Tuesday, February 17th 2015
NSA Hides Spying Backdoors into Hard Drive Firmware
Russian cyber-security company Kaspersky Labs exposed a breakthrough U.S. spying program, which taps into one of the most widely proliferated PC components - hard drives. With the last 5 years seeing the number of hard drive manufacturing nations reduce from three (Korean Samsung, Japanese Hitachi and Toshiba, and American Seagate and WD) to one (American Seagate or WD), swallowing-up or partnering with Japanese and Korean businesses as US-based subsidiaries or spin-offs such as HGST, a shadow of suspicion has been cast on Seagate and WD.
According to Kaspersky, American cyber-surveillance agency, the NSA, is taking advantage of the centralization of hard-drive manufacturing to the US, by making WD and Seagate embed its spying back-doors straight into the hard-drive firmware, which lets the agency directly access raw data, agnostic of partition method (low-level format), file-system (high-level format), operating system, or even user access-level. Kaspersky says it found PCs in 30 countries with one or more of the spying programs, with the most infections seen in Iran, followed by Russia, Pakistan, Afghanistan, China, Mali, Syria, Yemen and Algeria.
Kaspersky claims that the HDD firmware backdoors are already being used to spy on foreign governments, military organizations, telecom companies, banks, nuclear researchers, the media, and Islamic activities. Kaspersky declined to name the company which designed the malware, but said that it has close ties to the development of Stuxnet, the cyber-weapon used by NSA to destabilize Iran's uranium-enrichment facilities.
Kaspersky claims that the new backdoor is perfect in design. Each time you turn your PC on, the system BIOS loads the firmware of all hardware components onto the system memory, even before the OS is booted. This is when the malware activates, gaining access to critical OS components, probably including network access and file-system. This makes HDD firmware the second most valuable real-estate for hackers, after system BIOS.
Both WD and Seagate denied sharing the source-code of their HDD firmware with any government agency, and maintained that their HDD firmware is designed to prevent tampering or reverse-engineering. Former NSA operatives stated that it's fairly easy for the agency to obtain source-code of critical software. This includes asking directly and posing as a software developer. The government can seek source-code of hard drive firmware by simply telling a manufacturer that it needs to inspect the code to make sure it's clean, before it can buy PCs running their hard-drives.
What is, however, surprising is how "tampered" HDD firmware made it to mass-production. Seagate and WD have manufacturing facilities in countries like Thailand and China, located in high-security zones to prevent intellectual property theft or sabotage. We can't imagine tampered firmware making it to production drives without the companies' collaboration.
Source:
Reuters via Yahoo
According to Kaspersky, American cyber-surveillance agency, the NSA, is taking advantage of the centralization of hard-drive manufacturing to the US, by making WD and Seagate embed its spying back-doors straight into the hard-drive firmware, which lets the agency directly access raw data, agnostic of partition method (low-level format), file-system (high-level format), operating system, or even user access-level. Kaspersky says it found PCs in 30 countries with one or more of the spying programs, with the most infections seen in Iran, followed by Russia, Pakistan, Afghanistan, China, Mali, Syria, Yemen and Algeria.
Kaspersky claims that the new backdoor is perfect in design. Each time you turn your PC on, the system BIOS loads the firmware of all hardware components onto the system memory, even before the OS is booted. This is when the malware activates, gaining access to critical OS components, probably including network access and file-system. This makes HDD firmware the second most valuable real-estate for hackers, after system BIOS.
Both WD and Seagate denied sharing the source-code of their HDD firmware with any government agency, and maintained that their HDD firmware is designed to prevent tampering or reverse-engineering. Former NSA operatives stated that it's fairly easy for the agency to obtain source-code of critical software. This includes asking directly and posing as a software developer. The government can seek source-code of hard drive firmware by simply telling a manufacturer that it needs to inspect the code to make sure it's clean, before it can buy PCs running their hard-drives.
What is, however, surprising is how "tampered" HDD firmware made it to mass-production. Seagate and WD have manufacturing facilities in countries like Thailand and China, located in high-security zones to prevent intellectual property theft or sabotage. We can't imagine tampered firmware making it to production drives without the companies' collaboration.
134 Comments on NSA Hides Spying Backdoors into Hard Drive Firmware
Thank you for this profound post. The NSA is out of control and information exposing its practices is always welcome.
And this story is getting stupid. We dont know who the group is, just that they might be affilated with the NSA somehow. And this is just spying, not blanket surveillance.
Tinfoil hats at the ready everyone!
...in KSP.
Also, this essay, referenced and recommended by Bruce Schneier, one of the top security experts in the field today.
It's a question that's usually asked by those who want to spy on and control the people and is an absolute favourite among tinpot dictators.
hard drives are not secure :eek: not like anything about windows or the internet in general is anyway.. only way your data is actually safe is to unplug the ethernet cable..
government agencies seriously don't care what you do as long as its not illegal plus there is no way for them to manually spy on everyone..
it goes pretty deep if your hard drive is being remotely checked out and you have already been flagged..
What manifesto?
Such as:
Breaching people's privacy.
Finding people's privacy.
Storing people's privacy.
AND
Telling people they have privacy.
I see democracy is still working for us.
It isn't that you don't have anything to hide; it is that they don't have any right to search your property (either physical or intangible) without a justifiable reason.
Anyone not concerned over their own privacy, and the breach of it, is most stupendously ignorant of history. This is a direct attack on one's privacy; a principle that was important enough to be included as a foundational law (4th Amendment). Men fought and died over the right to protect this aspect of their lives among other things.
Furthermore, surveillance is always used in the control of a population by governments who seek to enact sinister activity. Governments will tell you that they are using their tactics to fight "terrorism", and other such nonsense, but really they are the authors of it or have direct association with many of those groups -- a fact that most people are too lazy to investigate or even care about.
Stories like these drag out a lot of ideas to consider, but unfortunately most readers just read it as a topic of the day instead of really considering consequences, context and the past in order to connect some dots.