Did the NSA embed spyware in your computer?
A new report by Russian research firm Kaspersky Lab says the United States has found a way to hide spyware in almost any hard drive built by the world’s top computer manufacturers.
This June 6, 2013 file photo shows a sign outside the National Security Agency (NSA) campus in Fort Meade, Md. In a report released Feb. 16, Moscow-based cybersecurity firm Kaspersky Lab makes a veiled reference to the NSA as the agency behind a global espionage campaign that embeds spyware into the hard drives of target computers.
Patrick Semansky/AP Photo/File
The United States has figured out how to bug hard drives built by the world’s top computer manufacturers, giving it the ability to spy on and sabotage computers and networks in countries targeted by American intelligence agencies, a report by a Russian cybersecurity firm has found.
Five hundred infections in more 30 countries have been documented by Moscow-based Kaspersky Lab, with the highest levels of infection reported in Iran, Russia, Pakistan, and Afghanistan. Manufacturers Western Digital Technologies, Samsung Electronics, and Seagate Technology are among the top brand names affected worldwide.
Kaspersky announced its findings Monday at a security summit in Cancun, Mexico. The firm did not quite point the finger at the National Security Agency, instead naming the threat actor the “Equation” group, for its members’ affinity for “encryption algorithms and obfuscation strategies.”
But the report did claim that the spying campaign, which goes back as far as 2001, is linked to the origins of other, older NSA-led cyber weapons such as Stuxnet and the Flame malware platform.
The difference is that this new technology allows the Equation group to embed malicious software into a computer’s firmware – the built-in code that governs a device's basic functions – according to Kaspersky’s report.
This makes the spyware – which creates what UK-based tech site Ars Technica calls a “secret storage vault” that survives "military-grade disk wiping and formatting" – almost impossible to detect or remove. It also allows the software “to infect the computer over and over," Kaspersky threat researcher Costin Raiu told Reuters.
Implanting the spyware requires access to manufacturers' proprietary source code that controls a computer’s hard drive, which is impossible to do with publicly available data, Mr. Raiu said.
While it’s not yet clear how the NSA could have laid hands on that information, some former operatives told Reuters that the agency sometimes poses as a software developer that needs to make sure software is secure in order to gain access to source code.
The NSA has declined to comment on allegations in the Kaspersky report, according to Reuters.
Kaspersky’s revelations come just days after another document from NSA whistleblower Edward Snowden’s cache was made public. The document, published Feb. 11 by The Intercept, reveals that security researchers fear that Iran and other US adversaries are improving their cyber weapons by learning from cyber attacks launched against them.
“Iran… has demonstrated a clear ability to learn from the capabilities and actions of others,” according the document.
These latest revelations could also have an impact similar to the backlash that resulted after Mr. Snowden leaked NSA documents in 2013, Reuters reported. Sales of US technology products slowed amid suspicion of NSA surveillance shortly after Snowden leaked a trove of confidential NSA information to the media.
Peter Swire, a member of President Barack Obama's Review Group on Intelligence and Communications Technology, told the wire service that before using its knowledge of software flaws for gathering intelligence, the US needs to consider how such actions would affect trade and foreign relations.
"There can be serious negative effects on other US interests," Mr. Swire said.