Posted on 02/17/2015 9:02:27 AM PST by dennisw
The targets included government and military institutions, telecommunication companies, banks, energy companies, nuclear researchers, media, and Islamic activists.
The National Security Agency has figured out how to hide spying software deep within hard drives, allowing them to monitor and eavesdrop on the majority of the world's computers - even when they are not connected to the internet.
This 'surpasses anything known in terms of complexity and sophistication of techniques, and that has been active for almost two decades,' said Kaspersky.
'The hardware will be able to infect the computer over and over,' lead Kaspersky researcher Costin Raiu said in an interview.
According to Kaspersky, the spies made a technological breakthrough by figuring out how to lodge malicious software in the obscure code called firmware that launches every time a computer is turned on.
Disk drive firmware is viewed by spies and cybersecurity experts as the second-most valuable real estate on a PC for a hacker, second only to the BIOS code invoked automatically as a computer boots up.
What's more, even the makers of these hard drives are unaware that these spying programs have been installed, with the NSA obtaining their source codes by going so far as to pose as software developers according to former intelligence operatives, or telling the companies the government must do a security audit to make sure their source code is safe.
The group said it found personal computers in 30 countries infected The most infections were seen in Iran, followed by Russia, Pakistan, Afghanistan, China, Mali, Syria, Yemen and Algeria
The Moscow-based security software maker Kaspersky Lab said it has found personal computers in 30 countries infected with one or more of the spying programs, with the most infections seen in Iran, followed by Russia, Pakistan, Afghanistan, China, Mali, Syria, Yemen and Algeria.
(Excerpt) Read more at dailymail.co.uk ...
I could imagine a number of ways they could compromise a developer so the he would share the source code: money, amnesty from prosecution (legal blackmail), offers of employment, etc. When you print the money and run the prisons all doors are open.
Good one!
A write protect will not defend device firmware, at least not for something like a HDD. I know a former drive engineer, he told me that much of the firmware is actually on the disk, and extensible. He noted that most modern drives remap and move data from rough areas to good areas, all within the controller, transparent to the OS.
What this means, is that if someone knows how to hook the drive controller into code stored on disk, their software can install itself, then hide itself. Drives have had large ram caches for sometime, so probably pretty easy to whittle away a bit of that ram for some underhanded activity in the controller.
Basically there is no practical way for us end users and even engineers to control the entire chain. Many subsystems in the current pc have multiple teams working on just a single subsystem - and that is just the software side. One person to verify and vet all of the software would be impossible, not to mention the hardware itself.
So in digital systems, trust is a very flimsy concept, and it takes only a single line of code to open a hole. There are billions of lines of code in a PC.
Also, I have seen mention of “airgap” security. Wrong. No such thing exists. Modern cpus, gpus, controllers, etc are fast enough that they can create a radio transmitter out of the circuit board they are attach too. Just toggle a line rapidly, and you have a transmitter. Infect the target, have wet assets drive by that office every night with a modem that can grab the radio signal.
Thank you for your post - But you must understand that the above is in and of itself an engineering decision.
There is no real reason not to make card BIOS mechanically protected, outside of the inconvenience of manual switching. I understand BIOS extensibility, and I really do wish it was true that such info was kept on the platters - If it were true, then I should be able to swap cards between hdds (like we did back in the day) to effect repairs and retrieve data.
The size of any BIOS I am aware of can easily fit on on-board chips on the card with plenty of room for BIOS revisions, especially considering the size of flash chips available today. That part (the actual executable programming) should be all that is on the card, and that should, by all, means be protected by jumper.
Look at computer BIOS for comparison - writable to an extent, so extensible, but the actual BIOS itself must be flashed - all on-chip. Controller BIOS is no where near the size of Computer BIOS, and computer BIOS is still quite tiny (if it is still CMOS)
This issue has been coming for a very long time. I can remember this being predicted way back when vid cards started going flash enabled. Shoot, they won't even write protect thumb drives for Pete's sake... That's just dumb.
However, what about vulnerabilities within the firmware itself? There could be malformed sata commands, magic bit sequences, etc. that could very well allow new code to be placed on the platters and hidden from the host OS. Or data to be ferreted away for later retrieval.
So an immutable firmware would close one more door, but there are possibly so many more open.
To me, there is nothing that can mitigate these sorts of risks, barring not using machines. Sometimes, even as a systems software engineer myself, a Frank Herbert Dune-esque future seems positively alluring.
There were rumors that somebody got to some of Saddam's computers this way, through printer firmware IIRC. I do not know if the rumors were true.
Which is why I am a firm advocate of open source software (though finding ASM level programmers to survey it is probably getting pretty hard to do :) One can then predict such vulnerabilities and repair them, with many, many more eyes... It keeps everybody legit. That is the primary reason a nix OS is so much more bullet-proof. Too many people to bribe and too hard to sneak malicious code past many sharp-eyed goalies.
So an immutable firmware would close one more door, but there are possibly so many more open.
But closing what you can is necessarily better than what came before.
Dune-esque future seems positively alluring.
Meh. too much sand and no clearwater streams... not for this mountain boy. ; )
I found this article very informing:
Thanks.
*SHRUGS* ... It has never made sense to me that info-gathering bugs (like adware/spyware) are money generators - who in their right mind would respond to unwanted ads propagating on their desktop by SUPPORTING any one of the companies in the ads? So what they purport to be for cannot be their true purpose. Leave it at this: Information gathering only makes sense as a MEANS if the perpetrator is some sort of uber/hyper control freak governmental entity. So the big picture here has already been around for a long time... JMO, YMMV.
I think the only safe computer was on that island in Lost...but that got smashed...I miss the beeping sound...
Well, gee, Mr. Wizard, do you suppose that at some point the source code was transmitted over the internet?
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.