NSA planted surveillance software on hard drives, report says

Security vendor Kaspersky outs a group capable of inserting spying software onto hard drives around the world, while Reuters fingers the NSA as the culprit.

Is the NSA behind a sophsticated way of implanting spyware on hard drives?

The National Security Agency is able to infect hard drives with surveillance software to spy on computers, Reuters said on Tuesday, citing information from cyber researchers and former NSA operatives.

In a new report, Kaspersky revealed the existence of a group dubbed The Equation Group capable of directly accessing the firmware of hard drives from Western Digital, Seagate, Toshiba, IBM, Micron, Samsung and other drive makers. As such, the group has been able to implant spyware on hard drives to conduct surveillance on computers around the world.

In a blog posted on Monday, Kaspersky said this threat has been around for almost 20 years and "surpasses anything known in terms of complexity and sophistication of techniques." The security researcher called the group "unique almost in every aspect of their activities: they use tools that are very complicated and expensive to develop, in order to infect victims, retrieve data and hide activity in an outstandingly professional way, and utilize classic spying techniques to deliver malicious payloads to the victims."

Surveillance software implanted on hard drives is especially dangerous as it becomes active each time the PC boots up and thus can infect the computer over and over again without the user's knowledge. Though this type of spyware could have surfaced on a "majority of the world's computers," Kaspersky cited thousands or possibly tens of thousands of infections across 30 different countries.

Infected parties and industries include government and diplomatic institutions, as well as those involved in telecommunications, aerospace, energy, nuclear research, oil and gas, military and nanotechnology. Also, included are Islamic activists and scholars, mass media, the transportation sector, financial institutions and companies developing encryption technologies.

And who's responsible for this sophisticated spyware?

Kaspersky didn't name names but did say that the group has ties to Stuxnet, a virus used to infect Iran's uranium enrichment facility. The NSA has been accused of planting Stuxnet, leading Reuters to finger the agency as the source behind the hard drive spyware, especially based on outside information.

Kaspersky's analysis was right, a former NSA employee told Reuters, adding that the agency valued this type of spyware as highly as Stuxnet. Another "former intelligence operative" said that the NSA developed this method of embedding spyware in hard drives but said he didn't know which surveillance efforts used it.

Lead Kaspersky researcher Costin Raiu told Reuters that the creators of the spyware must have had access to the source code for the infected hard drives. Such code can pinpoint vulnerabilities that can be exploited by malicious-software writers.

"There is zero chance that someone could rewrite the [hard drive] operating system using public information," Raiu said.

A spokesperson for Western Digital told Reuters that the company had not "provided its source code to government agencies." A Seagate spokesman said the company takes secure measures to guard against tampering or reverse engineering of its hard drive firmware. And a Micron spokesman said that "we are not aware of any instances of foreign code."

However, the NSA has ways of accessing source code from technology firms, Reuters said, including simply asking for it directly and posing as a software developer.

"They don't admit it, but they do say, 'We're going to do an evaluation, we need the source code,'" Vincent Liu, a partner at security consulting firm Bishop Fox and former NSA analyst said. "It's usually the NSA doing the evaluation, and it's a pretty small leap to say they're going to keep that source code."

Responding to a request for comment, the NSA sent CNET the following statement:

We are aware of the recently released report. We are not going to comment publicly on any allegations that the report raises, or discuss any details. On January 17, 2014, the President gave a detailed address about our signals intelligence activities, and he also issued Presidential Policy Directive 28 (PPD-28). As we have affirmed publicly many times, we continue to abide by the commitments made in the President's speech and PPD-28. The U.S. Government calls on our intelligence agencies to protect the United States, its citizens, and its allies from a wide array of serious threats - including terrorist plots from al-Qaeda, ISIL, and others; the proliferation of weapons of mass destruction; foreign aggression against ourselves and our allies; and international criminal organizations.
Featured Video