Did the NSA embed spyware in your computer?

A new report by Russian research firm Kaspersky Lab says the United States has found a way to hide spyware in almost any hard drive built by the world’s top computer manufacturers.

Patrick Semansky/AP Photo/File
This June 6, 2013 file photo shows a sign outside the National Security Agency (NSA) campus in Fort Meade, Md. In a report released Feb. 16, Moscow-based cybersecurity firm Kaspersky Lab makes a veiled reference to the NSA as the agency behind a global espionage campaign that embeds spyware into the hard drives of target computers.

The United States has figured out how to bug hard drives built by the world’s top computer manufacturers, giving it the ability to spy on and sabotage computers and networks in countries targeted by American intelligence agencies, a report by a Russian cybersecurity firm has found.

Five hundred infections in more 30 countries have been documented by Moscow-based Kaspersky Lab, with the highest levels of infection reported in Iran, Russia, Pakistan, and Afghanistan. Manufacturers Western Digital Technologies, Samsung Electronics, and Seagate Technology are among the top brand names affected worldwide.

Kaspersky announced its findings Monday at a security summit in Cancun, Mexico. The firm did not quite point the finger at the National Security Agency, instead naming the threat actor the “Equation” group, for its members’ affinity for “encryption algorithms and obfuscation strategies.”

But the report did claim that the spying campaign, which goes back as far as 2001, is linked to the origins of other, older NSA-led cyber weapons such as Stuxnet and the Flame malware platform.

The difference is that this new technology allows the Equation group to embed malicious software into a computer’s firmware – the built-in code that governs a device's basic functions – according to Kaspersky’s report.

This makes the spyware – which creates what UK-based tech site Ars Technica calls a “secret storage vault” that survives "military-grade disk wiping and formatting" – almost impossible to detect or remove. It also allows the software “to infect the computer over and over," Kaspersky threat researcher Costin Raiu told Reuters.

Source: "Equation Group: Questions and Answers," Kaspersky Lab. 2015.

Implanting the spyware requires access to manufacturers' proprietary source code that controls a computer’s hard drive, which is impossible to do with publicly available data, Mr. Raiu said.

While it’s not yet clear how the NSA could have laid hands on that information, some former operatives told Reuters that the agency sometimes poses as a software developer that needs to make sure software is secure in order to gain access to source code.

The NSA has declined to comment on allegations in the Kaspersky report, according to Reuters.

Kaspersky’s revelations come just days after another document from NSA whistleblower Edward Snowden’s cache was made public. The document, published Feb. 11 by The Intercept, reveals that security researchers fear that Iran and other US adversaries are improving their cyber weapons by learning from cyber attacks launched against them.

“Iran… has demonstrated a clear ability to learn from the capabilities and actions of others,” according the document.

These latest revelations could also have an impact similar to the backlash that resulted after Mr. Snowden leaked NSA documents in 2013, Reuters reported. Sales of US technology products slowed amid suspicion of NSA surveillance shortly after Snowden leaked a trove of confidential NSA information to the media.

Peter Swire, a member of President Barack Obama's Review Group on Intelligence and Communications Technology, told the wire service that before using its knowledge of software flaws for gathering intelligence, the US needs to consider how such actions would affect trade and foreign relations.

"There can be serious negative effects on other US interests," Mr. Swire said.

You've read  of  free articles. Subscribe to continue.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.