NSA Hacking Of Disk Drives Revealed

It’s not been a great year for the NSA.  First Snowden and all press they have gotten as a result of the leaked documents that seem to come out every month.

Now a Russian security researcher, Gene Kaspersky, that I wrote about recently (see post) revealed that they have detected malware in the firmware of disk drives from Seagate, Western Digital, Toshiba and other top manufacturers (see article).

Kaspersky found the malware in PCs in 30 countries including Iran, Russia, Pakistan, Afghanistan, China, Mali, Syria, Yemen and Algeria.

The targets, they say, include banks, energy companies, nuclear research, media and activists.

Whether some hackers are aware of and taking advantage of this malware also is unknown.

While Kaspersky did not name the U.S. as the source, they said it was closely related to Stuxnet and a former NSA employee confirmed to Reuters that Kaspersky was correct in his attribution.

Because this runs in the firmware of the disk drive, it is difficult to see, difficult to remove and likely could see whatever it wanted.  It would get loaded every time the computer boots, so defeating it would be impossible short of crushing the disk.  Depending on how the software works, it likely would defeat disk encryption.

Like some other spying programs, the NSA, assuming it actually was the NSA, used it judiciously – only activating it on high value targets.

Kaspersky said that it would have been almost impossible to engineer this malware without access to the source code, which all of the manufacturers claim they did not provide to the NSA.

All of the manufacturers said that they have really good security. Since the malware is there and has been there since around 2000, either the manufacturers are fooling themselves or ……, you decide.

Sometimes the government asks to review source code for products they plan to buy to look for security bugs.  If this happened, it is a very small step that this code got to the NSA.  Alternatively, they could get hired as a developer and steal the code.

These risks would be identified in an enterprise risk assessment engagement and then the company would need to make some decisions regarding mitigation.

Assuming this is all accurate, I am sure that the NSA is not very happy tonight, although the Russians, Chinese and others are likely very happy.

Here is likely another problem for U.S. Tech Vendors.  China is rapidly discarding all Cisco networking gear in the country because they fear U.S. spying.  Now countries will work to remove all U.S. Computers and disk drives for the same reason.  Between cloud services, network equipment and now PCs, this could potentially cost U.S. tech companies tens of billions of dollars a year.  Of course it would be foolish to think that other countries are not doing the same thing, which is why China, for example, is manufacturing it’s own network equipment to replace the Cisco gear it is throwing away.