Thursday 21 September 2017

US 'hiding spyware in computer hard drives'

Edward Snowden: whistleblower
Edward Snowden: whistleblower

Rachael Alexander

The US National Security Agency (NSA) has devised a way of hiding spyware deep within hard drives made by several top manufacturers, giving the agency the means to eavesdrop on the majority of the world's computers, according to cyber researchers and former operatives.

That ability was part of a cluster of spying programmes discovered by Kaspersky Lab, the Moscow-based security software maker that has exposed a series of Western cyberespionage operations.

Kaspersky said it found personal computers in 30 countries infected with one or more of the spying programmes, with the most infections seen in Iran, followed by Russia, Pakistan, Afghanistan, China, Mali, Syria, Yemen and Algeria.

The targets included government and military institutions, telecommunication companies, banks, energy companies, nuclear researchers, media, and Islamic activists, Kaspersky said.

The company declined to name the country behind the spying campaign, but said it was closely linked to Stuxnet, the NSA-led cyberweapon that was used to attack Iran's uranium enrichment facility. The NSA is the agency responsible for gathering electronic intelligence on behalf of the United States.

A former NSA employee told Reuters that Kaspersky's analysis was correct, and that people still in the intelligence agency valued these spying programs as highly as Stuxnet. Another former intelligence operative confirmed that the NSA had developed the prized technique of concealing spyware in hard drives.

The NSA declined to comment. The revelations of powerful new spying tools will harm the reputation of the US overseas, already damaged by massive leaks by Edward Snowden, the former NSA contractor, and increase suspicion of Western technology.

According to Kaspersky, the spies made a technological breakthrough by figuring out how to lodge malicious software in the obscure code called firmware that launches every time a computer is turned on.

Disc drive firmware is viewed by spies and cybersecurity experts as the second-most valuable real estate on a PC for a hacker, second only to the Bios code invoked automatically as a computer boots up.

Costin Raiu, lead Kaspersky researcher, said: "The hardware will be able to infect the computer over and over."

He said the spies only established full remote control over machines belonging to the most desirable foreign targets.

Kaspersky's reconstructions of the spying programmes show they could work in disc drives sold by more than a dozen companies, comprising essentially the entire market. They include Western Digital Corp, Seagate Technology, Toshiba Corp, IBM, Micron Technology and Samsung Electronics.

Western Digital, Seagate and Micron said they had no knowledge of these spying programmes. Toshiba and Samsung declined to comment. IBM did not respond to requests for comment.

Irish Independent

Editors Choice

Also in World News