New research from security company Kaspersky reveals the NSA planted spyware on thousands of hard drives from Toshiba, Western Digital, Seagate and Samsung.A new report claims an NSA-run group infected thousands of hard drives from Western Digital, Seagate, Toshiba and others.
If you thought Edward Snowden put an end to National Security Agency snooping, think again.
The NSA has hidden spyware in hard drives from the world’s top manufacturers, according to a new report from Russian internet security company Kaspersky.
Western Digital, Samsung, Seagate, Toshiba and Maxtor were all victims of the intrusion which was accomplished by accessing the firmware of the hard drives before they were installed in thousands of computers that would end up in up to 30 different countries.
The result is a network of compromised computers that could be configured to “infect victims, retrieve data and hide activity in an outstandingly professional way, and utilize classic spying techniques to deliver malicious payloads to the victims.”
Moscow-based Kaspersky doesn’t specifically name the NSA in the report but instead refers to the existence of a cyberespionage collective known as The Equation Group.
It goes on to tie the group to the Stuxnet worm that the NSA allegedly deployed to cripple Iran’s uranium enrichment facilities back in 2010.
However, a former NSA employee confirmed to Reuters that the analysis made by Kaspersky was accurate and that “people still in the spy agency valued these espionage programs as highly as Stuxnet.”
The spyware itself is lodged in the firmware code of the hard drive that is called upon every time the computer boots up.
According to the report, infected parties include government institutions as well as computers in the telecommunications, energy, aerospace, nuclear research, oil and gas and nanotechnology industries.
Worryingly, Kaspersky said that whoever wrote the spyware would need inside access to the proprietary source code of the hard drives.
“There is zero chance that someone could rewrite the [hard drive] operating system using public information,” said Costin Raiu, director of the Global Research and Analysis Team at Kaspersky.
Western Digital stated that it does not provide its source code to government agencies whilst Seagate and Micron both said they take “secure measures” to prevent tampering and were not aware of any foreign code.
“We are aware of the recently released report. We are not going to comment publicly on any allegations that the report raises, or discuss any details,” said the NSA in a statement released to Mirror Online.
“On January 17, 2014, the President gave a detailed address about our signals intelligence activities, and he also issued Presidential Policy Directive 28 (PPD-28). As we have affirmed publicly many times, we continue to abide by the commitments made in the President’s speech and PPD-28.
“The U.S. Government calls on our intelligence agencies to protect the United States, its citizens, and its allies from a wide array of serious threats – including terrorist plots from al-Qaeda, ISIL, and others; the proliferation of weapons of mass destruction; foreign aggression against ourselves and our allies; and international criminal organizations.