The NSA has reportedly been found to have infected the firmware on hard disks from major manufacturers across the board with spyware, in a shocking campaign which has remained hidden for a decade and a half.
Drives from the likes of Western Digital, Seagate, Toshiba, and other big name disk vendors have had the spying seeds planted in them, giving the NSA a directly link to eavesdrop on, well, most of the computers in the world.
The presence of the spyware was pointed out by security firm Kaspersky, and was corroborated by a former NSA staff member who spoke to Reuters. A second ex-intelligence operative confirmed that the agency has indeed hidden spyware in hard drives, but didn’t know exactly which intelligence efforts relied on the technique.
Kaspersky actually found a number of pieces of spyware software, and noted that it detected infections on PCs in over 30 countries – with the most found in Iran, and Russia, Pakistan, Afghanistan, China, Mali, Syria, Yemen and Algeria. It didn’t actually name the country behind the campaign, just naming the group reponsible as the “Equation group”, but you could probably guess from that list of targets anyway – and Reuters’ sources did the rest.
This affair really isn’t likely to make the NSA or US intelligence gathering in general any more appreciated across the internet – and could lead to consequences for the hard disk vendors, and Western tech manufacturers in general, when it comes to supplying said nations.
Kaspersky stated: “In the coming days, we will publish more details about the Equation group malware and their attacks. The first document to be published will be a general FAQ on the group together with indicators of compromise.”
“By publishing this information, we hope to bring it to the attention of the ITSec community as well as independent researchers, who can extend the understanding of these attacks. The more we investigate such cyber espionage operations, we more we understand how little we actually know about them. Together, we can lift this veil and work towards a more secure (cyber-)world.”
Kaspersky also recently uncovered malware that stole close to £200 million from banks.