National Security Agency.svg

Russian-based Kaspersky Lab has announced its discovery of a program by the NSA to hide spyware within hard drives of top hard drive manufacturers. Kaspersky did not name the country explicitly but said it was the same one that created Stuxnet – an NSA cyberweapon used against Iran. The companies whose hard drives were noted as being part of the hard drive spyware program were Western Digital, Seagate, and Toshiba as well as others.

The Kasperky report claims the firm studied computers found in 30 countries with most infections seen in Iran, Russia, Pakistan, Afghanistan, China, Mali, Syria, Yemen and Algeria. Though given the prevalence of the spyware and the manufacturers the NSA may or may not be directly working with it is likely that a large part of the computers being operated in the world are compromised.

What’s more, because the infection comes from firmware even if the program is caught and destroyed it will be reintroduced once the hard drive is restarted – leading to re-infection ad infinitum.

A former NSA employee told Reuters that Kaspersky’s analysis was correct, and that people still in the intelligence agency valued these spying programs as highly as Stuxnet. Another former intelligence operative confirmed that the NSA had developed the prized technique of concealing spyware in hard drives, but said he did not know which spy efforts relied on it…

According to Kaspersky, the spies made a technological breakthrough by figuring out how to lodge malicious software in the obscure code called firmware that launches every time a computer is turned on. Disk drive firmware is viewed by spies and cybersecurity experts as the second-most valuable real estate on a PC for a hacker, second only to the BIOS code invoked automatically as a computer boots up. “The hardware will be able to infect the computer over and over,” lead Kaspersky researcher Costin Raiu said in an interview.

Not surprisingly the revelations have been met with outrage and renewed calls in various countries around the world to stop importing so much US technology for fear that it is filled with spyware. Silicon Valley must love that.

Though Kaspersky noted that institutions like governments, banks, and media were its primary focus there is no seeming limit as to who was targeted. The NSA has said its goal is to “collect it all” so perhaps the ultimate goal is to have spyware in every possible computer. The problem, of course, is that NSA is already unable to process the oceans of data it is collecting now.

Dan Wright

Dan Wright

Daniel Wright is a longtime blogger and currently writes for Shadowproof. He lives in New Jersey, by choice.