For those planning on using computers for packet relays... It may not be secure...

Discussion in 'Survival Communications' started by Witch Doctor 01, Feb 23, 2015.

  1. Witch Doctor 01

    Witch Doctor 01 Mojo Maker

    The NSA may be hiding payloads in the firmware of consumer hard drives,
    according to a new report from Kaspersky Lab. The report tracks a group
    that researchers have dubbed "Equation," which uses previously
    undiscovered methods to plant targeted malware in hard drive firmware,
    where it is difficult to detect or remove. The report found exploits for
    hard drives made by many of the largest brands in the industry,
    including Samsung, Western Digital, Seagate, Maxtor, Toshiba, and
    Hitachi. The group is closely tied to Stuxnet, using many overlapping
    vulnerabilities and techniques over the same time period, and those
    similarities combined with previously published NSA hard drive exploits
    have led many to speculate that Encounter may be part of the NSA.


    If true, the program would give the NSA unprecedented access to the
    world's computers, even when disconnected from the larger web. Viruses
    stored on a hard drive's firmware are typically activated as soon as a
    device is plugged in, with no further action required. They're also
    usually undetectable and survive reformatting, making them difficult to
    detect and remove. In July, independent researchers discovered a similar
    exploit targeting USB firmware — dubbed BadUSB — but there was no
    indication of the bugs being developed and deployed at this scale.

    It also raises real questions about device manufacturers' complicity in
    the program. It would take extensive and sustained reverse engineering
    to successfully rewrite a device's firmware. The NSA would certainly be
    capable of it, but it's also possible the NSA compelled companies to
    hand over the firmware code or intercepted it through other means.
    Reached by Reuters, only Western Digital actively denied sharing source
    code with the NSA; the other companies declined to comment.
    tulianr, Tully Mars and stg58 like this.
  2. stg58

    stg58 Monkey+++ Founding Member

  3. Yard Dart

    Yard Dart Vigilant Monkey Moderator

    Tully Mars and stg58 like this.
  4. Mindgrinder

    Mindgrinder Karma Pirate Ninja|RIP 12-25-2017

    Not's not as complex as you might think...I know of at least 2 guys capable of doing this SOLO and they're only mid-level ISP techs....State-level bios malware is often crafted like virtual circuits or even root kits from what they tell me in the smoke pit.
  5. -06

    -06 Monkey+++

    And we are not already monitored/exploited? Went onto a Home Depot site looking for parts for our patio swing. Right afterwards everywhere I went a sales pitch about swings popped up. If commercial ventures track our moves just how much more can others track us.
  6. William Warren

    William Warren Monkey++

    Kaspersky's core expertise is hype, not malware detection or removal. I never act on their "warnings" unless the "threat" they're pumping has been confirmed by the CERT (Computer Emergency Response Team at Carnegie-Mellon) or US-CERT.

    If true, it might give the NSA some access to hard drives which were modified while in transit from one pacific-rim factory to OEM's at another pacific-rim factory. However, the engineers whom design those disks would never spend the money or suffer the power drains required for the manufacturers to use EEPROM chips in their devices, so every hard drive the NSA wanted to "access" would have to be modified by hand, and that's only worthwhile for very high-value targets, if the NSA were able to get access to such a machine, after a FISA judge had issued a search warrant, and if the machine was located within U.S. jurisdiction, and if the FBI was involved in the case.

    Sorry, and no offense, but Kaspersky Labs is expert at playing on the fears which brain-dead purchasing managers have because they watched some gee-wiz exploit on television. Don't lose any sleep over it.

    William Warren
    BTPost likes this.
survivalmonkey SSL seal warrant canary