U.S. spies are able to secretly infect and reprogram computer hard drives made by more than a dozen top companies, according to a sweeping new report from a team of cybersecurity researchers.
By reprogramming that firmware, the National Security Agency (NSA) is able to inject malicious code on a computer that can launch whenever a machine is booted up and consistently evade detection.
{mosads}Along with other techniques to spy on foreign governments, militaries, telecommunications companies, Islamic activists and others, the new powers unveiled by the Russia-based Kaspersky Lab in a report on Monday detail how the spy agency “surpasses anything known in terms of complexity and sophistication of techniques.”
The group charted more than 500 attacks in more than 30 countries around the globe, including Iran, Russia, Libya and Iraq, among others. Because many of the infections have a “self-destruct” mechanism, the actual number of attacks is likely much higher, according to Kaspersky — potentially in the tens of thousands.
The lab did not mention the NSA by name in its report, and instead referred to it as “Equation Group” because of their penchant for algorithms and obscurity. However, the team of hackers was linked to the Stuxnet virus that was built by the NSA intended to disable the Iranian nuclear regime and discovered in 2010.
A former NSA official confirmed to Reuters that the lab’s analysis was correct and said that the agency values the programs it unveiled as much as they did Stuxnet, which destroyed one-fifth of Iran’s nuclear centrifuges.
“The Equation Group is probably one of the most sophisticated cyber attack groups in the world; and they are the most advanced threat actor we have seen,” the lab said.
In addition to the hard drive-cracking bugs, the lab’s new report also detailed the existence of the “Fanny” worm, which was created specifically to penetrate computers on networks kept off the Internet — a common security technique for ultra-sensitive work. The worm is inserted onto a hidden storage area of a USB stick and scoops up data about those “air-gapped” networks, only to send it back whenever the USB stick is plugged into a machine connected to the Internet.
The Fanny worm took advantage of software bugs that were late uncovered in the investigation into Stuxnet.
In other instances, NSA secretly intercepted CD-ROM disks being sent via the mail, added a computer bug and then sent it back to its intended recipient.