NSA accused of embedding spyware in hard disks

All major vendors’ firmware infiltrated, former operatives point fingers at agency

Tags: Cyber crimeKaspersky LabPrivacyRussiaUSA
  • E-Mail
NSA accused of embedding spyware in hard disks Affected HDD vendors include Western Digital, Seagate Technology, Toshiba, IBM, Micron Technology and Samsung Electronics, according to Kaspersky Lab.
By  Stephen McBride Published  February 17, 2015

Russian researchers have accused the US National Security Agency of embedding monitoring malware in the hard-disk firmware of major vendors, in an attempt to broaden the spy unit's global surveillance net, Reuters reported.

Moscow-based cyber security specialist Kaspersky Lab said its analysis showed the spyware was compatible with disk firmware from more than a dozen companies, covering the majority of the magnetic HDD market. Companies include Western Digital, Seagate Technology, Toshiba, IBM, Micron Technology and Samsung Electronics.

Kaspersky claimed to have found the malware on PCs in 30 countries, with the highest incidence found in Iran, followed by Russia, Pakistan, Afghanistan, China, Mali, Syria, Yemen and Algeria. Target organisations included government departments, military branches, telecoms companies, banks, energy companies, nuclear researchers, media, and Islamic activists.

While Kaspersky did not name the country responsible for the operation, only referring to the architects as "the Equation group", it said the malware was closely linked to Stuxnet, the worm blamed for the disabling of Iran's uranium centrifuges in 2010. Stuxnet was widely reported to be the handiwork of Israeli and US architects and the NSA has been accused of being the ringleader in the campaign.

Reuters also cited sources formerly employed by the NSA, one of whom said the agency was very interested in the type of cyber espionage programmes described by Kaspersky. Another claimed the NSA had pioneered the technique of embedding spyware in hard drives, but could not confirm if the NSA was behind the campaign uncovered by Kaspersky.

Kaspersky's report, published yesterday, includes technical details on the malware that would allow organisations to detect its presence. Some infections could date back as far as 2001.

Continues on next page>>

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code