NSA Hiding Spyware in Hard Drives

[Straight Shooter]

The NSA may be hiding payloads in the firmware of consumer hard drives, according to a new report from Kaspersky Lab. The report tracks a group that researchers have dubbed "Equation," which uses previously undiscovered methods to plant targeted malware in hard drive firmware, where it is difficult to detect or remove. The report found exploits for hard drives made by many of the largest brands in the industry, including Samsung, Western Digital, Seagate, Maxtor, Toshiba and Hitachi. The group is closely tied to Stuxnet, using many overlapping vulnerabilities and techniques over the same time period, and those similarities combined with previously published NSA hard drive exploits have led many to speculate that Encounter may be part of the NSA.

If true, the program would give the NSA unprecedented access to the world's computers, even when disconnected from the larger web. Viruses stored on a hard drive's firmware are typically activated as soon as a device is plugged in, with no further action required. They're also usually undetectable and survive reformatting, making them difficult to detect and remove. In July, independent researchers discovered a similar exploit targeting USB firmware — dubbed BadUSB — but there was no indication of the bugs being developed and deployed at this scale.

It also raises real questions about device manufacturer's complicity in the program. It would take extensive and sustained reverse engineering to successfully rewrite a device's firmware. The NSA would certainly be capable of it, but it's also possible the NSA compelled companies to hand over the firmware code or intercepted it through other means. Reached by Reuters, only Western Digital actively denied sharing source code with the NSA; the other companies declined to comment.

http://www.theverge.com/2015/2/16/8048243/nsa-hard-drive-firmware-virus-stuxnet

At this point news like this doesn't even shock me anymore

 

[Supafly]

I advise: Get a job at any of these agencies. The business seems to be booming, and by doing that, you could at least make kind of sure that you won't be raided, I think.

 

[MustBeGood]

The Patriot Act!

And they preach that America is free!

Yeah right.

"The Patriot act has us watching our backs"

"They lie, they scam, they cheat, and they steal. They plot, they fund, they act, it's real."


Got that NSA stiffs

 

[MustBeGood]

Oh I forgot about this catch phrase echo chamber:

"Either you are with us, or you are with the terrorists"

Neither in my book. You all are fucked up in your politics and greed for the American GOP leaders.

 

[Straight Shooter]

This is terrible for companies like Seagate or WD. Either they were in on this with the NSA, allowing the NSA to have access to the firmware or they were oblivious to it. Either way it's going to hurt their bottom line. No one is going to want to buy a hard drive from any of these companies knowing that it could possibly be infected with spyware planted by the U.S

 

[Rattrap]

At this point news like this doesn't even shock me anymore

This is a problem - it should, or at least continue to be an affront. But you're hardly alone here; it seems most folks have shrugged and accepted this as the status quo. Or, at least that's the perception one would take from the media - but it's hard to say, given that the media has long since stopped following the public discussion, trying instead to drive it.

I advise: Get a job at any of these agencies. The business seems to be booming, and by doing that, you could at least make kind of sure that you won't be raided, I think.

I think if that were ever true, that's definitely over after Snowden.

The Patriot Act!

You all are fucked up in your politics and greed for the American GOP leaders.

The Patriot Act passed the House 357 to 66* and the Senate 98 to 1. President Obama extended it. The two-party owns this in a truly bi-partisan fashion.

People fight tooth and nail over the 2nd, the 1st sees plenty of action, the 14th is seeing its time in the spotlight - yet the outrage at the veritable gang rape of the 4th receives a disproportionately dispassionate response. Is it because it isn't partisan? No easy strawman 'enemy' to point fingers at? Are we so lazy?

This is terrible for companies like Seagate or WD. Either they were in on this with the NSA, allowing the NSA to have access to the firmware or they were oblivious to it. Either way it's going to hurt their bottom line. No one is going to want to buy a hard drive from any of these companies knowing that it could possibly be infected with spyware planted by the U.S

I wonder how much they rely on selling harddrives individually; from this they'll surely lose sales. I doubt they'll feel much of an impact with the drives they sell pre-packaged in machines, though. I don't think most people are that discerning.

* I'm happy to say my representative is among that 66. I wish I could say the same for my Senator (the other's already gone), but at least he's become an outspoken bulwark against the act's excesses in the Senate Committee on Intelligence, though I imagine that's a tough job next to Dianne "Give Away All Your Liberty For Security" Feinstein

 

[bobjustbob]

A typical conspiracy theory. Just look at the wording in the original post:

... may be hiding

... those similarities

... may be part of

If true ...

They're also usually...

... discovered a similar

It also raises real questions about ...

...would certainly be capable of it, but it's also possible

These phrases are used to explain everything from lizard men to moon Jews. If you are worried about this shit then you should have thought about it before you opened your Facebook and twitter account.

 

[D-rock]

This is terrible for companies like Seagate or WD. Either they were in on this with the NSA, allowing the NSA to have access to the firmware or they were oblivious to it. Either way it's going to hurt their bottom line. No one is going to want to buy a hard drive from any of these companies knowing that it could possibly be infected with spyware planted by the U.S

I wouldn't be surprised if some or all of the companies willingly let them have their code.

I could also see a situation where to get any government contracts for their product they had to let the government go over it, especially if it was going to be used for sensitive or national security matters. It wouldn't be totally out of line if those entities could actually be trusted. However, in reality even that's not much better, because lets face it, after they let the government go over their code it's not like people like the NSA are just going to erase that knowledge or not abuse it for their own ends after that.

 

[Johan]

A typical conspiracy theory.

Yeah, it's not as if we already knew that the NSA and the CIA have been spying innocent american citizens and foreign country leaders for years...

 

[Will E Worm]

When are you going to stand up against the tyranny?

 

[bobjustbob]

Yeah, it's not as if we already knew that the NSA and the CIA have been spying innocent american citizens and foreign country leaders for years...

You are 100% right. They already have the means to do this. But let me remind you, each and every one of us allow others to share our personal information. Be it through our banks, retail outlets, subscription services, GPS. Even our searches target ads. This is the trade off we have given to enjoy Interweb. I don't think it would take too long for some geek to discover a government secret malware. They'll expose it and create a block or program to counter it.

 

[Straight Shooter]

These phrases are used to explain everything from lizard men to moon Jews. If you are worried about this shit then you should have thought about it before you opened your Facebook and twitter account.

I don't buy that argument. I know that my information isn't really private when I sign up for a Twitter account or a Facebook account because it's in the terms and conditions(even though none of us ever read them) that you have to agree to. If I don't agree with their terms, I don't have to create an account. But last time i checked I didn't sign anything with the government allowing them to access my information from whatever device whenever they want to

 

[bobjustbob]

I don't buy that argument. I know that my information isn't really private when I sign up for a Twitter account or a Facebook account because it's in the terms and conditions(even though none of us ever read them) that you have to agree to. If I don't agree with their terms, I don't have to create an account. But last time i checked I didn't sign anything with the government allowing them to access my information from whatever device whenever they want to

Yes, I agree with you. I don't remember ever reading anything in "terms of service" agreement mentioning government in anything that I have ever signed onto. These "terms of service" always have some sort of 3rd party clause. We never consider who these 3rd parties are and are never privy to them either. 3rd parties shares also. We weave our own web tracking back to us.

I'll give you a for instance. I got brakes and tires for my car recently. I shopped retailers and service places for the best prices. Don't you know that auto parts and service facilities started swarming every fucking search I do now? I look for a recipe and there is a fucking tire ad. I look for sports results and there is someone selling me mayonnaise. I search directions to a city and I find big titty MILFS that are in the neighborhood that want to meet up with me. It's all out there. Anyone that post a pic on the web knows that it will never go away. We have given up our privacy knowing that we will never get it back.

 

[MustBeGood]

 

[bobjustbob]

What points are you making with that video?