Russian researchers find ‘US spy software in hard drives’

 

Russia-based researchers said they have found a series of sophisticated hacking tools within the hard drives of personal computers built by some the world’s biggest manufacturers.

Kaspersky Labs, a Moscow-based cybersecurity company, said it had uncovered the spying software in computers that were used in 30 countries, including Iran, Pakistan, Russia and China, which have long been priorities for US intelligence agencies.

Without accusing the National Security Agency of being the source of the new malware, Kaspersky researchers indirectly suggested that the tools were devised by the US.

Some of the surveillance tools had been hidden deep inside the hard drives of computers made by companies such as Toshiba, Western Digital, Seagate and IBM, the Russian company said.

If a US role in developing the new cyber-tools is confirmed, it could further tarnish the reputation of US technology companies after the damaging revelations about the NSA leaked by Edward Snowden in 2013.

Publishing the technical details of the spyware on Monday, Kaspersky said that they were introduced by a group “that surpasses anything known in terms of complexity and sophistication of techniques”.
Avoiding any direct reference to the NSA, Kaspersky said the spying software had been developed by an entity it called “The Equation Group”, which it said had been operating for 20 years.
However, it said that the Equation Group had “solid links” to the creators of Stuxnet — the virus that that attacked an Iranian nuclear facility and that was developed by the US, in co-operation with Israel.
According to Kapersky, one of the surveillance tools is embedded in the computer “firmware”, code that sends messages to the rest of a computer hardware when it is switched on — a development the Russian researchers described as “an astonishing technical accomplishment” because it was so hard to detect and extract.
“To put it simply: for most hard drives there are functions to write into the hardware firmware area, but there are no functions to read it back,” said Costin Raiu, director of the Global Research and Analysis Team at Kaspersky Lab. “It means that we are practically blind, and cannot detect hard drives that have been infected by this malware.”
The report said that the ‘Equation Group’ used the resultant capability to eavesdrop on a selective basis. The targets had included banks, governments, nuclear researchers, military facilities and Islamic activists, it said.
The Kaspersky report also discussed the attempts by the ‘Equation Group’ to map “air-gapped” networks that are not connected to the internet — as was the case for Iran’s nuclear facilities. It described a “unique USB-based command and control mechanism which allowed the attackers to pass data back and forth from air-gapped networks”.
Western Digital, Seagate and Micron said they had no knowledge of these spying programs. Toshiba and Samsung declined to comment. IBM did not respond to requests for comment.
Additional reporting by Kana Inagaki, Simon Mundy and agencies

Original post found here:  http://www.ft.com/cms/s/0/4d4a8f9c-b668-11e4-95dc-00144feab7de.html#axzz3RzITqvLP