Kaspersky Lab, the Moscow-based security software developer, has uncovered a number of spying programs hidden deep within hard drives made by companies such as Seagate, Toshiba and Western Digital, amongst others, and has pointed to the US National Security Agency (NSA) as being responsible for them. The NSA is the US government agency responsible for collecting electronic intelligence.
According to cyber researchers, these programs give the NSA unfettered access to the majority of the world’s computers and therefore the means to eavesdrop on private files whenever they want.
Kaspersky, which has exposed a number of Western cyberespionage operations in the past, said that it found personal computers in over 30 countries infected with the spying programs.
The most infections were seen in Iran, followed by Russia, Pakistan, Afghanistan, China, Mali, Yemen and Syria. The targets were based over a broad spectrum of society and included government and military bodies, telecommunication companies, banks, nuclear researchers and the media.
While declining to publicly name the organization behind the spyware, Kaspersky said that it was closely linked to Stuxnet, which is the NSA cyberweapon earlier used to attack Iran’s nuclear facility. An NSA spokesperson declined to comment on the story.
To back its claims, Kaspersky has published all the technical details of its research, which can also help other institutions detect if they have been infected as well.
This disclosure is further evidence of the massive invasion of privacy and illegal surveillance conducted by the NSA which was first brought to public by whistleblower and former NSA contractor Edward Snowden. Possible ramifications could include greater scrutiny for Western software companies and a reduction in their global software sales.
According to Kaspersky, the spies behind the software were able to infect the hard drives after determining how to lodge the malicious code in the firmware that boots up every time a computer is switched on.
“The hardware will be able to infect the computer over and over,” said lead Kaspersky researcher Costin Raiu.
While the infected software was active in thousands of PCs all over the world, the spies were selective and only established remote control over “high-value” and “desirable” foreign targets. Western Digital, Seagate and Micron said that they had no knowledge of these spying programs, while Toshiba and Samsung declined to comment.
Costin Raiu said that the authors of the spying program could have only hacked the hard drives if they had access to the source code that directs the actions of the hardware. He said:
“There is zero chance that someone could rewrite the operating system using public information.”
According to former intelligence operatives, the NSA has multiple ways of obtaining source code from tech companies. There are a number of classified requests that they can make, or pose as a software developer, or even demand that the company share the code with them if they want to sell solutions to the US government.
