dslreports logo
 story category
NSA Group Has Been Embedding Spyware In Hard Drive Firmware

Kaspersky Lab this week discovered an NSA operation to embed nearly-invisible spying software deep into hard drives manufactured by Western Digital, Seagate, Toshiba and other top manufacturers. According to Reuters, the efforts were part of an NSA-funded and coordinated outfit Kaspersky is calling the "Equation Group," which was engaged in some of the most sophisticated cyber-spying the researchers have ever seen, and has been in operation for up to fourteen years.

The groups spy software targeted government and military institutions, telecommunication companies, banks, energy companies, nuclear researchers, media, and Islamic activists, notes Kaspersky. Nearly a dozen hard drive vendors deny cooperation with the NSA, but Kapersky's report doesn't make it entirely clear if the companies were tricked, cooperated voluntarily, or a mixture of both:
quote:
Western Digital, Seagate and Micron said they had no knowledge of these spying programs. Toshiba and Samsung declined to comment. IBM did not respond to requests for comment...Raiu said the authors of the spying programs must have had access to the proprietary source code that directs the actions of the hard drives. That code can serve as a roadmap to vulnerabilities, allowing those who study it to launch attacks much more easily.
The full Kaspersky report is available here (pdf).
view:
topics flat nest 

gigahurtz
Premium Member
join:2001-10-20
USA

1 recommendation

gigahurtz

Premium Member

RIP Privacy

We walk a very thin line with protecting our privacy and protecting our country from terrorist attacks. I have nothing to hide so this doesn't comcern me as much, but it's likely because my expectation if privacy has been diminished since 9/11. The terrorists keep on winning whether we like it or not.
tired_runner
Premium Member
join:2000-08-25
CT

tired_runner

Premium Member

Re: RIP Privacy

It's modern day domestic surveillance.

Unfortunately the terrorists have proven to be more sophisticated than us.

SysOp
join:2001-04-18
Atlanta, GA

4 edits

6 recommendations

SysOp to gigahurtz

Member

to gigahurtz
I don't accept violations of the USA Constitution in the name of national security!

The alleged NSA Group doing this no longer serves the citizens and in essence is committing treason. This is worse than any act of terrorism.

If we rise up and fight against this with everything we have; we become the terrorist. But we can fight this without violence! Simply stop paying taxes. Everyone. Stop paying taxes right now. Perhaps the solution is going back to family farming, living off the land, and being part of a self sustaining community.

Did you know ISIS levies taxes and even sells gasoline and electricity? In the land they control, they've set up what they call an Islamic state and now they're busy making the money they need to fund their self. »www.cbsnews.com/news/isi ··· -agenda/

Morfein
Lead Peon
Premium Member
join:2004-09-08
Brownsburg, IN

Morfein

Premium Member

Re: RIP Privacy

said by SysOp:

I don't accept violations of the USA Constitution in the name of national security!

I wish their were more like minded individuals like this. Our constitution has been trampled by both parties. It goes against the very fabric this nation was founded upon. If it wasn't for the general population being so ignorant of what goes on in our government, we may be able to stop this. Till that point of some type of uprising and demonstrations against it, I see none of it changing.

Boricua
Premium Member
join:2002-01-26
Sacramuerto

Boricua

Premium Member

Re: RIP Privacy

said by Morfein:

Till that point of some type of uprising and demonstrations against it...

But there were a mini uprising, OWS (occupy wall street) and look at what happen .

BringTheRain
@frontiernet.net

1 recommendation

BringTheRain

Anon

Re: RIP Privacy

Yes look what happened...the controlled media only focused on the most fringe groups in that movement, ignored large protests, and created the "dirty hippie" tag line. Then most of the population, including those who want change, decided it was a marginal group and jumped on the band wagon to persecute them instead of supporting and joining the efforts. The media is the strongest deterrent and they use it well.
AmericanMan
Premium Member
join:2013-12-28
united state

AmericanMan

Premium Member

Re: RIP Privacy

+1. It is funny how both the Occupy Wall Street and the Tea Party movement, both of which had legitimate points from different sides of the political spectrum, were both manipulated by the powers that be to not only be pitted against one another, but also driven to irrelevance.

Could you imagine what would've happened had the two movements united under a common banner of "vote out the incumbents"? No wonder the groups got shut down before they could go any farther.

Now both movements have become their media caricatures.

gigahurtz
Premium Member
join:2001-10-20
USA

gigahurtz to Boricua

Premium Member

to Boricua
You mean the right calling them unemployed bums who need to get a job?

n2jtx
join:2001-01-13
Glen Head, NY

n2jtx to Morfein

Member

to Morfein
said by Morfein:

I wish their were more like minded individuals like this. Our constitution has been trampled by both parties

I didn't even think it was in force any longer. Not only have the political parties pretty much destroyed it but the SCOTUS has done a wonderful job of twisting it into something not worth much more than a roll of toilet paper. Unfortunately, "we the people" go along with it because there are very few of us who embrace the Constitution as a whole. You have "progressives" who love the Constitution yet want the Second Amendment shut down. You have "conservatives" who love the Constitution but would like to strike the First Amendment down and establish a Christian theocracy. And you have groups from both parties who would trample the Fourth Amendment through the PATRIOT act in the name of National Security.

In a way, it all makes me happy we are not immortal beings. The thought of being stuck here for eternity looks more dismal every day.

tmh
@182.55.159.x

tmh to SysOp

Anon

to SysOp
said by SysOp:

I don't accept violations of the USA Constitution in the name of national security!

Dear SysOp,

Your response has been noted by the NSA spyware residing in the firmware of your RAID array. A search masquerading as a background consistency check has now been completed. The search collected all information regarding your location and identity. The information was sent to your desktop laser printer. A clever hack in the printer's firmware allowed use of the laser as a signalling device. You probably noticed a small drone containing a concealed laser receiver hovering a discrete distance from your office window yesterday.

As you sit by your monitor reading this message, your hard drives are being commanded to self destruct by spinning up to 720,000 RPM. At this speed, the pre-fractured platters (cut using CNC machines containing hacked NSA firmware) will explode, releasing shrapnel that will destroy any living organism within 15 yards. You will never read past this paragraph.

Your webcam will provide visual confirmation that your bloody corpse is indeed lifeless. After which the laser in your printer's rendering engine will be commanded to increase it's output destructively. This is readily done by the NSA hacked printer firmware bypassing the laser's safety circuit and changing the parameters on the laser diode's charge pump.

The increased light output will last just long enough to ignite the printer's paper supply. After a few minutes, the resulting conflagration will destroy your office and any evidence that this happened. All forensics will be able to determine is that the printer somehow shorted out and burned the place down. Don't worry, we'll reimburse the printer company for the resulting lawsuit. After all, they're in on this too.

Have a nice day.

Sincerely,
The Equation Group

STC
@comcast.net

STC to SysOp

Anon

to SysOp
Be careful advocating not paying taxes. This is one area of "free speech" that can land you in a bunch of trouble with the IRS.
wkm001
join:2009-12-14

wkm001 to SysOp

Member

to SysOp
At this point the NSA is obviously a domestic threat. Doesn't that mean the military should get involved?
wispalord
join:2007-09-20
Farmington, MO

wispalord to gigahurtz

Member

to gigahurtz
here is the issue, say they want to abolish guns, being convicted of a federal crime does that prove one thing like a download, or something illegal online they can pin a felony on will let them say well were not taking you to jail but were taking your guns you have a federal charge and then your stuck in this country for life.. I mean do the math make everyone a criminal you can legally control them all the way are laws are written
Skippy25
join:2000-09-13
Hazelwood, MO

Skippy25 to gigahurtz

Member

to gigahurtz
Terrorist only win if you change your life because you fear them.

I personally think the TSA and NSA should go away. They do not provide nearly the "protection" they claim they do for the amount of liberties they have taken away.

I have not changed my life (what I can control), nor will I because of them.

anona
@comcast.net

anona to gigahurtz

Anon

to gigahurtz
You have nothing to hide? So ignorant.

gigahurtz
Premium Member
join:2001-10-20
USA

gigahurtz

Premium Member

Re: RIP Privacy

said by anona :

You have nothing to hide? So ignorant.

I understand the ramifications of what is being done and I don't support it. I also understand the threat this country has by terrorism (many types including cyber). I believe the NSA has gone too far, but I also understand why we went down this path.

The same people who are crying foul about privacy would be the same crying that our government isn't doing enough to protect us if we were ever attacked again.

Anonimoose
@disney.com

Anonimoose to gigahurtz

Anon

to gigahurtz
said by gigahurtz:

I have nothing to hide

How do you know? Even if that were true, what is legal today, may not be tomorrow, and retroactively can be used against you; even if not in court, but in public opinion.

gigahurtz
Premium Member
join:2001-10-20
USA

gigahurtz

Premium Member

Re: RIP Privacy

said by Anonimoose :

said by gigahurtz:

I have nothing to hide

How do you know? Even if that were true, what is legal today, may not be tomorrow, and retroactively can be used against you; even if not in court, but in public opinion.

I understand that things can change and once again, I do not support these actions. I also understand that our privacy is out the window with more than we even know. Major corporations share more of our data than the NSA does. Those same people crying about the NSA are posting every life moment on Facebook. Facebook (and Google) make a lot of money off of our personal information and people don't seem to have a problem with that.

sludgemaster
Premium Member
join:2005-12-06
Bronx, NY

sludgemaster to gigahurtz

Premium Member

to gigahurtz
No, we don't walk a thin line at all. The Constitution is clear on this. "Those who surrender freedom for security will not have, nor do they deserve, either one."
%u2015 Benjamin Franklin
The reason the Constitutional protections exist is because history teaches that no government can be trusted. 9/11 is a poor excuse to violate the Constitution. In hindsight, it is even a poorer excuse because -- as predicted -- our loss of liberty has not bought us any additional security. Just 2 more wars.
If you think you have nothing to hide....you are probably wrong. A recent study demonstrated that the average person in the U.S. commits 3 felonies a day. That is how massive and convoluted existing legislation is.
I am sure you will change your tune when you have been stopped, arrested, searched or shot in the back without cause. It happens multiple times a day in the U.S.

tim_k
Buttons, Bows, Beamer, Shadow, Kasey
Premium Member
join:2002-02-02
Stewartstown, PA

tim_k

Premium Member

Re: RIP Privacy

said by sludgemaster:

. A recent study demonstrated that the average person in the U.S. commits 3 felonies a day. That is how massive and convoluted existing legislation is.

»www.amazon.com/Three-Fel ··· es+a+day

I bought the ebook. If you get on the wrong side of the government, they will easily find something to pin on you.

a1non
@comcast.net

a1non to gigahurtz

Anon

to gigahurtz
I've heard this so much, "I have nothing to hide so I'm not worried." It is a foolish premise. Add this to the Snowden revelations, the would be NSA reformers turned whistle blowers, and the former AT&T employee that found the transport splices in the fiber that lead to an NSA closet in the transport hub building, and the massive NSA compound built in Utah the evidence is indisputable. The NSA is engaging in bulk data mining and storage. That means that anything you say or do electronically past present or future is available to them at any point in time in the future. If in the future any person becomes an obstacle that information can be accessed and used to make a custom circumstantial case against you going back to 2003. Anything you say on the phone, write in your emails, comment on facebook for all time can and will be used against you in a court of law. For that matter, even if your innocent you might get an email from someone who is not and become guilty by association. Witch hunts happen, red scares happen, Federal snatch and grabs to Guantanamo Bay detention centers without due process happen. Those who give up a little liberty for security often get neither.

Astyanax
Premium Member
join:2002-11-14
Melbourne, FL
·AT&T FTTP

Astyanax to gigahurtz

Premium Member

to gigahurtz
said by gigahurtz:

We walk a very thin line with protecting our privacy and protecting our country from terrorist attacks. I have nothing to hide so this doesn't comcern me as much, but it's likely because my expectation if privacy has been diminished since 9/11. The terrorists keep on winning whether we like it or not.

The NSA is trying as hard as they can to collect as much information on everyone as possible on a "just in case" basis. No human NSA agent may have ever laid eyes on one piece of info about you but it's there if they ever need to see it.

They're trying to gather as many haystacks as possible to find the needles.

josephf
join:2009-04-26

josephf

Member

Never use Kaspersky software

You never know what backdoors the Russians want to implant on your PC

rottnpup
join:2000-08-04
Minneapolis, MN

rottnpup

Member

Re: Never use Kaspersky software

I use Kaspersky, I would rather entertain the Russians with my porn then the NSA (Whom I employee with my tax dollar).
gaforces (banned)
United We Stand, Divided We Fall
join:2002-04-07
Santa Cruz, CA

gaforces (banned) to josephf

Member

to josephf
Prove it or STFU.

josephf
join:2009-04-26

josephf

Member

Re: Never use Kaspersky software

Give it 15-20 years and you'll find out it was happening all along. Just as long as it took to to "prove" it happening with the NSA.

Subsidy
@comcast.net

-1 recommendation

Subsidy to gaforces

Anon

to gaforces
said by gaforces:

Prove it or STFU.

He is a Russian KGB agent and always was. He can't be trusted.
»www.wired.com/2012/07/ff ··· sky/all/
»www.brookings.edu/resear ··· hachtman
etaadmin
join:2002-01-17
united state

1 recommendation

etaadmin to josephf

Member

to josephf
Yeah but in the Russian case they are called hackers or terrorists, what do we call our hackers... patriots?

McAfeed
@telia.com

McAfeed to josephf

Anon

to josephf

»www.youtube.com/watch?v= ··· f5PaBzyg
Taget
join:2004-07-29

1 recommendation

Taget to josephf

Member

to josephf
I use Kaspersky. It's all a matter of choice. I trust Vladimir Putin (Kaspersky) with my computer over President Obama (Norton), President Xi Jinping (Kingsoft), Prime Minister Bohuslav Sobotka (AVG), Prime Minister David Cameron (Comodo), Chancellor Angela Merkel (Avira), President Klaus Iohannis (Bitdefender), Prime Minister Alexander Stubb (F-Secure), Prime Minister Robert Fico (ESET Nod32), Prime Minister Shinzo Abe (Trend Micro), or Prime Minister Helle Thorning-Schmidt (Bullguard).

Not that I am saying anything better about these other world leaders but President Putin has done a good job protecting my computer for years. And as he can attest since he always reads my email I have the utmost respect for him.

NOYB
St. John 3.16
Premium Member
join:2005-12-15
Forest Grove, OR

NOYB

Premium Member

Re: Never use Kaspersky software


You left out Microsoft. They going to feel slighted and come after you now.
AmericanMan
Premium Member
join:2013-12-28
united state

AmericanMan to Taget

Premium Member

to Taget
Wow...I had no idea so many of our security programs were run by foreign countries.

SimbaSeven
I Void Warranties
join:2003-03-24
Billings, MT

SimbaSeven to josephf

Member

to josephf
I use ESET Smart Security here.

StuartMW
Premium Member
join:2000-08-06

StuartMW

Premium Member

Also see...

»Kaspersky Exposes NSA Spying Program Mechanism

buzz_4_20
join:2003-09-20
Dover, NH

1 recommendation

buzz_4_20

Member

Dammit

The NSA should have powerful tools to find things.

However it should be used WHEN there is probably cause, not just on by default.

It seems that the 4th Admendment doesn't apply to the NSA and that's just not right.

SysOp
join:2001-04-18
Atlanta, GA

4 edits

1 recommendation

SysOp

Member

Re: Dammit

Plausible deniability. The Equation Group claims responsibility so that the NSA can operate with impunity.

In an exhaustive report published Monday at the Kaspersky Security Analyst Summit here, researchers stopped short of saying Equation Group was the handiwork of the NSA—but they provided detailed evidence that strongly implicates the US spy agency.

»arstechnica.com/security ··· at-last/
wispalord
join:2007-09-20
Farmington, MO

wispalord

Member

so where is that old tandy

maybe its time to use very old tech for terrorist activities you think they use the web, fuck no they use hidden irc servers in 3rd would countries to communicate this is all bout watching American people and control the flow of information, or to discredit information.. there not looking at one person but scanning the metadata as a whole so they can control the public, and discredit those who who oppose them aka snowden

MemphisPCGuy
Taking Care Business
Premium Member
join:2004-05-09
Memphis, TN

MemphisPCGuy

Premium Member

Intercepting Shipments? Or Factory Installed?

Weren't there Snowden revelations that NSA was redirecting hardware shipments and then installing their code before passing them along? Is this suggesting it's much more widespread and does include local retail hdds?

Beans
@verizon.net

-1 recommendation

Beans

Anon

Police state

So i guess that idea of making the usa a police state wasnt so far fetched as the crazies were making it out to be?

Corehhi
join:2002-01-28
Bluffton, SC

Corehhi

Member

SkyNet is fully functional

Is it self-aware???? How would we know if it was????

All this NSA stuff will be abused, over time the government agencies will go over board they always do. The original wiretapping laws weren't designed to let criminals go, they were designed to keep the politicians from doing each other in.

IowaCowboy
Lost in the Supermarket
Premium Member
join:2010-10-16
Springfield, MA

IowaCowboy

Premium Member

Privacy vs security

There is the privacy vs security debate. With National Security at risk I'd be willing to sacrifice SOME privacy for security but this goes too far.

Having my bags searched at the airport and a pat down search before being allowed to board a plane is one thing, government acting as a peeping tom in my computer is unacceptable. What's next, NSA watching the cameras on our phones. Time to mandate that the NSA obey the constitution and obey the rights of law abiding citizens.

Homeland security has its budget up for renewal, they could tie the NSA's funding to respecting the constitutional rights of law abiding citizens.

SysOp
join:2001-04-18
Atlanta, GA

SysOp

Member

V for Vendetta

Always liked this movie.

»www.youtube.com/watch?v= ··· 7mAHolAw
BosstonesOwn
join:2002-12-15
Wakefield, MA

BosstonesOwn to IowaCowboy

Member

to IowaCowboy

Re: Privacy vs security

Where you think that 1 billion in stolen funds from a ton of banks went ? Not to hackers...

firephoto
Truth and reality matters
Premium Member
join:2003-03-18
Brewster, WA

firephoto

Premium Member

Remember when...

... that annoying hdd led that always blinked when your computer was doing nothing but would stop the instant you started to do something like investigate why it was blinking?

How about the little chirpy bird in your seagate hdd? Does the NSA like chirpy birds?

How about those manufacturer firmware issues that needed new downloads and and special software to boot and fix your drive before it died?

SMART tools that newer drives got so some software can monitor what the drive has been doing?

We trusted for decades the little dumb storage device spinning in a box but that dumb device got smarter. Do you really want features on your basic needs? Bells and whistles? New technology?

"You knew this new hardware had advanced 'monitoring' software, we can't control what nefarious people might do with it, our intentions are for our customers to have access to more data to better understand their needs as it relates to the way the hardware is used..." "oh shiny, it must be better"


••••
StLCardsFan
join:2011-06-06
Lafayette, LA

StLCardsFan

Member

wtf is this

how does this happen and WHY are people not going postal on the NSA?

•••••••••••

Venomism
@130.85.58.x

Venomism

Anon

Misleading

Please do your research first, kaspersky labs did not once claim that the NSA was behind these attacks, they claim that an organisation known as the equation group is to blame. Here is an article on the topic, which cited kaspersky labs directly »arstechnica.com/security ··· at-last/