Millions of computers may be compromised by US spyware - report

[Scubbie]

Millions of computers may be compromised by US spyware - report - Telegraph

Kaspersky researchers and former intelligence officers reveal how spies found way to lodge code on disc drives produced by major electronics manufacturers

The US National Security Agency (NSA) has devised a way of hiding spyware deep within hard drives made by several top manufacturers, giving the agency the means to eavesdrop on the majority of the world's computers, according to cyber researchers and former operatives.

That ability was part of a cluster of spying programmes discovered by Kaspersky Lab, the Moscow-based security software maker that has exposed a series of Western cyberespionage operations.

Kaspersky said it found personal computers in 30 countries infected with one or more of the spying programmes, with the most infections seen in Iran, followed by Russia, Pakistan, Afghanistan, China, Mali, Syria, Yemen and Algeria.

The targets included government and military institutions, telecommunication companies, banks, energy companies, nuclear researchers, media, and Islamic activists, Kaspersky said.

The company declined to name the country behind the spying campaign, but said it was closely linked to Stuxnet, the NSA-led cyberweapon that was used to attack Iran's uranium enrichment facility. The NSA is the agency responsible for gathering electronic intelligence on behalf of the United States.

A former NSA employee told Reuters that Kaspersky's analysis was correct, and that people still in the intelligence agency valued these spying programs as highly as Stuxnet. Another former intelligence operative confirmed that the NSA had developed the prized technique of concealing spyware in hard drives.

The NSA declined to comment.

The revelations of powerful new spying tools will harm the reputation of the US overseas, already damaged by massive leaks by Edward Snowden, the former NSA contractor, and increase suspicion of Western technology.

According to Kaspersky, the spies made a technological breakthrough by figuring out how to lodge malicious software in the obscure code called firmware that launches every time a computer is turned on.

Disc drive firmware is viewed by spies and cybersecurity experts as the second-most valuable real estate on a PC for a hacker, second only to the Bios code invoked automatically as a computer boots up.

Costin Raiu, lead Kaspersky researcher, said: "The hardware will be able to infect the computer over and over."

He said the spies only established full remote control over machines belonging to the most desirable foreign targets.

Kaspersky's reconstructions of the spying programs show they could work in disc drives sold by more than a dozen companies, comprising essentially the entire market. They include Western Digital Corp, Seagate Technology, Toshiba Corp, IBM, Micron Technology and Samsung Electronics.

Western Digital, Seagate and Micron said they had no knowledge of these spying programs. Toshiba and Samsung declined to comment. IBM did not respond to requests for comment.

Comment: After the floods in Thailand a couple of years back, all manufacturing of hard drives was hit, so I would guess that is likely to be where this problem, if true, is originating

[Isitme]

It is hard to see how they would know which drives were going where. If they are 'infecting' drives, then it probably applies to them all and not just those going to other than friendly countries. Possibly they just wake up the virus in targeted countries and leave those going to friendly nations sleeping, but who knows for sure.

Virus embedded in firmware is nothing new, just one example -
https://nakedsecurity.sophos.com/201...ats-the-story/