Tuesday, February 17th 2015
NSA Hides Spying Backdoors into Hard Drive Firmware
Russian cyber-security company Kaspersky Labs exposed a breakthrough U.S. spying program, which taps into one of the most widely proliferated PC components - hard drives. With the last 5 years seeing the number of hard drive manufacturing nations reduce from three (Korean Samsung, Japanese Hitachi and Toshiba, and American Seagate and WD) to one (American Seagate or WD), swallowing-up or partnering with Japanese and Korean businesses as US-based subsidiaries or spin-offs such as HGST, a shadow of suspicion has been cast on Seagate and WD.
According to Kaspersky, American cyber-surveillance agency, the NSA, is taking advantage of the centralization of hard-drive manufacturing to the US, by making WD and Seagate embed its spying back-doors straight into the hard-drive firmware, which lets the agency directly access raw data, agnostic of partition method (low-level format), file-system (high-level format), operating system, or even user access-level. Kaspersky says it found PCs in 30 countries with one or more of the spying programs, with the most infections seen in Iran, followed by Russia, Pakistan, Afghanistan, China, Mali, Syria, Yemen and Algeria.
Kaspersky claims that the HDD firmware backdoors are already being used to spy on foreign governments, military organizations, telecom companies, banks, nuclear researchers, the media, and Islamic activities. Kaspersky declined to name the company which designed the malware, but said that it has close ties to the development of Stuxnet, the cyber-weapon used by NSA to destabilize Iran's uranium-enrichment facilities.
Kaspersky claims that the new backdoor is perfect in design. Each time you turn your PC on, the system BIOS loads the firmware of all hardware components onto the system memory, even before the OS is booted. This is when the malware activates, gaining access to critical OS components, probably including network access and file-system. This makes HDD firmware the second most valuable real-estate for hackers, after system BIOS.
Both WD and Seagate denied sharing the source-code of their HDD firmware with any government agency, and maintained that their HDD firmware is designed to prevent tampering or reverse-engineering. Former NSA operatives stated that it's fairly easy for the agency to obtain source-code of critical software. This includes asking directly and posing as a software developer. The government can seek source-code of hard drive firmware by simply telling a manufacturer that it needs to inspect the code to make sure it's clean, before it can buy PCs running their hard-drives.
What is, however, surprising is how "tampered" HDD firmware made it to mass-production. Seagate and WD have manufacturing facilities in countries like Thailand and China, located in high-security zones to prevent intellectual property theft or sabotage. We can't imagine tampered firmware making it to production drives without the companies' collaboration.
Source:
Reuters via Yahoo
According to Kaspersky, American cyber-surveillance agency, the NSA, is taking advantage of the centralization of hard-drive manufacturing to the US, by making WD and Seagate embed its spying back-doors straight into the hard-drive firmware, which lets the agency directly access raw data, agnostic of partition method (low-level format), file-system (high-level format), operating system, or even user access-level. Kaspersky says it found PCs in 30 countries with one or more of the spying programs, with the most infections seen in Iran, followed by Russia, Pakistan, Afghanistan, China, Mali, Syria, Yemen and Algeria.
Kaspersky claims that the new backdoor is perfect in design. Each time you turn your PC on, the system BIOS loads the firmware of all hardware components onto the system memory, even before the OS is booted. This is when the malware activates, gaining access to critical OS components, probably including network access and file-system. This makes HDD firmware the second most valuable real-estate for hackers, after system BIOS.
Both WD and Seagate denied sharing the source-code of their HDD firmware with any government agency, and maintained that their HDD firmware is designed to prevent tampering or reverse-engineering. Former NSA operatives stated that it's fairly easy for the agency to obtain source-code of critical software. This includes asking directly and posing as a software developer. The government can seek source-code of hard drive firmware by simply telling a manufacturer that it needs to inspect the code to make sure it's clean, before it can buy PCs running their hard-drives.
What is, however, surprising is how "tampered" HDD firmware made it to mass-production. Seagate and WD have manufacturing facilities in countries like Thailand and China, located in high-security zones to prevent intellectual property theft or sabotage. We can't imagine tampered firmware making it to production drives without the companies' collaboration.
134 Comments on NSA Hides Spying Backdoors into Hard Drive Firmware
So would one have to flash the drive/firmware/BIOS ??? to get rid of any crap hiding?
This news just doesn't surprise me. Maybe this will push more people to buy SSDs from Asian companies? That's if they are any safer from espionage.
Chinese government and PLA use only SSDs in their PCs, and that too only from select China-based companies such as Renice, Runcore, etc., so they have control over the firmware.
EDIT: It seems SandForce was acquired by LSI Corp./Avago Technologies, whose SSD controller division was in turn acquired by Seagate. Hmm...
Your government has your dirt. That's what should scare you.
It's strange how people can see the threat in something like this but not from the organizations that are targeted. Maybe if you lived in Israel, you'd feel differently?
Sigh...
Go there and wave some cash in front of one of the workers before they commit suicide and you'll get all the tampering you need.
Seriously, they have mad skills. Not sure Kaspersky said in plain speech it was the NSA as such.Kaspersky =! Russia. And read the Ars article, it's massively interesting. Also read up on Stuxnet and Flame to get an idea of just what they can do.
EDIT: Ok I've read the thing now, and
1) The group has ties to NSA, but no one has said it's the NSA itself, especially not Kaspersky who dubbed them Equation Group.
2) It seems they do the attacks in the wild, meaning a) the factories are not compromised and b) holy shit they can rewrite the HDD firmware in the wild.
EDIT
securelist.com/files/2015/02/Equation_group_questions_and_answers.pdf
The report itself.
each one of us can be identified by any tracks of mail, telephone call, messages, fb, twitter, and other
so everyone is visible
The same warnings have been given previously about the mass of cheap phones being produced in China, they are watching and listening to the west.
Go and take a look at Tek sindacate and see what crazy sociopath they are.
or they release standard that has a backdoor to manufactures so they can exploit it in the future