Posted on 02/17/2015 9:02:27 AM PST by dennisw
The targets included government and military institutions, telecommunication companies, banks, energy companies, nuclear researchers, media, and Islamic activists.
The National Security Agency has figured out how to hide spying software deep within hard drives, allowing them to monitor and eavesdrop on the majority of the world's computers - even when they are not connected to the internet.
This 'surpasses anything known in terms of complexity and sophistication of techniques, and that has been active for almost two decades,' said Kaspersky.
'The hardware will be able to infect the computer over and over,' lead Kaspersky researcher Costin Raiu said in an interview.
According to Kaspersky, the spies made a technological breakthrough by figuring out how to lodge malicious software in the obscure code called firmware that launches every time a computer is turned on.
Disk drive firmware is viewed by spies and cybersecurity experts as the second-most valuable real estate on a PC for a hacker, second only to the BIOS code invoked automatically as a computer boots up.
What's more, even the makers of these hard drives are unaware that these spying programs have been installed, with the NSA obtaining their source codes by going so far as to pose as software developers according to former intelligence operatives, or telling the companies the government must do a security audit to make sure their source code is safe.
The group said it found personal computers in 30 countries infected The most infections were seen in Iran, followed by Russia, Pakistan, Afghanistan, China, Mali, Syria, Yemen and Algeria
The Moscow-based security software maker Kaspersky Lab said it has found personal computers in 30 countries infected with one or more of the spying programs, with the most infections seen in Iran, followed by Russia, Pakistan, Afghanistan, China, Mali, Syria, Yemen and Algeria.
(Excerpt) Read more at dailymail.co.uk ...
Rockwell - Somebody’s Watching Me
https://www.youtube.com/watch?v=7bQwin3Vv0k
They can do it with foreign companies, too ... :-) ...
Putin is our equivalent to Emmanuel Goldstein.
The Russians are now spying on you ... LOL ...
Got some ‘puters that have NEVER been online, no need.
Perty tough for em “call home” and I guess those with Samsung drives (old ones 160GB) have been waiting a long, long time...if they have any spyware at all, that is.
Something like that would not be detectable in the standard ways that we deal with software on our computers. This would be highly specialized and outside of any standard operation of computers that we’re used to.
Are there any smart software folks out there willing to go in on a free software program called “Big Brother Watcher”? The point is not to stop the intrusion, but rather to see it working on each person’s machine... ;-)
This sounds like job for, Steve Gibson.
I guess hes still around...
I am not sure from the article when this exploit occurs. Are they saying that if I buy a WD hard drive the code is already embedded in the firmware before I open the box (ie. corrupted before it leaves the factory) or does it occur online? If it’s the latter then the solution is to have a computer or harddrive that you never connect online from day one in addition to your online computer. If they corrupt the firmware before the device leaves the factory you are SOL and if they can do that then they can certainly do the same thing to your bios chipset before it gets installed in the motherboard and fitted into the computer to be sold or home built.
NOTICE:
You have been identified and counted.
You are now Thought Criminal #193587406
Write down your number and report to the local DHS Kommissar at the nearest railroad station.
You are advised to bring warm clothing and a shovel.
The Ministry Of Truth thanks you in advance for your cooperation.
Failure to comply with these instructions will subject you to immediate reclassification as a Domestic Terrorist.
Have A Nice Day
A software application can only talk to the operating system.
System software that talks to devices is called a device driver.
Your OS talks to devices through the drivers.
A hard drive is not just a hard drive - it has a controller. The controller is a computer itself ! It has its own local memory and processor and programs on its chips. It’s the circuit board you often see on one side of a hard drive.
Your operating system device driver talks to the controller, not directly to the hard drive. The controller reads and writes the disk and writes its results back into the memory on the computer motherboard so the device driver can see it.
Obviously, if the hard drive controller has malicious code in it, your operating system is quite limited in mitigating that, since your OS is simply talk to the hard drive controller and accepting what it gets back from it.
Of course, an OS should be designed to make sure that hard drive (and other devices) controllers (which have access to motherboard memory) are limited to only accessing the memory that the OS device driver gives it to work with.
Since malicious hard drive controllers were historically not something people in the real world thought about much (if ever), operating systems probably are not really hardened to defend against malicious devices.
It’s actually quite difficult to do that, actually, as the OS would really want to be able to fully inspect all the memory on the device controller so it could validate both code and data that resides in the device controller’s memory. Of course, the validation software must not be compromised then in order for that to be reliable.
Here is a summary report in PDF format (44pages)
Kaspersky is probably the very best virus lab in the world - No doubt being able to detect the bug is possible (and already accomplished, or they would not have in-the-wild statistics)... But hard drive firmware (and BIOS, modem, network,and video firmware) is normally not repairable without obtaining the specific software for the specific device and manually flashing (reloading/overwriting) the specific device. Not something for your average user, but any reasonably adept service tech could handle the job.
One might note that this entire problem is fixed just simply by designing the hardware to be unable to physically accept firmware revision without manually setting a jumper... A security oversight in favor of convenience, I suppose.
Communication while not connect to the internet would require a device controller to have:
a) a tiny radio/cellphone built into the device (trivial these days)
b) logic in the device controller to relay data via the radio/cellphone
If these are present, every time the device controller reads or writes data to the drive, it could relay the data via the embedded radio device. Kind of James Bondian, but simple these days.
As far as motherboard memory, the device controller normally accesses memory on the motherboard to transfer data to and from itself. What memory it can access on the motherboard is defined by the protection mechanisms of the OS and hardware, i.e., what use the OS makes of hardware protections.
I’ve never looked into things from that angle; people familiar with OS kernels and system memory architecture would be the ones to ask about malicious device access to system and userspace memory.
It protects my computer.
How do you know that Russia is not spying on your computer through the Kaspersky software?
As soon as you copy anything to a thumbdrive or maybe even a DVD and put that device into a connected computer...
It’s there, when you open the box. Nothing you can do to prevent it. It’s in the firmware. From reading this and other articles, in some cases, the NSA planted developers to insert the code among other methods.
If ANYONE on this site didn’t believe this was possible since say about 1995, they’re absolutely delusional. Regardless of method, EVERYTHING can be hacked, period.
So much for the Right to Privacy.
You gotta be out so far there aint e-leck-tricitie to escape Big Brudder now
The insertion before/during shipment was reported a few years ago. Our “intel boys” were doin’ it to some other national gubmint’s, I forget which.
Sounds cool til we consider what’s being done to us sheeple here in America.
It’s really goofy too, the layers of bs.
I mean, if we were concerned about some “Chinese threat”, when why do our elites have us sending all our jobs to them, buying so much from them, (hardly sounds like our elites think they are an enemy ??), and why do we have so much footsy being played with them inside our own government ?????????????
Remember
http://en.wikipedia.org/wiki/John_Huang
just ONE example of thousands of far east folks having full access at the top of our leadership.
I mean really, our elites are MARRIED to the FAR EAST.
THEY ARE IN LOVE !
I mean really, it’s a little like barf, you know ?
$itch McConnell has a Chinese wife, Jon Huntsman practically is Chinese, as are all of Wall Street, private equity, FOUNDATIONS, etc.
It’s like a big, sweet cake that’s all icing and no cake.
Love affair.
But...
at the same time our intel boys are spyin’ on them and their intel boys are spyin’ on us.
Oh, and our intel boys are spyin’ on us sheeple.
And their intel boys are spyin’ on their sheeple.
It’s RIDICUROUS !
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.