![[Coi] Mr.CLuBBeR](./core/images/default/default_avatar_medium.png "[Coi] Mr.CLuBBeR"){kind=avatar}
Tweet
Look who's watchingSecurity outfit Kaspersky Lab has found evidence that the National Security Agency (NSA) may be implanting highly sophisticated malware into the firmware of consumer hard drives where it's not easily detected or removed. Kaspersky's report found custom payloads residing in HDDs from several major brands such as Western Digital, HGST, Seagate, Maxtor, Hitachi, and Toshiba.
The report, which was first discovered by Reuters, also mentioned companies like OCZ, Micron, Corsair, Mushkin, OWC, and Samsung, which may suggest that custom payloads are also present in solid state drives. That would make sense, considering the rise in popularity of SSDs, especially as agencies that might be targets for spying upgrade to newer systems.
Kaspersky isn't pointing the finger at the NSA and instead ties the exploit to a group it refers to as Equation, "a highly sophisticated threat actor that has been engaged in multiple CNE (computer network exploitation) operations dating back to 2001, and perhaps as early as 1996."
According to Kaspersky, the Equation group is one of the most sophisticated cyber attack groups on the planet. It has a penchant for encryption algorithms and obfuscation strategies and routinely uses sophisticated methods throughout its various operations.
Some of the exploits used by Equation are the same or similar to that of the Stuxnet developers. Due to this, Kaspersky says it's likely they're either the same actors or are working closely together, hence the widespread speculation that this is the NSA's doing.
As laid out in the report, the process by which targets are spied on is complex and interesting. In many cases, it begins with an implant Kaspersky calls DoubleFantasy. The implant confirms if a victim is interesting, and if so, the malware is upgraded to the EquationDrug, one of the group's most complex espionage platforms, or GrayFish, which is a later version.
"GrayFish is the most modern and sophisticated malware implant from the Equation group. It is designed to provide an effective (almost 'invisible') persistence mechanism, hidden storage and malicious command execution inside the Windows operating system," Kaspersky explains.
If Kaspersky's information is accurate, it brings the NSA's spying program to a whole new level, as it would have access to the majority of the world's PCs.
You can read the full report here (PDF),
Follow Paul on Google+, Twitter, and Facebook
More...