spyware has been installed either. It's for reasons in the article. Is there possibility for abuse? Sure there is. That's where the problem lies. Making sure the abuse doesn't occur. Personally though, I like them having access to Iran's, ISIS's, No. Korea's, etc. HDD. It might save your, my, our kids or other loved ones lives.

It's strange how people can see the threat in something like this but not from the organizations that are targeted. Maybe if you lived in Israel, you'd feel differently?


----------



## NC37 (Feb 17, 2015)

Really you don't know how drives in China could become tampered?

Sigh...

Go there and wave some cash in front of one of the workers before they commit suicide and you'll get all the tampering you need.


----------



## Octopuss (Feb 17, 2015)

Stop that mass hysteria people. This sounds like bullshit journalist sensationalistm. "Snowden is getting old and nothing new is coming out of him, let's make up even more stories people will want to read."


----------



## Potatoking (Feb 17, 2015)

Not saying this is impossible, but until there is some hard evidence, this is just another accusation. Russia has lost lot of credibility these days...


----------



## blaznee (Feb 17, 2015)

Just accept the fact that government agencies knows what you're doing if they want to. I'm pretty sure they don't care that you look a "teen lesbian" catagories or that you're stalking your ex on facebook after 2 beers..


----------



## Frick (Feb 17, 2015)

Octopuss said:


> Stop that mass hysteria people. This sounds like bullshit journalist sensationalistm. "Snowden is getting old and nothing new is coming out of him, let's make up even more stories people will want to read."



http://arstechnica.com/security/201...-nsa-hid-for-14-years-and-were-found-at-last/

Seriously, they have mad skills. Not sure Kaspersky said in plain speech it was the NSA as such.



Potatoking said:


> Not saying this is impossible, but until there is some hard evidence, this is just another accusation. Russia has lost lot of credibility these days...



Kaspersky =! Russia. And read the Ars article, it's massively interesting. Also read up on Stuxnet and Flame to get an idea of just what they can do.

EDIT: Ok I've read the thing now, and

1) The group has ties to NSA, but no one has said it's the NSA itself, especially not Kaspersky who dubbed them Equation Group.
2) It seems they do the attacks in the wild, meaning a) the factories are not compromised and b) holy shit they can rewrite the HDD firmware in the wild.

EDIT
https://securelist.com/files/2015/02/Equation_group_questions_and_answers.pdf


The report itself.


----------



## micropage7 (Feb 17, 2015)

so NSA works behind us and have you seen "winter soldier"?
each one of us can be identified by any tracks of mail, telephone call, messages, fb, twitter, and other
so everyone is visible


----------



## Caring1 (Feb 17, 2015)

Potatoking said:


> Not saying this is impossible, but until there is some hard evidence, this is just another accusation. Russia has lost lot of credibility these days...


While I don't have a link or remember exactly what show I was watching, I did see a program on TV where the NSA admitted installing spyware and or tracking devices in hardware for specific targets. There is nothing stopping them from doing the same to the general populace at any stage if they warrant it necessary.
The same warnings have been given previously about the mass of cheap phones being produced in China, they are watching and listening to the west.


----------



## Capitan Harlock (Feb 17, 2015)

A lot of people here should see the nsa shit what is doing with tor and other idiocracy thinking .
Go and take a look at Tek sindacate and see what crazy sociopath they are.


----------



## z1tu (Feb 17, 2015)

You might want to change the title there since no one is saying for sure this is the NSA. It looks like them but it hasn't been confirmed.


----------



## micropage7 (Feb 17, 2015)

z1tu said:


> You might want to change the title there since no one is saying for sure this is the NSA. It looks like them but it hasn't been confirmed.


suddenly i think every firmware has its own bugs and "they" exploit that to get any information
or they release standard that has a backdoor to manufactures so they can exploit it in the future


----------



## Mr B (Feb 17, 2015)

if you're not doing anything wrong or illegal then what's the problem?


----------



## Caring1 (Feb 17, 2015)

Mr B said:


> if you're not doing anything wrong or illegal then what's the problem?


Chip, chip, chipping away ..... at your freedom


----------



## Mr B (Feb 17, 2015)

Caring1 said:


> Chip, chip, chipping away ..... at your freedom



Don't get any freedom anyway it's all a façade. They can gladly look at my holiday photos and see what games I'm playing on Steam!


----------



## Frick (Feb 17, 2015)

This isn't the blanket spying stuff the NSA does.


----------



## z1tu (Feb 17, 2015)

Mr B said:


> Don't get any freedom anyway it's all a façade. They can gladly look at my holiday photos and see what games I'm playing on Steam!


I think that someone with that kind of access to your computer could just simply plant incriminating evidence to anything. What if it stated "Criminal/terrorist organization hides spying backdoors into harddrive firmware", would you be more alarmed then?


----------



## Mr B (Feb 17, 2015)

z1tu said:


> I think that someone with that kind of access to your computer could just simply plant incriminating evidence to anything. What if it stated "Criminal/terrorist organization hides spying backdoors into harddrive firmware", would you be more alarmed then?



There's too much scaremongering. Still I'm only one out of billions of computers, I think I'll take my chances with my holiday snaps!


----------



## z1tu (Feb 17, 2015)

Mr B said:


> There's too much scaremongering. Still I'm only one out of billions of computers, I think I'll take my chances with my holiday snaps!


Couldn't agree more on that, but it's still wrong on every level.


----------



## Mr B (Feb 17, 2015)

z1tu said:


> Couldn't agree more on that, but it's still wrong on every level.



yes it's definitely wrong, I think I'm going to put pictures of my ass in amongst all of my holiday pictures as a message to anyone looking at them! kiss my ass!


----------



## MaKCuMyC (Feb 17, 2015)

hard drive firmware isn't loading into system RAM, it's run only at drive.


----------



## lemonadesoda (Feb 17, 2015)

Thanks for this news article. Interesting. Informed. Warned.


----------



## Fx (Feb 17, 2015)

This is in violation of the US Constitution which is the supreme law.

Thank you for this profound post. The NSA is out of control and information exposing its practices is always welcome.


----------



## Peter1986C (Feb 17, 2015)

MaKCuMyC said:


> hard drive firmware isn't loading into system RAM, it's run only at drive.


Yeah, the controller board inside the drive needs that stuff. The PC/server could care less about that low level material.


----------



## Frick (Feb 17, 2015)

Fx said:


> This is in violation of the US Constitution which is the supreme law.
> 
> Thank you for this profound post. The NSA is out of control and information exposing its practices is always welcome.



You're as likely to be hit with this as with Flame.

And this story is getting stupid. We dont know who the group is, just that they might be affilated with the NSA somehow. And this is just spying, not blanket surveillance. 










Chevalr1c said:


> Yeah, the controller board inside the drive needs that stuff. The PC/server could care less about that low level material.



It's part of a larger thing. It also controls what is booting.



> GrayFish is the crowning achievement of the Equation Group. The malware platform is so complex that Kaspersky researchers still understand only a fraction of its capabilities and inner workings. Key to the sophistication of GrayFish is its bootkit, which allows it to take extraordinarily granular control of the machines it infects.
> 
> "This allows it to control the launching of Windows at each stage," Kaspersky's written report explained. "In fact, after infection, the computer is not run by itself anymore: it is GrayFish that runs it step by step, making the necessary changes on the fly."


----------



## qubit (Feb 17, 2015)

This spying so doesn't surprise me. I wonder if those longstanding rumours about backdoors in chipsets are true after all?

Tinfoil hats at the ready everyone!


----------



## hardcore_gamer (Feb 17, 2015)

I'm scared that they will steal the blueprints of a mach 5 fighter jet I designed..


...in KSP.


----------



## Ahhzz (Feb 17, 2015)

Mr B said:


> if you're not doing anything wrong or illegal then what's the problem?


http://falkvinge.net/2012/07/19/debunking-the-dangerous-nothing-to-hide-nothing-to-fear/

Also, this essay, referenced and recommended by Bruce Schneier, one of the top security experts in the field today.


----------



## jsfitz54 (Feb 17, 2015)

qubit said:


> This spying so doesn't surprise me. I wonder if those longstanding rumours about backdoors in chipsets are true after all?
> 
> Tinfoil hats at the ready everyone!



Pen and paper will escape / elude their scrutiny!


----------



## qubit (Feb 17, 2015)

Mr B said:


> if you're not doing anything wrong or illegal then what's the problem?


This is an age old strawman argument that's been debunked many times.

It's a question that's usually asked by those who want to spy on and control the people and is an absolute favourite among tinpot dictators.


----------



## Jorge (Feb 17, 2015)

Boo Hoo. Don't concern me one bit as I have nothing to hide.


----------



## xfia (Feb 17, 2015)

guess i will be a strawman too then..  
hard drives are not secure  not like anything about windows or the internet in general is anyway.. only way your data is actually safe is to unplug the ethernet cable.. 
government agencies seriously don't care what you do as long as its not illegal plus there is no way for them to manually spy on everyone.. 
it goes pretty deep if your hard drive is being remotely checked out and you have already been flagged..


----------



## Nabarun (Feb 17, 2015)

Is there any way to know if my hard drive's firmware is infected?


----------



## Uplink10 (Feb 17, 2015)

This story holds some truth. NSA has gone too far, these agencies should be shut down and the money that goes to these agencies should be used for helping develop open source software... And HDD manufacturers are also guilty, they can't release firmware source code? You can do that, if user gets ahold of source code he can`t make HDD out of pure air, he still has to buy your HDD. But we all know if source code isn`t released the software is not secure, that is why people choose Linux over Windows Server.


----------



## techy1 (Feb 17, 2015)

blaznee said:


> I'm pretty sure they don't care .....that you're stalking your ex on facebook after 2 beers


 WHAAAT :O... noone has right to know that!! .... I mean -  I have never ever done that... fuck - do not read this post - it was hacked .... ok ok, I admit it...  but it was 3 beers


----------



## jsfitz54 (Feb 17, 2015)

"I pity the fool"...that doesn't own a typewriter.

What manifesto?


----------



## Deadlyraver (Feb 17, 2015)

NSA: A place that tries to reincarnate old ideas.

Such as:

Breaching people's privacy.
Finding people's privacy.
Storing people's privacy.
AND
Telling people they have privacy.

I see democracy is still working for us.


----------



## Fx (Feb 17, 2015)

"I have nothing to hide," said the fool.

It isn't that you don't have anything to hide; it is that they don't have any right to search your property (either physical or intangible) without a justifiable reason.

Anyone not concerned over their own privacy, and the breach of it, is most stupendously ignorant of history. This is a direct attack on one's privacy; a principle that was important enough to be included as a foundational law (4th Amendment). Men fought and died over the right to protect this aspect of their lives among other things.

Furthermore, surveillance is always used in the control of a population by governments who seek to enact sinister activity. Governments will tell you that they are using their tactics to fight "terrorism", and other such nonsense, but really they are the authors of it or have direct association with many of those groups -- a fact that most people are too lazy to investigate or even care about.

Stories like these drag out a lot of ideas to consider, but unfortunately most readers just read it as a topic of the day instead of really considering consequences, context and the past in order to connect some dots.


----------



## xorbe (Feb 17, 2015)

I don't believe that the motherboard bios loads firmware from a sata-connected HDD into system ram, that doesn't sound correct to me.  PCIe card, sure.


----------



## GLD (Feb 17, 2015)

These are claims from a foreign country (Russian no less) about the USA and the NSA. I will trust statements/info about my country from my country. Thank you very much.


----------



## Easy Rhino (Feb 17, 2015)

This is probably true but I would like to see the evidence first. The NSA is obviously quite capable of doing this if they want.


----------



## rruff (Feb 17, 2015)

Jorge said:


> Boo Hoo. Don't concern me one bit as I have nothing to hide.



Sad. I suggest you read up on the sort of thing that happens in totalitarian regimes where there is no privacy. Maybe read "1984". Wonder why right to privacy was written into the constitution? Along with a lot of other things that are being ignored. 

Maybe you don't care now, but what if you did? What if your society was taken over by really fucked up dudes who started doing things that any decent person would take issue with... and *you were powerless to even protest because they know everything thing you do?* Spying on all electronic communications, spying with drones. The ability to easily track anyone. Stalin would have been in constant orgasmic ecstasy if this had been possible in his day. 

And I'll let you know why I think things are going to happen fairly soon that most people will have an issue with. Computers are getting more sophisticated all the time. Before long they will be "smart" enough to make some human workers obsolete... meaning that the person has *no* viable task that they can perform better or at a lower cost than a machine. These *people will be unemployable*, and as the machines continue to become more sophisticated, the number of persons in this category will grow. 

Most likely welfare will be expanded, and propaganda will continue to pit the middle class (who experience higher taxes and declining living standards) against the lower class (who don't work and receive the dole). Divide and conquer. But the population will be mollified and distracted one way or another while the number of unemployable persons grows. 

*Every developed country in the world runs on a consumer capitalist economic model*. That's because it has been shown to work better than any other. The consumer/worker is vital part of this system, because the prosperity of the capitalist depends on the prosperity of the consumer. The capitalist makes profit from making and selling stuff to consumers. If consumer income and wealth doesn't increases, then the capitalist's wealth can't either for long. It's symbiotic. It also favors a democratic government, human rights, and freedom. Why? The general population will work harder and be more efficient and more willing to fight wars if they are free, which ultimately increases the power and wealth of the capitalists. 

*This will soon be obsolete.* As the economically useless humans become a greater % of the population, consumer capitalism will no longer be viable. From the capitalist standpoint the consumer is no longer a vital part of the system, but rather something that merely consumes resources while providing no value to them. *Vermin. *Instead they can use those resources for themselves, and use robotic serfs and slaves to build whatever they want directly and much more efficiently than ever before. Robots will also fight the wars. 

*What do you suppose will happen to our human rights and living standards then?* The rich will have every reason to reduce the amount of resources "wasted" on keeping useless humans alive, meaning that our living standard will gradually deteriorate, along with any thoughts of of rights or freedom. Don't take freedom for granted folks... it became fashionable at the same time as consumer capitalism, and is in fact dependent on it. It will probably happen gradually enough to keep the population from complaining too much until it's too late to do anything about it. It might already be too late. I imagine in a short few decades *we will be "happily" spending nearly all our time in VR pods hooked up to feeding and evacuation tubes.*.. until we die. That is the only option we will have. And that is an optimistic scenario. Useless humans might be eliminated much more swiftly. 

The alternative? That democracy and freedom are actually strong enough for the interests and wishes of the majority to win out over the desires of the powerful few. And so we share the bounty and all live better and more interesting lives without needing to work. Trends over the last few decades are not heading in this direction though... at all. 

Good luck. 

I'll leave this here...


----------



## Z F (Feb 17, 2015)

btarunr said:


> They have access to 1s and 0s. They can take those 1s and 0s, and run them through their multi billion dollar decryption farms.



If they have low-level access to the system's RAM, they don't need to run it through decryption farms. They can read data directly out of your RAM or FileStreams as they open, no decryption required. As far as I understand encryption only helps if you haven't already booted your computer and logged in.


----------



## Bytales (Feb 17, 2015)

I was planning on gettin 10 3.5inch hdd for my raid system, guess ill go hitachi now instead of western digital.

You lost me as customer WD, by by !


----------



## BiggieShady (Feb 17, 2015)

Jorge said:


> Boo Hoo. Don't concern me one bit as I have nothing to hide.


I'm sure that you leave the toilet door wide open when you are taking a dump. Next time invite your neighbors to watch you.


----------



## lemonadesoda (Feb 17, 2015)

There has been a huge surge in prices of old ticker tape and punch card readers on ebay... LOL


----------



## Casecutter (Feb 17, 2015)

That's why it's so much better to put things on the Cloud... 
~sarcasm~


----------



## xfia (Feb 17, 2015)

rruff said:


> Sad. I suggest you read up on the sort of thing that happens in totalitarian regimes where there is no privacy. Maybe read "1984". Wonder why right to privacy was written into the constitution? Along with a lot of other things that are being ignored.
> 
> Maybe you don't care now, but what if you did? What if your society was taken over by really fucked up dudes who started doing things that any decent person would take issue with... and *you were powerless to even protest because they know everything thing you do?* Spying on all electronic communications, spying with drones. The ability to easily track anyone. Stalin would have been in constant orgasmic ecstasy if this had been possible in his day.
> 
> ...



gets pretty grim when you start talking about vr pods I prefer to think of the future with positivity and watch things that help with that. fear is a easy way to control people and take away the power of the majority. if you believe what spiritual teachers tell us then you know thoughts affect the collective consciousness and affect actions on a world wide scale. even if your not spiritual then you can talk about it in a individual since.. I dislike a lot of tv shows and movies because they just are not good for your mind with bloody grim outlooks that can get into your head if you watch to much plus don't even get me started on commercials.


----------



## Aquinus (Feb 17, 2015)

So let me ask you all this. What does it matter if the firmware has a "backdoor" when any device attached to the drive has full access to its contents. Considering the firmware can't do any communication outside of the hard drive itself, it's safe to assume that this doesn't enable anyone to simply read data. From a development and hardware perspective, I really think is another example of how people let stupid ideas run a muck. Firmware can't even edit main memory, forget sending data over a network to tell the NSA something.

Any fear in this is dumb because it's probably a simple a hard drive feature that some paranoid lunatic fancies as a NSA conspiracy. I suspect that most people need to calm down and need to understand how things work before getting their panties in a bunch about something that doesn't even give anyone access to the computer itself. To call this a "backdoor" is laughable to say the least and from a security standpoint doesn't concern me in any way, shape, or form.

It honestly saddens me that this even made it to TPU. What the hell is this, FOX News?


----------



## xfia (Feb 17, 2015)

I watched fox news once.. started pricing security systems and lining my roof with aluminum foil. came to my senses when I realized the foil would cost more than the security system.


----------



## rruff (Feb 17, 2015)

xfia said:


> I prefer to think of the future with positivity and watch things that help with that.



Which is great so long as you are aware of what is happening... and *act*. I'm not trying to spread fear at all, just pointing out why it is really important that we not take our freedom. privacy, and prosperity for granted, and do what is necessary to keep it. The future I described is pretty much inevitable if we continue the way we have been. What would interrupt it that does not involve "magical thinking" or a preemptive disaster? 

Fear has been a very effective tool lately to keep the masses confused and divided. I'm not sure how it works. Maybe it is via TV? I haven't watched TV in 25 years, so I don't know what is happening there. If I go to someone's house and it's on I try to get them to turn it off. It's *really* annoying once you become accustomed to not having it.


----------



## rruff (Feb 17, 2015)

Aquinus said:


> What the hell is this, FOX News?



Reuters: http://www.reuters.com/article/2015/02/16/us-usa-cyberspying-idUSKBN0LK1QV20150216


----------



## xfia (Feb 17, 2015)

sorry if I came off like you where trying to spread fear. I get more worried about the planet just dieing and not being able support life than everyone's rights being taken away. I don't really have much faith in people as a whole but I try.. I suppose if we do have a future coming with way less jobs to go around and robots everywhere then some woman need to stop popping out so many babies. I think maybe it was china that had a 2 kid limit for awhile.. not really sure what kind of thinking they backed it with but it seemed fine to me and even more so at the moment.


----------



## Aquinus (Feb 18, 2015)

rruff said:


> Reuters: http://www.reuters.com/article/2015/02/16/us-usa-cyberspying-idUSKBN0LK1QV20150216


Terrible article. It puts the two together without actually making the link. I'm sure the NSA does plenty of things but it's not the hard drive firmware that enabled the NSA to spy on these computers.

If you read the actual article, it has nothing to do with the firmware but rather a typical attack on eastern computer systems.


> The group used a variety of means to spread other spying programs, such as by compromising jihadist websites, infecting USB sticks and CDs, and developing a self-spreading computer worm called Fanny, Kasperky said.



The wording in the article is tricky because all it really says it that the NSA attacked some people. By the way there was a hard drive thing that they *think* is linked to the NSA. Nothing conclusive here other than speculation being taken as fact. I suspect that Tiffany Wu doesn't know what she's talking about.

Stats 101: Correlation doesn't always imply causation.


----------



## R-T-B (Feb 18, 2015)

GLD said:


> These are claims from a foreign country (Russian no less) about the USA and the NSA. I will trust statements/info about my country from my country. Thank you very much.



Bias?



> I was planning on gettin 10 3.5inch hdd for my raid system, guess ill go hitachi now instead of western digital.
> 
> You lost me as customer WD, by by !



Hitachi GST almost certainly is affected if anyone is, as WD owns them now.

This doesn't sound like it's loaded at the factory though, but by malware reflashing your drive I think.



Aquinus said:


> Any fear in this is dumb because it's probably a simple a hard drive feature that some paranoid lunatic fancies as a NSA conspiracy. I suspect that most people need to calm down and need to understand how things work before getting their panties in a bunch about something that doesn't even give anyone access to the computer itself. To call this a "backdoor" is laughable to say the least and from a security standpoint doesn't concern me in any way, shape, or form.



My understanding from reading about this is it isn't flashed at the factory, but flashed by companion malware that then opens a backdoor to your HD by flashing it and running it's own network access somewhere.


----------



## cyneater (Feb 18, 2015)

They should prove it and wipe someones hard drive... sound like a conspiracy theory to me.....


----------



## Caring1 (Feb 18, 2015)

GLD said:


> These are claims from a foreign country (Russian no less) about the USA and the NSA. I will trust statements/info about my country from my country. Thank you very much.


Bwahahahahaha, there's one born every minute.

"This particular piece of malware is delivered via modified hard drive firmware, and  Kaspersky says that it’s compatible with nearly all major hard drive brands: Seagate, Western Digital, Samsung, you name it. Once it’s there, it’s nearly impossible to get rid of or even detect. Since it’s not taking up space on the hard drive’s platters, it can easily re-infect a system even after a drive has been fully formatted."

But wait, there's more: http://arstechnica.com/security/201...-nsa-hid-for-14-years-and-were-found-at-last/


----------



## xfia (Feb 18, 2015)

thanks for the article carring..  time to go off the grid


----------



## BiggieShady (Feb 18, 2015)

Aquinus said:


> Firmware can't even edit main memory, forget sending data over a network to tell the NSA something.



The only reason I can see for someone to maliciously modify a hard drive firmware is to hide the malicious work being done on the hard disk by doing it as an extension of regular read/write operations - for avoiding av software and always causing reinfection with actual malware successfully (trojan horse style)... without editing main memory or sending data over network - just disk operations. 

Or even better, imagine instead of infecting svchost.exe on the disk, you have a disk firmware that always returns infected svchost.exe when OS tries to read it.

... it does sound far fetched and I also have my doubts ... it's not that probable but it does seems possible if the hard drive factory security was compromised and firmware "enhanced".


----------



## 95Viper (Feb 18, 2015)

Hmmm, let us see... Kaspersky sells anti-malware, a/v, firewall, etc. software, to make a profit.
Possible scenario, create a story to revive the fears of people to increase sales?
Or, is there a new line of software that is about to hit the market that remedies/detects this firmware infection problem?
I'm just thinking out in print.

Anyways, here is a Kaspersky Labs Daily Blog post that tries to calm some folks down:  Indestructible malware by Equation cyberspies is out there – but don’t panic (yet)

I was outside and an acorn hit me in the head... then, I had a flashback to the story of "Chicken Little".


----------



## xorbe (Feb 18, 2015)

> but the most interesting finding is the malware’s ability to reprogram the victim’s hard drives, making their “implants” invisible and almost indestructible.



Now this I could believe.  Not infecting the PC at POST, but altering the firmware to hide reachable sectors.  Still, something has to be active to access it.


----------



## R-T-B (Feb 18, 2015)

xorbe said:


> Now this I could believe.  Not infecting the PC at POST, but altering the firmware to hide reachable sectors.  Still, something has to be active to access it.



Probably the companion malware that installs the new firmware.  I can buy that.

It also could infect a BIOS based MBR by simply intercepting MBR calls, similar to old floppy disk viruses, and reload itself via this means as a bootkit of sorts.  A reinstall would not cure this, but as Kaspersky itself admits, is usually incredibly targeted when deployed.  If you're not in Iran you probably don't have this.  Even if you do have it, it's probably NOT being used.

Still, I eagerly await detection tools for this.


----------



## jsfitz54 (Feb 19, 2015)

With Putin on the verge of joining OPEC all of this is great news.
The USA has the power to stop hackers from stealing data and money. All the US companies and private individuals that have lost money should be getting refunds very soon.
This is great news.  We should reverse the trend of people stealing from us and go on offensive so that we can do away with taxes.  Lets take from others for a change.  Despots will be replaced with Democracy.
Relief is on the way.  I can hear all the 1's and 0's marching right back into our bank accounts now. Hell, I can
even hear them singing the national anthem while they are working.

The NSA needs your support.


----------



## R-T-B (Feb 19, 2015)

This thread is getting way too politcal.

The fact that anyone who read the article would understand this is spyware that infects firmware, and not firmware that is loaded from the factorys would shut a lot of people up.  This is almost certainly only an issue if you have been directly targeted for say, enriching uranium.  No one has to worry about their porn stash.  Technically speaking (as we should on tech powerup), the fact that the major brands have aparently leaked their firmware source should be more disturbing than the idea of the infection itself.


----------



## Ahhzz (Feb 19, 2015)

R-T-B said:


> This thread is getting way too politcal.
> 
> The fact that anyone who read the article would understand this is spyware that infects firmware, and not firmware that is loaded from the factorys would shut a lot of people up.  This is almost certainly only an issue if you have been directly targeted for say, enriching uranium.  No one has to worry about their porn stash.  Technically speaking (as we should on tech powerup), the fact that the major brands have aparently leaked their firmware source should be more disturbing than the idea of the infection itself.


Sorry, I disagree. Not with the political thing, or the factory, but the rest. I think it's naive to think that the NSA would have such a tool on their hands, and not do their best to get it installed on as many drives as they could, in order to have it "just in case" that big case they're working on, or that "WMD", or whatever, stalls on them, this gives them another backdoor to get more information.


----------



## R-T-B (Feb 19, 2015)

Ahhzz said:


> Sorry, I disagree. Not with the political thing, or the factory, but the rest. I think it's naive to think that the NSA would have such a tool on their hands, and not do their best to get it installed on as many drives as they could, in order to have it "just in case" that big case they're working on, or that "WMD", or whatever, stalls on them, this gives them another backdoor to get more information.



You honestly think they'd be deploying spyware to citizens of their own country just to reflash their HD?

Risk vs reward anaylsis:  This would've come to light way sooner if they did that.  No.  They aren't that stupid.


----------



## Ahhzz (Feb 19, 2015)

R-T-B said:


> You honestly think they'd be deploying spyware to citizens of their own country just to reflash their HD?
> 
> Risk vs reward anaylsis:  This would've come to light way sooner if they did that.  No.  They aren't that stupid.


I guess we'll have to agree to disagree, because I think they _are _that arrogant. The mass quantity of projects that the Snowden papers reveal, prove that.


----------



## R-T-B (Feb 19, 2015)

They maybe want that, but as I said, I think we would've heard about it sooner if it were true.

We'll have to wait for a detection tool to find out for sure.


----------



## Caring1 (Feb 19, 2015)

I have this theory that crypto currency mining is a means for the NSA to use peoples computing power, hashing, to sort all the data they take, the payout is a front to make it seem legitimate.


----------



## xfia (Feb 19, 2015)

Caring1 said:


> I have this *conspiracy* theory that crypto currency mining is a means for the NSA to use peoples computing power, hashing, to sort all the data they take, the payout is a front to make it seem legitimate.


----------



## R-T-B (Feb 19, 2015)

Caring1 said:


> I have this theory that crypto currency mining is a means for the NSA to use peoples computing power, hashing, to sort all the data they take, the payout is a front to make it seem legitimate.



Considering all cryptos are based on open source code and hash systems, really unlikely.

The blockchain does hold some interesting data when anaylzed.  None of it is anything other than a mild curiosity however.


----------



## Frick (Feb 19, 2015)

Aquinus said:


> So let me ask you all this. What does it matter if the firmware has a "backdoor" when any device attached to the drive has full access to its contents. Considering the firmware can't do any communication outside of the hard drive itself, it's safe to assume that this doesn't enable anyone to simply read data. From a development and hardware perspective, I really think is another example of how people let stupid ideas run a muck. Firmware can't even edit main memory, forget sending data over a network to tell the NSA something.
> 
> Any fear in this is dumb because it's probably a simple a hard drive feature that some paranoid lunatic fancies as a NSA conspiracy. I suspect that most people need to calm down and need to understand how things work before getting their panties in a bunch about something that doesn't even give anyone access to the computer itself. To call this a "backdoor" is laughable to say the least and from a security standpoint doesn't concern me in any way, shape, or form.
> 
> It honestly saddens me that this even made it to TPU. What the hell is this, FOX News?



https://securelist.com/files/2015/02/Equation_group_questions_and_answers.pdf, I've posted this before but I dunno if anyone noticed.

Yes, focusing only on the HDD firmware stuff is scaremongering (LOL), but the entirety of the thing is very interesting. I can't understand why anyone wouln't be interested, this is James Bond stuff!


----------



## xorbe (Feb 19, 2015)

R-T-B said:


> It also could infect a BIOS based MBR by simply intercepting MBR calls, similar to old floppy disk viruses, and reload itself via this means as a bootkit of sorts.



Yeah, this occurted to me later. Depending on cleverness, it could replace the MBR or an entire DLL if sufficiently clever.


----------



## FordGT90Concept (Feb 19, 2015)

> Kaspersky says it found PCs in 30 countries with one or more of the spying programs, with the most infections seen in Iran, followed by Russia, Pakistan, Afghanistan, China, Mali, Syria, Yemen and Algeria.


It would be universal if Seagate/Western Digital knew about it.  More likely, NSA acquired the firmware code from them (knowingly or not), injected the backdoor into it, and used an exploit to gain access to the system and change the firmware.  They can then remove the obvious malware and do the rest subversively.

All of those countries on the list  are of particular CIA/NSA interest.  North Korea would probably be on the list too but they don't use Kaspersky.




R-T-B said:


> Technically speaking (as we should on tech powerup), the fact that the major brands have aparently leaked their firmware source should be more disturbing than the idea of the infection itself.


I highly doubt it was deliberate.  If Seagate/Western Digital knew what the NSA was up to, they'd sue the NSA for IP theft and most likely win.


Remember: the NSA successfully sabotaged Iran's centrifuges; 'nuff said.


----------



## xfia (Feb 19, 2015)

of interest is to say the least..  despite what conspiracy theorist would have you think the cia and nsa are mostly good people that save lives of innocent people.
just like any police station.. there is probably at least one cop that you could call dirty but when it comes down to it that cop would save your life from a real criminal.
I'm a united states citizen and I love my country and thank god I dont live in russia or the middle east. I cant count on all my finger and toes all the people in my family alone that have served in the military and worked for various government organizations. I would be in the military myself but I cant because I have crohns disease.

what is new about this? nothing at all.. they do what they do and you have nothing to worry about if your not breaking laws.
if countries want to scared about american made technology and not buy it so what.. no awesome Intel cpu's for you then. 
we could use our industry and jobs back anyway... some of the stuff we get from other parts of the world is serious crap that we dont need at all.

yup load up the manufacturing lines with the lowest quality stuff we got since this order is going to the united states even though they will come in guns blazing for us if we ever ask for help.


----------



## FordGT90Concept (Feb 19, 2015)

"Laws."  CIA and NSA both specialize in foreign intelligence where the only "law" is "don't get caught."  What they're doing was rubber stamped by a court that shouldn't even exist.  NSA chief was even caught lying to the legislature, under oath, which authors laws.  Nothing came of it.  NSA especially operates above the law which is why Snowden felt morally obligated to expose some of the questionable programs.

Let me paraphrase: "you have nothing to worry about if" if you're an obedient government pawn.  Step out of line and they know more about you than you know about yourself.  Information is power.


----------



## R-T-B (Feb 20, 2015)

And even if you got nothing to hide, if you become a threat, they'll make something up about you and pass it off as fact that they can't validate due to "national security"

It's a scary world we live in and people saying things like "if you've got nothing to hide, why worry?" really need to think about what they are endorsing.

But now *I* am getting too political...


----------



## rruff (Feb 20, 2015)

xfia said:


> despite what conspiracy theorist would have you think the cia and nsa are mostly good people that save lives of innocent people...you have nothing to worry about if your not breaking law.



No one is worried about *them*. The problem is that the are accumulating information that will be incredibly dangerous in the wrong hands. Those are the guys I don't trust. 

Believe it or not nearly everyone thinks they are doing good. Doesn't matter what it is. And the propaganda apparently works great to divide people along ideological lines that make no sense. How do you think the Nazis came to being, and every other similar regime? Atrocities are committed by "good" people just doing their job and following the herd. It's easy to believe it's right and good when most everyone around you is doing the same thing. Demonize a group and then pile on. And the few who protest are traitors, cowards, terrorists. Which makes it that much easier to decide to go along. Not many are willing to risk their lives for a principal... particularly when doing so would be futile. 

None of the totalitarian regimes in the past had anything like the kind of information the NSA is accumulating. Add to that the drone and robotic advances that will soon make it easy for a handful of people under the auspices of the government to wield incredible power over a large population. 

The guys who founded this country were well aware of the dangers of power. This is power like the world has never seen before and should be illegal according to our constitution... but for some reason it's allowed.


----------



## xfia (Feb 20, 2015)

I know what you guys are saying and I cant even really disagree but what is just as real is fear and what it does to you and those around you 
there is a campaign of fear and it will render us all weak and powerless if we let it 

if you like rock music and some food for thought.. tool showed me many things about what we all really are


----------



## rruff (Feb 20, 2015)

xfia said:


> there is a campaign of fear and it will render us all weak and powerless if we let it



Sounds like you are in denial. As in "I don't want to be bothered by this, so I'm going to pretend everything is ok".

Fear is exactly how this whole thing is sold. Be very afraid of what the "terrorists" will do. Save us Big Brother! We have nothing to hide... we trust you... we *love* you!


----------



## TRWOV (Feb 20, 2015)

Soooo Kapersky Antivirus: yay or nay?


----------



## R-T-B (Feb 20, 2015)

TRWOV said:


> Soooo Kapersky Antivirus: yay or nay?



Beats norton.  Beyond that no idea.


----------



## Prima.Vera (Feb 20, 2015)

Norton, still the resource hog or it got better?  Don't think so...


----------



## R-T-B (Feb 20, 2015)

Prima.Vera said:


> Norton, still the resource hog or it got better?  Don't think so...



It did get better.  That doesn't mean it's good.   Kinda like upgrading from shit to urine, both stink one is just easier to cleanup.


----------



## Relayer (Feb 20, 2015)

Fx said:


> This is in violation of the US Constitution which is the supreme law.
> 
> Thank you for this profound post. The NSA is out of control and information exposing its practices is always welcome.



From what has been said the infected drives are in foreign countries in use by non US citizens. No constitutional protection then.


----------



## Ahhzz (Feb 20, 2015)

Prima.Vera said:


> Norton, still the resource hog or it got better?  Don't think so...


It did get better, and is often on sale, so many of our clients use it. However, no single point of protection is effective today, much less guaranteed. Grab the A/V of your choice (NIS/Mcaffe/Vipre/KAV/etc) and add a subscription to MBAM. I think they've run out of lifetime licenses, but even so, a good investment, I think.


----------



## Relayer (Feb 20, 2015)

FordGT90Concept said:


> NSA especially operates above the law which is why Snowden felt morally obligated to expose some of the questionable programs.


Snowden? Rats out the US govt. because he's all concerned with rights and freedom. Then runs to Russia and hangs with his bud Putin because he's a defender of freedom and justice. lol Snowden is a bloody traitor! He sold out to the Russians. Why is it so hard to connect the dots? There's only 2 dots. He steals top secret info and goes to Russia. The righteous indignation was nothing more than a smoke screen to cover up he's a spy and a traitor.


----------



## Ahhzz (Feb 20, 2015)

Relayer said:


> Snowden? Rats out the US govt. because he's all concerned with rights and freedom. Then runs to Russia and hangs with his bud Putin because he's a defender of freedom and justice. lol Snowden is a bloody traitor! He sold out to the Russians. Why is it so hard to connect the dots? There's only 2 dots. He steals top secret info and goes to Russia. The righteous indignation was nothing more than a smoke screen to cover up he's a spy and a traitor.


.......

yeah.... the NSA is all above-board...
https://firstlook.org/theintercept/2015/02/19/great-sim-heist/


----------



## rruff (Feb 20, 2015)

Relayer said:


> Snowden? Rats out the US govt. because he's all concerned with rights and freedom. Then runs to Russia and hangs with his bud Putin because he's a defender of freedom and justice. lol Snowden is a bloody traitor! He sold out to the Russians. Why is it so hard to connect the dots? There's only 2 dots. He steals top secret info and goes to Russia. The righteous indignation was nothing more than a smoke screen to cover up he's a spy and a traitor.



Wow. Where did you get your information? 

He had two choices after spilling the beans. Come back to the US and spend the rest of his life in jail, or seek asylum. Russia was the only place he was safe. When the Bolivian president (while at a meeting in Russia) stated that Snowden might be allowed asylum, his plane was redirected and searched on the way home. So ya... leaving Russia could be risky.


----------



## R-T-B (Feb 20, 2015)

rruff said:


> Wow. Where did you get your information?
> 
> He had two choices after spilling the beans. Come back to the US and spend the rest of his life in jail, or seek asylum. Russia was the only place he was safe. When the Bolivian president (while at a meeting in Russia) stated that Snowden might be allowed asylum, his plane was redirected and searched on the way home. So ya... leaving Russia could be risky.




This, while true, does not make me trust Snowden's latest reveals.

I mean the guy said that he had papers indicating algorithms such as AES have backdoors.  That would be mindblowing if true.  And he decides to risk it all to leak that Verizon is wiretapping for the government?  Yeah right, the guy is a publicity nut...  and at this point I think anything he says is probably a load of BS.


----------



## rruff (Feb 20, 2015)

R-T-B said:


> I mean the guy said that he had papers indicating algorithms such as AES have backdoors.  That would be mindblowing if true.  And he decides to risk it all to leak that Verizon is wiretapping for the government?  Yeah right, the guy is a publicity nut...  and at this point I think anything he says is probably a load of BS.



Not following you. What is he risking by saying that Verizon is complicit, and why do you think he is a publicity nut?


----------



## R-T-B (Feb 20, 2015)

rruff said:


> Not following you. What is he risking by saying that Verizon is complicit, and why do you think he is a publicity nut?



Because later on after he leaked the initial "Verizon government wirerapping report" he SUDDENLY had all this info on everything the government does, all the way down to SSL and AES being vulnerable.

Why wouldn't he leak that first?  That's the big, disturbing stuff afterall.  I think it's because he never actually had those details.  He's making shit up at this point, IMO.


----------



## FordGT90Concept (Feb 21, 2015)

xfia said:


> I know what you guys are saying and I cant even really disagree but what is just as real is fear and what it does to you and those around you


I fear the government more than I fear the "terrorists" because I feel the wrath of government overreach (e.g. the USA PATRIOT Act which created most of the programs Snowden exposed) but the odds of me ever seeing a terrorist are almost none.  Classic misdirection ploy on the government's behalf: right hand is data mining while the left hand points at a guy in a white or black dress and turban.

You used the phrase "campaign of fear" but those words fit both the "terrorists" and the government.  You'd have to disambiguate that phrase because it is literally interchangeable.




Relayer said:


> Then runs to Russia and hangs with his bud Putin because he's a defender of freedom and justice. lol Snowden is a bloody traitor! He sold out to the Russians. Why is it so hard to connect the dots? There's only 2 dots. He steals top secret info and goes to Russia. The righteous indignation was nothing more than a smoke screen to cover up he's a spy and a traitor.


Watch the Brian Williams interview with Snowden.  He was in Russia because he was on flights from Honolulu to Hong Kong, to Moscow on his way to Ecuador.   The reason why he didn't take a more direct route is because all flights heading East from Hawaii end up in the USA where he could have been caught by US officials.  He had no intention to stay in Moscow but by the time he arrived in Moscow, it was already announced to the world that he's a wanted man.  Any further flights would have likely landed him in prison.  His only option to remain free was to seek asylum in Russia which Putin granted.

The data he had was disseminated before he left Hawaii.  He carried no data out of the country so there was nothing Russia could get from him other than talk.  Snowden, being a trained spy, knew they wouldn't do anything to him because whatever he said couldn't be collaborated with proof; hence, why they leave each other alone.  I'm sure Putin is pleased with what has already transpired though because it certainly gave the USA a black eye.

Snowden's account makes sense in every way.


----------



## R-T-B (Feb 21, 2015)

It might be a little generous to consider him a "trained spy."  He was a NSA contractor.


----------



## Ahhzz (Feb 21, 2015)

R-T-B said:


> It might be a little generous to consider him a "trained spy."  He was a NSA contractor.



What does the NSA do?  _"The *National Security Agency* (*NSA*) is a United States intelligence agency responsible for global monitoring, collection, decoding, translation and analysis of information and data for foreign intelligence and counterintelligence purposes - a discipline known as Signals intelligence (SIGINT). NSA is also charged with protection of U.S. government communications and information systems against penetration and network warfare.[8][9] The agency is authorized to accomplish its mission through clandestine means,[10] among which are bugging electronic systems[11] and allegedly engaging in sabotage through subversive software_"
Sounds like spy work to me. Someone who works for them? Yeah, spy. Call it what you like.

It really sounds like you just want to talk down about anything that puts our government in a bad light, and attempt to discredit statements to the contrary. Which branch of the government do you work for, again?

Back on Topic, Bruce Schneier had a short write up on his site, and references the Ars Technica article, which does have some interesting detail, especially this section 



Spoiler



*Mistakes were made*
No matter how elite a hacking group may be, Raiu said, mistakes are inevitable. Equation Group made several errors that allowed Kaspersky researchers to glean key insights into an operation that went unreported for at least 14 years.

Kaspersky first came upon the Equation Group in March 2014, while researching the Regin software that infected Belgacom and a variety of other targets. In the process, company researchers analyzed a computer located in the Middle East and dubbed the machine "Magnet of Threats" because, in addition to Regin, it was infected by four other highly advanced pieces of malware, including Turla, Careto/Mask, ItaDuke, and Animal Farm. A never-before-seen sample of malware on the computer piqued researchers' interest and turned out to be an EquationDrug module.




Following the discovery, Kaspersky researchers combed through their cloud-based Kaspersky Security Network of exploits and infections reported by AV users and looked for similarities and connections. In the following months, the researchers uncovered additional pieces of malware used by Equation Group as well as the domain names used to host command channels.


Perhaps most costly to the attackers was their failure to renew some of the domains used by these servers. Out of the 300 or so domains used, about 20 were allowed to expire. Kaspersky quickly registered the domains and, over the past ten months, has used them to "sinkhole" the command channels, a process in which researchers monitor incoming connections from Equation Group-infected machines.

One of the most severe renewal failures involved a channel that controlled computers infected by "EquationLaser," an early malware platform abandoned around 2003 when antivirus programs began to detect it. The underlying domain name remained active for years until one day, it didn't; Kaspersky acquired it and EquationLaser-infected machines still report to it.

"It's really surprising to see there are victims around the world infected with this malware from 12 years ago," Raiu said. He continues to see about a dozen infected machines that report from countries that include Russia, Iran, China, and India.


----------



## FordGT90Concept (Feb 21, 2015)

That strongly suggests they've been functionally replaced.  If it took 12 years for Kaspersky to find those, how many more are they missing?


----------



## Caring1 (Feb 21, 2015)

The same Ars Technica article I liked to on page three, but if you read other posts you would have seen that ....


----------



## Ahhzz (Feb 21, 2015)

Caring1 said:


> The same Ars Technica article I liked to on page three, but if you read other posts you would have seen that ....


I _did_ see that, but Bruce commenting on it is new, and I liked the section I "spoiled", so I put that in there


----------



## R-T-B (Feb 22, 2015)

Ahhzz said:


> It really sounds like you just want to talk down aboutanything that puts our government in a bad light, and attempt to discredit statements to the contrary. *Which branch of the government do you work for, again?*



Uh no.  Read my posts again.  I really doubt the government has anything good in mind for us with these programs.  Example

As for which branch of government I work in, it's the unemployed one.   I won't deny I have a background in college cryptography (though I failed to finish my degree, it's a long story).  But my *knowledge* is why I find everything Snowden related (save the verifiable Verizon report) laughable.  It doesn't add up.  I don't like the NSA or administration's policies.  I do laugh at Snowden every chance I get though because the evidence justifies it.

For the record, I'm the kind of person the NSA likely keeps tabs on, not the other way around.  I openly criticize our government and have a background in skills that could be used to disrupt their monitoring programs.  The fact that you accuse me of being a government agent for thinking different than you is frankly, grasping at straws.

As for the spy comment, Snowden strikes me more as a datasorting nerd (god knows USA needs a lot of SQL people to manage that data).  I guess you could call him a spy, but I think the KGB cold-war type "spies" could crack him pretty fast...  and possibly did.


----------



## Jetster (Feb 22, 2015)

http://sputniknews.com/us/20150217/1018397423.html


----------



## Relayer (Feb 22, 2015)

Ahhzz said:


> .......
> 
> yeah.... the NSA is all above-board...
> https://firstlook.org/theintercept/2015/02/19/great-sim-heist/



Newer said they were. I was commenting on Snowden.



rruff said:


> Wow. Where did you get your information?
> 
> He had two choices after spilling the beans. Come back to the US and spend the rest of his life in jail, or seek asylum. Russia was the only place he was safe. When the Bolivian president (while at a meeting in Russia) stated that Snowden might be allowed asylum, his plane was redirected and searched on the way home. So ya... leaving Russia could be risky.



I'm saying it all stinks and it being planned makes more sense than this series of issues out of his control.



FordGT90Concept said:


> Watch the Brian Williams interview with Snowden.  He was in Russia because he was on flights from Honolulu to Hong Kong, to Moscow on his way to Ecuador.   The reason why he didn't take a more direct route is because all flights heading East from Hawaii end up in the USA where he could have been caught by US officials.  He had no intention to stay in Moscow but by the time he arrived in Moscow, it was already announced to the world that he's a wanted man.  Any further flights would have likely landed him in prison.  His only option to remain free was to seek asylum in Russia which Putin granted.
> 
> The data he had was disseminated before he left Hawaii.  He carried no data out of the country so there was nothing Russia could get from him other than talk.  Snowden, being a trained spy, knew they wouldn't do anything to him because whatever he said couldn't be collaborated with proof; hence, why they leave each other alone.  I'm sure Putin is pleased with what has already transpired though because it certainly gave the USA a black eye.
> 
> Snowden's account makes sense in every way.



Only if you want it to. Just like people who think Bush perpetrated 9/11 makes sense to them, and NASA never landed on the moon. It's whatever you want to believe.


If you guys think him moving to Russia shows he has any integrity rather than the opposite I don't know what to say. He's supposed to be concerned with individual rights but seeks asylum in Russia? How does that make sense to anyone? He took secrets and went to Russia. He's a defector not Robin Hood.


----------



## R-T-B (Feb 22, 2015)

Robin hood himself probably wasn't as great as the legend.  People need heroes.  When they lack true heroes, they glorify substitute ones.


----------



## Jetster (Feb 22, 2015)

Here ya go....

http://www.motherjones.com/politics/2013/08/mesh-internet-privacy-nsa-isp

*How to Keep the NSA Out of Your Computer *


----------



## R-T-B (Feb 22, 2015)

Wish my area had something going like that...


----------



## FordGT90Concept (Feb 23, 2015)

Relayer said:


> If you guys think him moving to Russia shows he has any integrity rather than the opposite I don't know what to say. He's supposed to be concerned with individual rights but seeks asylum in Russia? How does that make sense to anyone? He took secrets and went to Russia. He's a defector not Robin Hood.


He had no choice.  Snowden knew Obama would use the Espionage Act against him (like he did to Manning) and that's exactly what happened.  Espionage Act basically jumps straight from whistleblower to treason so he doesn't even get a chance to explain himself (again, like Manning).  His only option was to leave the country and Ecuador was the best option seeing how Julian Assange is doing well there.

He fled because the Obama administration gave him no option to stay.  The Obama administration has an established track record of this.  Daniel Ellsberg, whom leaked the Pentagon Papers, praised Snowden and scolded the administration.  This is the most anti-whistleblower administration in recent memory and it presents itself in many ways from the fouled implementation of Obamacare to the firing of over 900 people from the Veteran's Affairs.  People simply won't talk about problems on record which effectively means journalists can't report on it.


----------



## Relayer (Feb 23, 2015)

FordGT90Concept said:


> He had no choice.  Snowden knew Obama would use the Espionage Act against him (like he did to Manning) and that's exactly what happened.  Espionage Act basically jumps straight from whistleblower to treason so he doesn't even get a chance to explain himself (again, like Manning).  His only option was to leave the country and Ecuador was the best option seeing how Julian Assange is doing well there.
> 
> He fled because the Obama administration gave him no option to stay.  The Obama administration has an established track record of this.  Daniel Ellsberg, whom leaked the Pentagon Papers, praised Snowden and scolded the administration.  This is the most anti-whistleblower administration in recent memory and it presents itself in many ways from the fouled implementation of Obamacare to the firing of over 900 people from the Veteran's Affairs.  People simply won't talk about problems on record which effectively means journalists can't report on it.


People always have choices. Snowden made his. He's sitting there in Russia watching Putin sponsoring overthrows of neighboring governments along the Red Sea acting like he cares that the US is listening to your phone calls. I don't understand why people are so gullible as to believe this stuff.


----------



## Ahhzz (Feb 23, 2015)

FordGT90Concept said:


> He had no choice.  Snowden knew Obama would use the Espionage Act against him (like he did to Manning) and that's exactly what happened.  Espionage Act basically jumps straight from whistleblower to treason so he doesn't even get a chance to explain himself (again, like Manning).  His only option was to leave the country and Ecuador was the best option seeing how Julian Assange is doing well there.
> 
> He fled because the Obama administration gave him no option to stay.  The Obama administration has an established track record of this.  Daniel Ellsberg, whom leaked the Pentagon Papers, praised Snowden and scolded the administration.  This is the most anti-whistleblower administration in recent memory and it presents itself in many ways from the fouled implementation of Obamacare to the firing of over 900 people from the Veteran's Affairs.  People simply won't talk about problems on record which effectively means journalists can't report on it.




http://www.washingtonexaminer.com/m...age-act-to-go-after-reporters/article/2530340

http://www.newsmax.com/Newsfront/charlie-hebdo-survivor-obama/2015/01/25/id/620634/



Relayer said:


> People always have choices. Snowden made his. He's sitting there in Russia watching Putin sponsoring overthrows of neighboring governments along the Red Sea acting like he cares that the US is listening to your phone calls. I don't understand why people are so gullible as to believe this stuff.



I agree. He could have ignored the many violations of the constitution and the laws of this country and not violated the espionage act. He could have chosen to not report what shady deals his government has made to get around the letter of the law. He could have chosen to ignore the bullying tactics the NSA and other government agencies have used to force businesses to ignore personal liberties and freedoms guaranteed under the constitution, with promises of protection, like when Bush had a law passed that protected the Telecom agencies from lawsuits from the shit they pulled after 9/11. He could have chosen to just quit or keep doing the shit-job he was doing, and stayed at home, comfy with his life, his girl, his family. But he didn't. He chose to bring those things to light. And he's sitting in a bully's backyard, hoping the bigger bully doesn't strike a deal with his bully.


----------



## R-T-B (Feb 24, 2015)

Perhaps I've been a little mean to Snowden.  I still think he's full of BS now and on a lot of his reveals, but that's not the point.

I'm actually with you on the "running to Russia".  He didn't have much choice but to settle in Russia.  It was a case of a bad or a worse situation.  I just don't see his reveals following the initial report as even remotely credible.  I think he's trying to look important to the KGB right now more than anything.

And yes, I do respect him for calling the government out.  I just wish the government itself offered more ways to do this within it's own system.  In an ideal world, you wouldn't have to run like that just to tell people about some wrongdoings.  But we don't live in an ideal world.


----------



## Ahhzz (Feb 24, 2015)

R-T-B said:


> Perhaps I've been a little mean to Snowden.  I still think he's full of BS now and on a lot of his reveals, but that's not the point.
> 
> I'm actually with you on the "running to Russia".  He didn't have much choice but to settle in Russia.  It was a case of a bad or a worse situation.  I just don't see his reveals following the initial report as even remotely credible.  I think he's trying to look important to the KGB right now more than anything.
> 
> And yes, I do respect him for calling the government out.  I just wish the government itself offered more ways to do this within it's own system.  In an ideal world, you wouldn't have to run like that just to tell people about some wrongdoings.  But we don't live in an ideal world.


Much respect for an excellent post.


----------



## FordGT90Concept (Feb 24, 2015)

R-T-B said:


> I just don't see his reveals following the initial report as even remotely credible.  I think he's trying to look important to the KGB right now more than anything.


The government didn't deny the existence of any of the programs he revealed.  He's also credible because everything he said has been fact-checked and stood the test.

Snowden's goal in life was to join US special forces but during training, he broke his legs (halo jump if memory serves).  This spelled the end of his special forces ambitions so he went into intelligence instead (CIA, then NSA, if memory serves).  So there's three reasons the KGB doesn't want him:
1) He is American, not Russian.  His loyalties are in doubt.
2) He suffered a major injury that makes him unfit for deployment.
3) He doesn't speak Russian.  He may have learned a few words by now but he is in no way fluent or even passable.


Snowden deliberately did not do many press interviews in the year after the data was leaked.  The reason for this is because he wanted the government's behavior to be the showcase and not him.  He wanted the press to do the investigative research on the programs and tell the story because he didn't want to be the story.


----------



## R-T-B (Feb 24, 2015)

I've read some reveals credited to him in various forums calling everything from AES to SSL into question without much cooreberating evidence.  Those are the kind of things I take with a grain of salt, to say the least.


----------



## Relayer (Feb 25, 2015)

Ahhzz said:


> http://www.washingtonexaminer.com/m...age-act-to-go-after-reporters/article/2530340
> 
> http://www.newsmax.com/Newsfront/charlie-hebdo-survivor-obama/2015/01/25/id/620634/
> 
> ...


I've had my say. There isn't really anything more I can add. If people want to find reasons to accept what he's done *and how he's gone about it* that's fine. For me his actions are pretty cut and dry.

For the record though, I never said he should have ignored anything. Those are your words somehow claiming that's what I meant.


----------



## MrGenius (Mar 6, 2015)

Hmmm...at least some of my paranoid delusions are, as it turns out, based in reality. Imagine that. So I'll say it again, with confidence this time.

*If you are connected to the internet...you are vulnerable! There are backdoors you've never(until just now probably) even heard of! If they want in, they'll get in! And there's nothing you can do about it! Don't pretend like they won't/can't!!!*
*
"They" = Hackers of any/all types or persuasions. 

*


----------



## xorbe (Mar 6, 2015)

Bold font = +5
Enlarged font = +10
They = +15


----------



## MrGenius (Mar 6, 2015)

Spoiler: "Letter to Control about the Big Brother. Tryin' like hard to not blow my cover."


----------



## R-T-B (Mar 7, 2015)

MrGenius said:


> Hmmm...at least some of my paranoid delusions are, as it turns out, based in reality. Imagine that. So I'll say it again, with confidence this time.
> 
> *If you are connected to the internet...you are vulnerable! There are backdoors you've never(until just now probably) even heard of! If they want in, they'll get in! And there's nothing you can do about it! Don't pretend like they won't/can't!!!*
> *
> ...



This is why the first lesson in security class is to make the data harder to get at than it's value.

If they want it, yes they can get it.  But who wants to spend 10 years looking for an obscure buffer overflow attack to get at your porn library?  No one, that's who.

This is precisely why good security is still relevant, even if not impervious to hacking.


----------



## FordGT90Concept (Mar 7, 2015)

R-T-B said:


> I've read some reveals credited to him in various forums calling everything from AES to SSL into question without much cooreberating evidence.  Those are the kind of things I take with a grain of salt, to say the least.


Because all of the material was leaked to the press, not public.  They have to authenticate it and purge it of sensitive information (like people) so what does get published ends up very truncated.  It is doubtful the documents he leaked will ever go public.

I know sources at The Guardian (US branch) and New York Times both received documents from Snowden.  What you've heard about AES/SSL may be true:
http://www.zdnet.com/article/has-the-nsa-broken-ssl-tls-aes/
In short, Snowden didn't spell it out like he did on the data collection programs.  He released information mostly from British sources that "vast amounts of encrypted internet data which have up till now been discarded are now exploitable" speaking of the NSA.  "Vast" could only mean SSL/AES.  It is not known if that includes TLS.  Or maybe they were talking about TLS and not AES?  We don't know.


Security?  Relevant:








Point: 10 years from now, likely all data called "secure" today will be vastly considered insecure.  Security is merely an illusion especially where digital is concerned.


----------



## GLD (Mar 7, 2015)

I think I could make 5 Wiki pages from the spew in this thread.


----------



## R-T-B (Mar 7, 2015)

> Point: 10 years from now, likely all data called "secure" today will be vastly considered insecure.


Indeed.  That's pretty much the second lesson in a college security class.



> Security is merely an illusion especially where digital is concerned.



True, but that doesn't make it irrelevant or useless.  See the "first lesson of security" in my post above.


----------



## Haytch (Jun 9, 2015)

Sorry for the late post, I didn't notice this article.  Ummm, didn't this happen already in 2000, and then again in 2002, 2005, 2007, 2008, 2010 and then 2012 ?


----------



## Caring1 (Jun 9, 2015)

Yes, and they have done it with Routers and Modems too.


----------



## qubit (Jun 9, 2015)

Caring1 said:


> Yes, and they have done it with Routers and Modems too.


If they've backdoored network cards, CPUs and chipsets then even one of those hardened Linux DIY firewalls such as IPCop won't be secure from them.

I have no evidence either way, but I wouldn't be surprised if there's some revelation about this one day.


----------



## Steevo (Jun 10, 2015)

Frick said:


> It's part of a larger thing. It also controls what is booting.




Nope, the motherboard BIOS controls the boot, Int13 http://en.wikipedia.org/wiki/INT_13H controlled/controls it, when the disk specified as the boot disk, or attached to the specified channel is queried and told to lad the code at the location provided, which is where the operating system, or boot loader reside, and as its loaded the CPU starts to execute the code which once the kernel is up and in system memory, and its threads have loaded their machine configuration and or looked them up from BIOS memory tables, it starts to load the rest of the actual GUI and drivers. 


Even on most UEFI systems a small section of the disk for boot it partitioned off as an acceptable boot partition, such as MBR on Windows, that contains the data required to start the actual software boot. 

If you are curious get a Hex editor and look at sectors http://en.wikipedia.org/wiki/Boot_sector and depending on how you look at it you can then determine what is being loaded. 


But back to drive BIOS, how does it get transferred out of the PC to the NSA? By IP, and the OS and every major and customer hardware manufacturer is allowing this and not letting users see it? Or by some unknown pins even though people test and tweak systems and watch hardware input and output constantly? Or by voodoo magic?


Do I think it is happening? Yep

By the method described? Nope. 

Specifically built hack firmware that is being released on machines built for use in some areas where they may not get access to others? Most likely. 

Iran wants to buy servers, they have no manufacturing there, but Dell will sell them, and they report to the NSA or whoever about what they are selling, machines get loaded with a motherboard BIOS that allows low level access to the drives that the OS is unaware of, and either copies bits and pieces of the drive contents to a remote server, or causes corruption issues occasionally that they have to send techs in, or drives out and they are copied then.


----------

