• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

NSA in your Hard Drive

P

piasabird

Lifer
http://news.yahoo.com/russian-resea...rough-u-spying-program-194217480--sector.html

SAN FRANCISCO (Reuters) - The U.S. National Security Agency has figured out how to hide spying software deep within hard drives made by Western Digital, Seagate, Toshiba and other top manufacturers, giving the agency the means to eavesdrop on the majority of the world's computers, according to cyber researchers and former operatives.

This may be old. However, is your hard drive spying on you?

No one is safe from our evil government.

Or is this just all a hoax spread by Russians.
 
piasabird said:
http://news.yahoo.com/russian-resea...rough-u-spying-program-194217480--sector.html

SAN FRANCISCO (Reuters) - The U.S. National Security Agency has figured out how to hide spying software deep within hard drives made by Western Digital, Seagate, Toshiba and other top manufacturers, giving the agency the means to eavesdrop on the majority of the world's computers, according to cyber researchers and former operatives.

This may be old. However, is your hard drive spying on you?

No one is safe from our evil government.

Or is this just all a hoax spread by Russians.
Click to expand...
Perhaps it's a hoax by the US government and they really can't.
 
Kaspersky said it found personal computers in 30 countries infected with one or more of the spying programs, with the most infections seen in Iran, followed by Russia, Pakistan, Afghanistan, China, Mali, Syria, Yemen and Algeria. The targets included government and military institutions, telecommunication companies, banks, energy companies, nuclear researchers, media, and Islamic activists, Kaspersky said.
Click to expand...

So USA isnt even listed there, and it looks like they are just targeting big buisnesses/government. I dont think this is particularly widespread throughout the general populations computers.
 
piasabird said:
http://news.yahoo.com/russian-resea...rough-u-spying-program-194217480--sector.html

SAN FRANCISCO (Reuters) - The U.S. National Security Agency has figured out how to hide spying software deep within hard drives made by Western Digital, Seagate, Toshiba and other top manufacturers, giving the agency the means to eavesdrop on the majority of the world's computers, according to cyber researchers and former operatives.

This may be old. However, is your hard drive spying on you?

No one is safe from our evil government.

Or is this just all a hoax spread by Russians.
Click to expand...
the code would need to be in the firmware for the HD somehow.
 
In the registry or firmware to be totally hidden.
I do like the fact that the domains are not kept up so that antivirus firms buy them out and track the communication then can protect against the files and communication.
 
This document from Kaspersky: http://25zbkz3k00wn2tp5092n6di7b5k....5/02/Equation_group_questions_and_answers.pdf

Explains more about it. Apparently it's a virus that can elevate it's permissions, send vendor specific ATA commands and write itself into the hard drive's service area (where the firmware is stored). Pretty cool stuff, but a major security risk for high tech companies. Especially since it's only speculated to be the NSA, but could just as easily be another country or even just a really good hacker group.

I've posted a challenge the data recovery forum to see who can figure out a detection method: http://www.data-medics.com/forum/viewtopic.php?f=5&t=163

I'm trying to see if Kaspersky will share the firmware code they found with me.
 
some european countires have invested in typewriters after snowden leaked all that info.

he's an american hero, just like george washington.
 
Arstechnica has a great rundown on it (as well as other capabilities)
http://arstechnica.com/security/201...-nsa-hid-for-14-years-and-were-found-at-last/

Basically they reverse-engineered hard drive firmware to the point where they can re-flash some brands of hard drives with the appropriate malware. At that point they set aside a small portion of said drive to store whatever they want, so their malware can survive wipes and reformating and is all but completely undetectable.

Only way to detect it would be to intercept the malicious transmissions, manual analysis of the hard drive platters, or noticing a small difference in the hard drive's available capacity. Relatively easy to fix by simply re-flashing the firmware with factory images though.
 
Last edited:
irishScott said:
or noticing a small difference in the hard drive's available capacity. Relatively easy to fix by simply re-flashing the firmware with factory images though.
Click to expand...

inachu and someone else pointed out in a tech-support thread (that I was unable to re-find), that some HDDs (all?) have factory service areas, some even have entire platter surfaces, that are usable, but not ordinarily user-accessable LBAs.

And re-flashing the firmware, in an embedded system, in which the rogue firmware has already taken hold, and is the "gatekeeper" of the host I/O protocol, may be impossible, unless there is a physical jumper setting on the drive to enable a factory recovery mode, that basically gives you a hardline to the firmware areas to re-write them.
 
VirtualLarry said:
inachu and someone else pointed out in a tech-support thread (that I was unable to re-find), that some HDDs (all?) have factory service areas, some even have entire platter surfaces, that are usable, but not ordinarily user-accessable LBAs.

And re-flashing the firmware, in an embedded system, in which the rogue firmware has already taken hold, and is the "gatekeeper" of the host I/O protocol, may be impossible, unless there is a physical jumper setting on the drive to enable a factory recovery mode, that basically gives you a hardline to the firmware areas to re-write them.
Click to expand...

Wouldn't such hardware be safe from this attack in the first place? If there's no way to re-flash the firmware after it leaves the factory, how is the NSA supposed to do it?
 
irishScott said:
Wouldn't such hardware be safe from this attack in the first place? If there's no way to re-flash the firmware after it leaves the factory, how is the NSA supposed to do it?
Click to expand...

That's not quite what I was saying. What I was trying to point out was that, flashing the firmware of a device controlled by host I/O, is up to that embedded system. If it gets flashed with rogue firmware, it's game-over, unless there a factory diag hardwire somewhere.

But what you were saying is true too - I wish more devices had PHYSICAL write-protect switches, both for the data contents, as well as the firmware. Even better if they had a micro-sized rotary key, such that you could keep it on your person, and no-one would be able to flash the firmware in your absence.
 
inf1nity said:
Hitachi hard drive user here.
Click to expand...
They listed IBM. This uses Stuxnet zero-day exploits, which are from a time where what you are using today is not relevant. Were you using Hitachi with Windows XP? Back then they were still very much like IBM because their HDD division had only recently been purchased from IBM. Unless only IBM server drive firmwares were vulnerable, Hitachi was almost certainly vulnerable too.
 
Last edited:
piasabird said:
http://news.yahoo.com/russian-resea...rough-u-spying-program-194217480--sector.html

SAN FRANCISCO (Reuters) - The U.S. National Security Agency has figured out how to hide spying software deep within hard drives made by Western Digital, Seagate, Toshiba and other top manufacturers, giving the agency the means to eavesdrop on the majority of the world's computers, according to cyber researchers and former operatives.

This may be old. However, is your hard drive spying on you?

No one is safe from our evil government.

Or is this just all a hoax spread by Russians.
Click to expand...

What is clear- the exposure of these new spying tools could lead to greater backlash against Western technology, particularly in countries such as China. That's not good, actually.
 
I bet CEOs/management of these hard drive companies go WTF with news like this. All it takes is just one or a few moles/agents on the firmware development crew to do their job for NSA, and if they refuse, there is always blackmail.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top