Breaking News

Meet the $2,000 Galaxy Fold, Galaxy S10 Series of Smartphones, Galaxy Watch Active, Galaxy Fit and Galaxy Buds Huawei Announced Modular Equipment for Outdoor 5G Deployments Google Says Not Disclosing the Microphone in Nest Secure Was a Mistake Facebook App Lets Android Users Block Location Data Musk Says Tesla's Self-Driving System Coming by the End of the Year

logo

  • Share Us
    • Facebook
    • Twitter
  • Home
  • Home
  • News
  • Reviews
  • Legacy
    • Media Tests
    • DVD Media Formats

    • Glossary
    • FAQ
    • Firmware
    • Drivers
    • BIOS
    • Software
  • Forum
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map

Search form

Spying Program Was Stored Within Popular Hard Disk Drives

Spying Program Was Stored Within Popular Hard Disk Drives

Enterprise & IT Feb 16,2015 0

Security software maker Kaspersky has exposed a series of Western cyberespionage operations, including the injection of a spying software barried deep within hard drives made by Western Digital, Seagate, Toshiba and other top manufacturers, giving NSA the means to eavesdrop on computers. The firm declined to publicly name the country behind the spying campaign, but said it was closely linked to Stuxnet, the "cyberweapon" used by the NSA, the agency responsible for gathering electronic intelligence on behalf of the United States. Kaspersky gave the name "Equation group" to the creators of thes spying tools. The name was was given because of their preference for sophisticated encryption schemes.

The Equation group has many codenames for their tools and implants, Kaspersky said. But perhaps the most powerful tool in the Equation group's arsenal is a mysterious module that allows them to reprogram the hard drive firmware of over a dozen different hard drive brands, including Seagate, Western Digital, Toshiba, Maxtor and IBM.

Obviously, disk drive firmware is the second-most valuable real estate on a PC for a hacker, second only to the BIOS code invoked automatically as a computer boots up. As you realize, the hardware would infect the computer over and over, and the malware's persistence helps to survive disk formatting and OS reinstallation.

In addition, the malware was able to create an invisible, persistent area hidden inside the hard drive. It was used to save exfiltrated information which can be later retrieved by the attackers, according to Costin Raiu, Director of the Global Research and Analysis Team at Kaspersky Lab.

In order to create such a sophisticated spying sofwtare, authors of the spying programs must have had access to the proprietary source code that directs the actions of the hard drives. That code can serve as a roadmap to vulnerabilities, allowing those who study it to launch attacks much more easily.

Western Digital, Seagate and Micron said they had no knowledge of these spying programs. Toshiba and Samsung declined to comment.

Kaspersky said it found personal computers in 30 countries infected with one or more of the spying programs, with the most infections seen in Iran, followed by Russia, Pakistan, Afghanistan, China, Mali, Syria, Yemen and Algeria. The targets included government and military institutions, telecommunication companies, banks, energy companies, nuclear researchers, media, and Islamic activists, Kaspersky said.

NSA has declined to comment.

The group used a variety of means to spread other spying programs, such as by compromising jihadist websites, infecting USB sticks and CDs, and developing a self-spreading computer worm called Fanny, Kasperky said.

Presumably compiled in July 2008, Fanny was first observed in December 2008. Fanny used two zero-day exploits, which were later uncovered during the discovery of Stuxnet. To spread, it used the Stuxnet LNK exploit and USB sticks. For escalation of privilege, Fanny used a vulnerability patched by the Microsoft bulletin MS09-025, which was also used in one of the early versions of Stuxnet from 2009.

The main purpose of the Fanny worm was to map air-gapped networks, in other words – to understand the topology of a network that cannot be reached, and to execute commands to those isolated systems. For this, it used a unique USB-based command and control mechanism which allowed the attackers to pass data back and forth from air-gapped networks.

Tags: trojansnsa
Previous Post
Sony SmartEyeglass Developer Edition SED-E1 Available In March
Next Post
Internet Explorer To Support HTTP Strict Transport Security Protocol

Related Posts

  • Android Trojan Steals Money From PayPal Accounts

  • Congress Votes to Extend NSA Spying

  • NSA Oultines New Telephone Spying Program

  • Android Trojan Steals Passwords Sent Through Voice Calls

  • NSA's Phone Surveillance Program Changes

  • NSA Ordered to Stop Collecting Plaintiffs' Phone Records

  • NSA Was Targetting Google Play

  • US House Approves Bill Ending NSA Bulk Data Collection

0 Comments

Leave a Reply

More information about text formats

Filtered HTML

  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <blockquote> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.

BBCode

  • No HTML tags allowed.
  • You may use these tags: [abbr], [acronym], [b], [center], [code], [color], [define], [font], [h1], [h2], [h3], [h4], [h5], [h6], [hr], [i], [img], [justify], [left], [list], [node], [php], [quote], [right], [s], [size], [sub], [sup], [u], [url], [wikipedia], [youtube], [align], [link], [ol], [ul]
  • Lines and paragraphs break automatically.
CAPTCHA
This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.
Image CAPTCHA
Enter the characters shown in the image.

Latest News

Meet the $2,000 Galaxy Fold, Galaxy S10 Series of Smartphones, Galaxy Watch Active, Galaxy Fit and Galaxy Buds
Smartphones

Meet the $2,000 Galaxy Fold, Galaxy S10 Series of Smartphones, Galaxy Watch Active, Galaxy Fit and Galaxy Buds

Huawei Announced Modular Equipment for Outdoor 5G Deployments
Enterprise & IT

Huawei Announced Modular Equipment for Outdoor 5G Deployments

Google Says Not Disclosing the Microphone in Nest Secure Was a Mistake
Consumer Electronics

Google Says Not Disclosing the Microphone in Nest Secure Was a Mistake

Facebook App Lets Android Users Block Location Data
Enterprise & IT

Facebook App Lets Android Users Block Location Data

Musk Says Tesla's Self-Driving System Coming by the End of the Year
Enterprise & IT

Musk Says Tesla's Self-Driving System Coming by the End of the Year

Popular Reviews

Zidoo Z9S 4K Media Player review

Zidoo Z9S 4K Media Player review

CeBIT 2005

CeBIT 2005

Akasa Elite HDD Case

Akasa Elite HDD Case

CeBIT 2006

CeBIT 2006

Club3D HD3850

Club3D HD3850

LiteOn iHBS112 review

LiteOn iHBS112 review

Nvidia GeForce RTX 2080 Ti and GeForce 2080 Founder's Edition review

Nvidia GeForce RTX 2080 Ti and GeForce 2080 Founder's Edition review

Sony NS955 DVD Player

Sony NS955 DVD Player

  • Home
  • News
  • Reviews
  • Legacy
    • Media Tests
    • DVD Media Formats

    • Glossary
    • FAQ
    • Firmware
    • Drivers
    • BIOS
    • Software
  • Forum
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map
  • About
  • Privacy
  • Contact Us
  • Promotional Opportunities @ CdrInfo.com
  • Advertise on out site
  • Submit your News to our site
  • RSS Feed