Wednesday, September 26, 2018
Search
  
Submit your own News for
inclusion in our Site.
Click here...
Breaking News
PS4 Gets Fortnite Cross-play Support
ARM Unveils the Cortex-A76AE Chip Design for Autonomous Cars
Google to Allow Chrome users to Disable Automatic Login Feature
Multimedia-focused Nero 2019 Released
Mouse and Keyboard Support for Xbox One Coming Soon
Apple Said to Shaves Cost from Displays in iPhones
GLOBALFOUNDRIES Delivering 8SW RF SOI Client Chips on 300mm Platform, Enhanced 14/12nm FinFET offerings
Qualcomm Says Apple Gave Modem Secrets to Intel
Active Discussions
Which of these DVD media are the best, most durable?
How to back up a PS2 DL game
Copy a protected DVD?
roxio issues with xp pro
Help make DVDInfoPro better with dvdinfomantis!!!
menu making
Optiarc AD-7260S review
cdrw trouble
 Home > News > General Computing > Spying ...
Last 7 Days News : SU MO TU WE TH FR SA All News

Monday, February 16, 2015
Spying Program Was Stored Within Popular Hard Disk Drives


Security software maker Kaspersky has exposed a series of Western cyberespionage operations, including the injection of a spying software barried deep within hard drives made by Western Digital, Seagate, Toshiba and other top manufacturers, giving NSA the means to eavesdrop on computers.

The firm declined to publicly name the country behind the spying campaign, but said it was closely linked to Stuxnet, the "cyberweapon" used by the NSA, the agency responsible for gathering electronic intelligence on behalf of the United States. Kaspersky gave the name "Equation group" to the creators of thes spying tools. The name was was given because of their preference for sophisticated encryption schemes.

The Equation group has many codenames for their tools and implants, Kaspersky said. But perhaps the most powerful tool in the Equation group's arsenal is a mysterious module that allows them to reprogram the hard drive firmware of over a dozen different hard drive brands, including Seagate, Western Digital, Toshiba, Maxtor and IBM.

Obviously, disk drive firmware is the second-most valuable real estate on a PC for a hacker, second only to the BIOS code invoked automatically as a computer boots up. As you realize, the hardware would infect the computer over and over, and the malware's persistence helps to survive disk formatting and OS reinstallation.

In addition, the malware was able to create an invisible, persistent area hidden inside the hard drive. It was used to save exfiltrated information which can be later retrieved by the attackers, according to Costin Raiu, Director of the Global Research and Analysis Team at Kaspersky Lab.

In order to create such a sophisticated spying sofwtare, authors of the spying programs must have had access to the proprietary source code that directs the actions of the hard drives. That code can serve as a roadmap to vulnerabilities, allowing those who study it to launch attacks much more easily.

Western Digital, Seagate and Micron said they had no knowledge of these spying programs. Toshiba and Samsung declined to comment.

Kaspersky said it found personal computers in 30 countries infected with one or more of the spying programs, with the most infections seen in Iran, followed by Russia, Pakistan, Afghanistan, China, Mali, Syria, Yemen and Algeria. The targets included government and military institutions, telecommunication companies, banks, energy companies, nuclear researchers, media, and Islamic activists, Kaspersky said.

NSA has declined to comment.

The group used a variety of means to spread other spying programs, such as by compromising jihadist websites, infecting USB sticks and CDs, and developing a self-spreading computer worm called Fanny, Kasperky said.

Presumably compiled in July 2008, Fanny was first observed in December 2008. Fanny used two zero-day exploits, which were later uncovered during the discovery of Stuxnet. To spread, it used the Stuxnet LNK exploit and USB sticks. For escalation of privilege, Fanny used a vulnerability patched by the Microsoft bulletin MS09-025, which was also used in one of the early versions of Stuxnet from 2009.

The main purpose of the Fanny worm was to map air-gapped networks, in other words – to understand the topology of a network that cannot be reached, and to execute commands to those isolated systems. For this, it used a unique USB-based command and control mechanism which allowed the attackers to pass data back and forth from air-gapped networks.



Previous
Next
Sony SmartEyeglass Developer Edition SED-E1 Available In March        All News        Internet Explorer To Support HTTP Strict Transport Security Protocol
Google Launches Chinese Language Developer Channel on YouTube     General Computing News      Internet Explorer To Support HTTP Strict Transport Security Protocol

Get RSS feed Easy Print E-Mail this Message

Related News
Congress Votes to Extend NSA Spying
NSA Oultines New Telephone Spying Program
Android Trojan Steals Passwords Sent Through Voice Calls
NSA's Phone Surveillance Program Changes
NSA Ordered to Stop Collecting Plaintiffs' Phone Records
NSA Was Targetting Google Play
US House Approves Bill Ending NSA Bulk Data Collection
Court Rejects NSA Bulk Collection of Phone Records
Kaspersky Discovers Trojan That Tricks CAPTCHA Into Thinking Its Human
Wikimedia Files Suit Against NSA Over Mass Surveillance
Gemalto Admits Hacking of SIM Card Encryption Keys by GCHQ and NSA
British Agency Was Stealing Cell Phone Codes

Most Popular News
 
Home | News | All News | Reviews | Articles | Guides | Download | Expert Area | Forum | Site Info
Site best viewed at 1024x768+ - CDRINFO.COM 1998-2018 - All rights reserved -
Privacy policy - Contact Us .