Report: NSA Hacked Hard Drive Firmware for Spying

The US government has been accused of embedding spyware directly onto hard drives using secret manufacturer information. Russian security software manufacturer Kaspersky Lab made the claims, and stem from its efforts to find and eliminate malicious software. Kaspersky says officials appear to have only used the spyware to target specific, foreign-based individuals.

Kaspersky says that the spyware is part of an operation controlled by the National Security Agency (NSA), under the name Equation Group. It claims the NSA figured out how to put spying software in the firmware of hard drives made by the likes of Seagate, Toshiba and Western Digital. (Source: cbc.ca)

Device Firmware Among Prime Hacker Prizes

Firmware is software directly embedded into a device which allows it to operate. With hard drives, the firmware is completely separate from the operating system (Windows), or any programs which run under the operating system. Hackers highly prize the ability to access device firmware, as it runs whenever the relevant device is powered on, and is often not seen by antivirus or antimalware programs.

In this case, the compromised hard drive firmware would have run before Windows or any antivirus started up. That would give the spies almost unlimited abilities to access data and activity on the computer without being noticed.

It's not known exactly how many hard drives were compromised, though it's suggested that the Equation Group has been operating for the last 14 years. The operation appears to have been a highly targeted, as the computers Kaspersky discovered to be infected were concentrated in countries known to be of particular interest to US intelligence. The affected countries include Iran, Russia and China, and were mainly based in organizations such as government, military, financial and telecommunications groups.

The move is still likely to be hugely controversial, as it may have created the risk of criminals getting access to the hacked firmware and being able to steal personal data from the wider population. The hacked firmware follows the Stuxnet case, where the US and Israeli government reportedly created and spread malicious software across millions of Windows computers with the specific aim of targeting machines operating Iranian nuclear equipment.

Spies May Have Accessed Source Code

The NSA refuses to comment on the claims, though Reuters says a former NSA employee has confirmed they are broadly correct. (Source: reuters.com)

Technical experts say the only way somebody could hack the firmware would be with access to the hard drive source code, which controls how the hard drive operates on a low level. Such code is considered highly confidential and a major commercial asset.

No hard drive manufacturer has publicly confirmed supplying source code to the NSA. One theory is that officials may have said they wanted to use particular manufacturers as a government supplier, and demanded access to the source code under the guise of carrying out a security audit.

What's Your Opinion?

Do you believe it's likely that the US government is responsible for embedding spyware directly onto hard drives using secret manufacturer information? If so, do you think it is a legitimate cyber security operation, or does it go too far and put ordinary computer users at risk?