Screen Shot 2015-02-17 at 9.12.07 AM
Click to enlarge

The U.S. National Security Agency has figured out how to hide spying software deep within hard drives made by Western Digital, Seagate, Toshiba and other top manufacturers, giving the agency the means to eavesdrop on the majority of the world’s computers…

That long-sought and closely guarded ability was part of a cluster of spying programs discovered by Kaspersky Lab, the Moscow-based security software maker that has exposed a series of Western cyberespionage operations.

Kaspersky said it found personal computers in 30 countries infected with one or more of the spying programs, with the most infections seen in Iran, followed by Russia, Pakistan, Afghanistan, China, Mali, Syria, Yemen and Algeria. The targets included government and military institutions, telecommunication companies, banks, energy companies, nuclear researchers, media, and Islamic activists, Kaspersky said.

The firm declined to publicly name the country behind the spying campaign, but said it was closely linked to Stuxnet, the NSA-led cyberweapon that was used to attack Iran’s uranium enrichment facility. The NSA is the agency responsible for gathering electronic intelligence on behalf of the United States.

A former NSA employee told Reuters that Kaspersky’s analysis was correct, and that people still in the intelligence agency valued these spying programs as highly as Stuxnet. Another former intelligence operative confirmed that the NSA had developed the prized technique of concealing spyware in hard drives, but said he did not know which spy efforts relied on it.

Kaspersky published the technical details of its research on Monday, which should help infected institutions detect the spying programs, some of which trace back as far as 2001.

Another opportunity to confirm which politicians and pundits are serious about protecting individual privacy and which consider kissing government spy-butts more important. Let’s see who lines up on which side in coming days discussing this latest revelation.

  1. RR1 says:

    Oh the sheeple…..

  2. If you can't beat 'em says:

    Stage 6) JOIN ‘EM

    “Actually, I hear surveillance work pays pretty good! Where can I sign-up?”

  3. Hmeyers says:

    This message brought to you by the people who post all their crap on Facebook.

  4. Big Brother says:

    Wallow in the ignorance — you’ll feel better. Trust me! The truth is something you will deny anyway.

  5. Phydeau says:

    The article provides the solution:

    The exposure of these new spying tools could lead to greater backlash against Western technology, particularly in countries such as China, which is already drafting regulations that would require most bank technology suppliers to proffer copies of their software code for inspection.

    We need to be able to see the source code of the software/firmware that’s running on our devices, and make sure there are no “back doors”. It’s tough with hard drive firmware (or BIOS code for that matter) but that’s really the only way we can be sure the software isn’t compromised.

    Of course, who knows what back doors might lurk in the hardware itself… :/

    • NewFormatSux says:

      The solution is to have more software written not by Americans. That will eliminate the need for H1Bs as well, as all software jobs go overseas.

      • Phydeau says:

        If it’s software running in American banks, I’d think they would want it written by Americans. Just like the Chinese want their software written by Chinese.

        Be wary of free software, particularly password managers, written by companies in other countries.

        In my past I worked on US Government projects for Raytheon, with a security clearance I can’t tell you about. Occasionally people from other countries came through. We were told to be particularly wary of the French and the Israelis. Those two groups had a reputation for industrial espionage against their allies. I would personally not use software written by a company based in either of those countries.

        Just be aware… of course, companies based in the US can screw you too. :/

  6. John E. Quantum, the cunning linguist says:

    Now, I wouldn’t mind the Government intruding into my system quite so much if I could call them to recover the spreadsheets and documents I accidentally deleted.

  7. NewFormatSux says:

    If it’s Hillary vs Rand Paul, for whom do you vote?

  8. Guyver says:

    I guess according to this cartoon, this is a non-issue with racial minorities.

  9. HUGSaLOT says:

    I can’t see how this would work. Any form of spyware has to be executed for it to work. Most people delete partitions, and format and re-partition new HDDs and would clear out bullshit like this before they use it. In fact if you do have any sort of malware, even on the MBR, you do exactly this to clear the drive out… Short of a low-level format, which most people don’t do anymore (people do zero-write drives not the same as low-level).

    So maybe this spyware is in the firmware of the drive? What if you use the drive with a non-windows OS? How can a HDD send information over the internet on it’s own when it cant possibly have access to the internet?

    Cloud storage is a much easier target to “Spy” on.


Bad Behavior has blocked 4718 access attempts in the last 7 days.