Hot off of the heels of breaking news on the biggest digital bank heist run in history, Kaspersky labs, the anti-malware firm, has released a new batch of information that indirectly paints the NSA and the US government as having inserted malware into the firmware of commercial hard drives. While the malware has turned up the most in countries like Russia and China, due to the commercial nature of the hard drives, it could be far more wide reaching than currently known.
While Kaspersky didn't say explicitly that the NSA was responsible for the malware creation – which due to being present in the HDD firmware, can infect a PC every time it boots – it said that it was closely related to the Stuxnet infection which targeted Iranian nuclear power stations. Due to Edward Snowden leaks, that attack was pinned on the USA. In the same vein, the HDD malware was designed to go after foreign banks, energy companies, telecoms businesses and military installations.
All in all, over 30 countries were found to have been infected with the malware, including: Russia, China, Pakistan, Afghanistan, Mali, Syria, Yemen and Algeria. However, despite the wide spread nature of the infection, Kaspersky claims the people behind it only utilised it to target specific installations, taking remote control of machines at the most desirable of targets.
However, the potential for further infection is huge, as the malware was said to be found in commercial drives from Seagate, Western Digital, Toshiba, IBM and Samsung. The question at this point is, whether those companies colluded with the NSA to achieve the goal of infecting so many machines, or whether they were none the wiser, as infecting the firmware should only be possible with the proprietary source code for the drives, according to a Reuters' source.
Since the news broke, WD has come forward to state that it had no involvement in the hacking and had never “provided its source code to government agencies.” The other manufacturers have yet to directly address whether they were involved, but several stated that their drives featured robust security and did not permit the use of foreign code.
KitGuru Says: According to ex-NSA staffers, sometimes the NSA pretends to be a software developer in order to gain access to the hardware source code. It may be a case that the HDD makers really were in the dark on this one, but even if that was the case, chances are they couldn't tell anyone.
Image source: William Hook