VPN Articles and News

NSA Planted Spyware Into Hard Drives Made By Top Manufacturers

By Paul Liu
Saturday, July 11th, 2015

The US intelligence agency NSA has discovered a way to plant a super-advanced spyware into the hard drives manufactured by top hardware companies, a new report published by Russia based Kaspersky Lab has said. As it can be imagined, this is indeed an ingenious way of spying on others since no one would suspect that a brand new empty hard drive would contain such a dangerous piece of software.

As per the report published by the security group, the spyware was found in hard drives manufactured by over a dozen different companies including some of the leading names in the business such as IBM, Western Digital Corp, Samsung Electronics, Seagate Technology Plc and Toshiba Corp. Kaspersky also said that the spyware seemed to target only specific people, institutions and countries. Out of the 30 countries where its presence was found, the maximum number of infections occurred in government institutions, telecom organizations, military installations, energy companies, banks and financial institutions as well as computers of nuclear researchers and political activists based in Iran, Russia, China, Pakistan, Syria, Algeria, Yemen, Afghanistan and Mali.

The spyware apparently works by infecting the firmware of hard disk drives. Firmware is nothing but a combination of hardware and software instructions that is used in many hardware devices. After infiltrating into the firmware, the spyware reprograms it and creates a hidden location within the drive that could only be accessed by supplying a secret key. And once the program infects a hard disk, it cannot be removed by conventional methods (not even by formatting). Kaspersky has even said that destroying the infected hard disk is the only way to get rid of the program.

While Kaspersky refused to speculate which country could be behind the spying campaign, it did reveal that the spyware seems to be the handiwork of “the Equation group”, the secretive espionage group linked to the NSA which has created over 500 malwares that have been distributed in over 40 countries. The security company also said that the spyware appeared to be closely linked to Stuxnet, one of the most sophisticated industrial espionage worms ever created which was used to target the nuclear facilities of Iran in 2010.

A couple of former NSA employees have agreed with the findings of Kaspersky without revealing their identities. While one of the former intelligence officers admitted that the spy agency had indeed created a technique of planting spywares into hard disk drives, the second one said that the intelligence agency considered these initiatives as extremely important.

It is still not clear how NSA managed to get the source code of hard drives manufactured by so many different companies. Western Digital has said that it did not supply its source code to the intelligence agency while representatives from Seagate and Micron have said that they take the security of their products extremely seriously and have deployed security measures to prevent reverse engineering and tampering of their products. The whole episode once again shows that NSA is hell bent on spying on others no matter what the consequences.