US Hacking, Spyware Targets Include Mass Media, Phone, and Energy Companies
Robert Barsocchini — via Washingtonsblog May 19, 2016
“The U.S. National Security Agency has figured out how to hide spying software deep within hard drives …. giving the agency the means to eavesdrop on the majority of the world’s computers, according to cyber researchers and former operatives.
That long-sought and closely guarded ability was part of a cluster of spying programs discovered by Kaspersky Lab, the Moscow-based security software maker that has exposed a series of Western cyberespionage operations.
Kaspersky said it found personal computers in 30 countries infected with one or more of the spying programs, with the most infections seen in Iran [a US corporate target since 1953], followed by Russia, Pakistan, Afghanistan, China, Mali, Syria, Yemen and Algeria. The targets included government and military institutions, telecommunication companies, banks, energy companies, nuclear researchers, media, and Islamic activists, Kaspersky said.”
These hacking and spyware operations date back “at least 14 years and possibly up to two decades”.
Spyware Linked To NSA Discovered In Hard Drives Across The World
Giuseppe Macri — Daily Caller Feb 17, 2015
Noted cybersecruity firm Kaspersky Lab has discovered evidence of advanced spyware likely tied to the National Security Agency embedded deep in hard drives from more than a dozen manufacturers worldwide.
According to the Moscow-based firm, which released a report detailing the threat Monday, the spyware is able to reprogram the firmware of infected hard drives and inject the computers they’re built into with highly effective and evasive malware, adept at gathering information and avoiding detection.
Attributed to hackers dubbed “The Equation Group” by Kaspersky, the threat “surpasses anything known in terms of complexity and sophistication of techniques,” and has been active in major hard drives manufactured by Western Digital, Seagate, Toshiba and others in more than 30 countries over the last 20 years.
The suite of surveillance platforms has been behind more than 500 attacks against military and government institutions, banks, telecommunications companies, energy companies, Islamic activists and media in Iran, Russia, Pakistan, Afghanistan, China, Mali, Syria, Yemen, Algeria and others
According to Kaspersky, the number of attacks is likely much higher — possibly in the tens of thousands — but self-destruct mechanisms embedded in the infections makes the true number virtually uncountable.
While the firm did not mention the NSA by name in its report, Equation Group was linked to the Stuxnet virus deployed by the signals intelligence agency between 2007 and 2008 to sabotage Iranian uranium enrichment centrifuges, which successfully destroyed about one-fifth of the country’s nuclear enrichment infrastructure.
Spokespersons for both Western Digital and Seagate deny sharing their hard drives’ source code with the government. However, a former NSA analyst confirmed to Reuters that the NSA has ways of obtaining the source code for hard drives from companies, including “posing as a software developer” or requesting a security audit for a proposed purchase.
“They don’t admit it, but they do say, ‘We’re going to do an evaluation, we need the source code,’” former NSA analyst Vincent Liu said in the report. “It’s usually the NSA doing the evaluation, and it’s a pretty small leap to say they’re going to keep that source code”.
Kaspersky’s report also details the existence of an Equation Group tool known as the “Fanny” worm, which is used to surveil computer networks not connected to the Internet. The worm is installed in secret compartments on intercepted USB sticks or CD-ROMS, and infects such “air-gapped” networks when inserted into a computer on that network. The worm then transmits the information it gleaned back to Equation after it’s plugged into an Internet-connected computer again.
Vulnerabilities uncovered by Fanny were later found to have been exploited by Stuxnet.