# NSA Project Caught Playing in Drive Firmware



## drmike (Feb 18, 2015)

Kaspersky Lab on this finding, a Russian company ....

A drive firmware hack dating back to at least to 2001 and some indication perhaps to 1996.  Effects ALL manufacturers.  Stashes data, C&C style infection, in theory applicable to Windows but suspected to have other OS brothern.  One found computer in the Middle East infected is Mac OSX.

Alleged that this Equation Group software (named for the many encryption algorithms the malware is using) is partner and vector for earlier Stuxnet.

"Kaspersky's reconstructions of the spying programs show that they could work in disk drives sold by more than a dozen companies, comprising essentially the entire market. They include Western Digital Corp, Seagate Technology Plc, Toshiba Corp, IBM, Micron Technology Inc and Samsung Electronics Co Ltd."

Reuters article: http://www.reuters.com/article/2015/02/16/us-usa-cyberspying-idUSKBN0LK1QV20150216

Kaspersky PDF with much detail: https://securelist.com/files/2015/02/Equation_group_questions_and_answers.pdf

Similarly, a 2006 dated NSA interns file describes a drive screw job / related project:

"(TS//SI//REL) Create a covert storage product that is enabled from a hard drive firmware modification. The idea would be to modify the firmware of a particular hard drive so that it normally only recognizes half of its available space. It would report this size back to the operating system and not provide any way to access the additional space."


----------



## William (Feb 18, 2015)

Not bad, seems like it could show a TB HDD as 500GB (or 2 as 1, 4 as 2 etc.) and copy all data to the second part, not sure how that would circumvent disk encryption though.


----------



## drmike (Feb 18, 2015)

Another detailed piece on it... Quite nice:

http://arstechnica.com/security/2015/02/how-omnipotent-hackers-tied-to-the-nsa-hid-for-14-years-and-were-found-at-last/

How it starts:



> CANCUN, Mexico — In 2009, one or more prestigious researchers received a CD by mail that contained pictures and other materials from a recent scientific conference they attended in Houston. The scientists didn't know it then, but the disc also delivered a malicious payload developed by a highly advanced hacking operation that had been active since at least 2001*. The CD, it seems, was tampered with on its way through the mail*.


----------



## drmike (Feb 18, 2015)

> First is the group's known aptitude for conducting interdictions, such as installing covert implant firmware in a Cisco Systems router as it moved through the mail.


----------



## fixidixi (Feb 18, 2015)

I still don't see what is your problem with this. You could feel the democracy coming out of your hdd!! It's not a "bug" it's a feature! Should install http://democracyos.org/ everywhere!


----------



## DomainBop (Feb 18, 2015)

fixidixi said:


> I still don't see what is your problem with this. You could feel the democracy coming out of your hdd!! It's not a "bug" it's a feature!


If he's worried about privacy then he obviously has something to hide!!!! Suspect reported to the NSA! 



> Should install http://democracyos.org/ everywhere!


I'd suggest using the LPS Linux distro instead...I'm sure it has no backdoors

http://distrowatch.com/table.php?distribution=lps


----------



## Jasson.Pass (Feb 18, 2015)

Nice share of information.

Another reason to run Linux over closed source.


----------



## drmike (Feb 18, 2015)

fixidixi said:


> I still don't see what is your problem with this. You could feel the democracy coming out of your hdd!! It's not a "bug" it's a feature! Should install http://democracyos.org/ everywhere!


Hehehe, no problem.  Democracy out the HDD, indeed, unannounced, at will, to whom ever is in the spy apparatus illegally rooting through my digital papers and effects.  That's certainly democracy at work.

I never joined a democracy,  I was born in a Republic.

Problem with democracy is that we can and do have elections whereby < 50% of the adults of voting age actually vote,  where the "winner" selected by the majority in fact is a statistical minority. (i.e. 46% voting from population of adults = perhaps 50% or less of the total population = winner at 51% equating to 24% of the total population). Ruled by a small minority with fanatical boo have to save the children, terrorist in your toilet, something lurking behind every blade of grass, etc.  Well intentioned at the onset, but momentum play to loot the public piggybank.

Worse yet is the ruling folks, that would be "elected" leaders and the hired government employees combined on head count equal some pitifully small fraction of the total population (far too many these days - no offense to road workers, infrastructure folks, etc. that we actually need and are actually too few in headcount).

Of that small population what percentage works in intelligence?  These folks with their outsourced brothern are who is pushing these back doors.  Back doors that are inferiority and defects, subject to their exploitation and exploit by others.  This pile of spied on victims includes US citizens, companies, investigators, other intelligence folks and who knows what.  Sure lion share is intended to be abroad, I get that.   But what sort of foreign policy is that?  What sort of intelligence is that?  It's far worse than episodes like Watergate where people illegally broke into and rifled through papers and effects. 

In a land of laws and protections of perceived freedoms implicit to having a quality life, what message does it say that the cowards in government and our brightest minds have everything backdoored and tapped?  If another country, not being the United States, was engaged to such a largess, they would and the US rightly would have a fit.

There is this other nagging issue with such.  That is with such compromises and C&C, any computer so compromised can be made to do whatever the controller wants at any time.  Meaning an effect of a person, or a computer under their control could be visiting naughty websites, it could be storing taboo data, it could be launching attacks, etc.  This destroys the integrity by-law of computers being some personal effect that is truly controlled by the owner and indicative of the owner actually doing anything.  See that problem about to emerge in legal circles?  

Has such been used in such scenarios to entrap people?  Most likely.   Foolish to believe otherwise.  Proving it would be very hard.  Disproving it would be just as hard.

Has such prevented by government no standards some terrorism or uranium refining?  Perhaps. Stuxnet seemed to in Iran and nearly the sole example and loosely tied with integrated controller firmware corruptions / reprogramming as part of the payload.

Disappointing.  This is where my tax dollars go.


----------

