H L Data Storage Store Banner 970x90
Breaking News

Klipsch announces the debut of its new Reference series speakers Sony WH-1000XM5 wireless headphones get latest noise canceling tech A Huge Step for Unprecedented Compatibility, MSI 300-series Motherboards Are Ready to Support Zen 3 Processors with AGESA Combo PI V2 1.2.0.7 A brand-new look for Android Auto TerraMaster Launches Partner Program Along with 9 New Professional NAS Products

logo

  • Share Us
    • Facebook
    • Twitter
  • Home
  • Home
  • News
  • Reviews
  • Forum
  • Legacy
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map

Search form

Spying Program Was Stored Within Popular Hard Disk Drives

Spying Program Was Stored Within Popular Hard Disk Drives

Enterprise & IT Feb 16,2015 0

Security software maker Kaspersky has exposed a series of Western cyberespionage operations, including the injection of a spying software barried deep within hard drives made by Western Digital, Seagate, Toshiba and other top manufacturers, giving NSA the means to eavesdrop on computers. The firm declined to publicly name the country behind the spying campaign, but said it was closely linked to Stuxnet, the "cyberweapon" used by the NSA, the agency responsible for gathering electronic intelligence on behalf of the United States. Kaspersky gave the name "Equation group" to the creators of thes spying tools. The name was was given because of their preference for sophisticated encryption schemes.

The Equation group has many codenames for their tools and implants, Kaspersky said. But perhaps the most powerful tool in the Equation group's arsenal is a mysterious module that allows them to reprogram the hard drive firmware of over a dozen different hard drive brands, including Seagate, Western Digital, Toshiba, Maxtor and IBM.

Obviously, disk drive firmware is the second-most valuable real estate on a PC for a hacker, second only to the BIOS code invoked automatically as a computer boots up. As you realize, the hardware would infect the computer over and over, and the malware's persistence helps to survive disk formatting and OS reinstallation.

In addition, the malware was able to create an invisible, persistent area hidden inside the hard drive. It was used to save exfiltrated information which can be later retrieved by the attackers, according to Costin Raiu, Director of the Global Research and Analysis Team at Kaspersky Lab.

In order to create such a sophisticated spying sofwtare, authors of the spying programs must have had access to the proprietary source code that directs the actions of the hard drives. That code can serve as a roadmap to vulnerabilities, allowing those who study it to launch attacks much more easily.

Western Digital, Seagate and Micron said they had no knowledge of these spying programs. Toshiba and Samsung declined to comment.

Kaspersky said it found personal computers in 30 countries infected with one or more of the spying programs, with the most infections seen in Iran, followed by Russia, Pakistan, Afghanistan, China, Mali, Syria, Yemen and Algeria. The targets included government and military institutions, telecommunication companies, banks, energy companies, nuclear researchers, media, and Islamic activists, Kaspersky said.

NSA has declined to comment.

The group used a variety of means to spread other spying programs, such as by compromising jihadist websites, infecting USB sticks and CDs, and developing a self-spreading computer worm called Fanny, Kasperky said.

Presumably compiled in July 2008, Fanny was first observed in December 2008. Fanny used two zero-day exploits, which were later uncovered during the discovery of Stuxnet. To spread, it used the Stuxnet LNK exploit and USB sticks. For escalation of privilege, Fanny used a vulnerability patched by the Microsoft bulletin MS09-025, which was also used in one of the early versions of Stuxnet from 2009.

The main purpose of the Fanny worm was to map air-gapped networks, in other words – to understand the topology of a network that cannot be reached, and to execute commands to those isolated systems. For this, it used a unique USB-based command and control mechanism which allowed the attackers to pass data back and forth from air-gapped networks.

Tags: trojansnsa
Previous Post
Sony SmartEyeglass Developer Edition SED-E1 Available In March
Next Post
Internet Explorer To Support HTTP Strict Transport Security Protocol

Related Posts

  • Microsoft Releases Critical Windows Security Pathes Discovered by U.S. NSA

  • Cybercriminals Use Popular TV Shows to Spread Malware

  • New Trojan Found Nested in Sofwtare From Pirate Bay

  • NSA Could End Phone Surveillance Program

  • Android Trojan Steals Money From PayPal Accounts

  • Congress Votes to Extend NSA Spying

  • NSA Oultines New Telephone Spying Program

  • Android Trojan Steals Passwords Sent Through Voice Calls

H L Data Storage Store Banner 300x600

 

Latest News

Klipsch announces the debut of its new Reference series speakers
Consumer Electronics

Klipsch announces the debut of its new Reference series speakers

Sony WH-1000XM5 wireless headphones get latest noise canceling tech
Consumer Electronics

Sony WH-1000XM5 wireless headphones get latest noise canceling tech

A Huge Step for Unprecedented Compatibility, MSI 300-series Motherboards Are Ready to Support Zen 3 Processors with AGESA Combo PI V2 1.2.0.7
PC components

A Huge Step for Unprecedented Compatibility, MSI 300-series Motherboards Are Ready to Support Zen 3 Processors with AGESA Combo PI V2 1.2.0.7

A brand-new look for Android Auto
Consumer Electronics

A brand-new look for Android Auto

TerraMaster Launches Partner Program Along with 9 New Professional NAS Products
Enterprise & IT

TerraMaster Launches Partner Program Along with 9 New Professional NAS Products

Popular Reviews

CeBIT 2005

CeBIT 2005

CeBIT 2006

CeBIT 2006

Zidoo Z9S 4K Media Player review

Zidoo Z9S 4K Media Player review

LiteOn iHBS112 review

LiteOn iHBS112 review

Club3D HD3850

Club3D HD3850

Pioneer BDR-2207 (BDR-207M) BDXL burner review

Pioneer BDR-2207 (BDR-207M) BDXL burner review

External USB Slim Recorders Comparison

External USB Slim Recorders Comparison

Crucial P1 NVMe 1TB SSD review

Crucial P1 NVMe 1TB SSD review

  • Home
  • News
  • Reviews
  • Forum
  • Legacy
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map
  • About
  • Privacy
  • Contact Us
  • Promotional Opportunities @ CdrInfo.com
  • Advertise on out site
  • Submit your News to our site
  • RSS Feed