The US National Security Agency (NSA) has reportedly hidden surveillance software in the hard drives of several top computer makers in an international operation.
Security firm Kaspersky Lab discovered the Stuxnet-like spyware in PCs in 30 countries and linked it to a nearly 20-year operation by “The Equation Group”.
Reuters sources claim the NSA is responsible for placing the spyware in hard drives from manufacturers such as Western Digital, Seagate and Toshiba.
According to a former intelligence operative, the NSA had developed the prized technique of concealing spyware in hard drives, but the intelligence agency has reportedly declined to comment.
“Kaspersky Lab’s experts can confirm they have discovered a threat actor that surpasses anything known in terms of complexity and sophistication of techniques,” Kaspersky said in a report.
Kaspersky Lab researchers said the surveillance tools they discovered were very complicated and expensive to develop.
They said the tools were designed to retrieve data and hide their activity in an “outstandingly professional” way, using classic spying techniques to deliver malicious payloads to the victims.
The spyware was found to be able to rewrite the firmware on hard drives, making it able to evade virus scans and even survive reformatting the hard drive.
The spyware enables its operators to steal files or eavesdrop on infected PCs as soon as they are connected to the internet.
Most infections were found in Iran, followed by Russia, Pakistan, Afghanistan, China, Mali, Syria, Yemen and Algeria.
Targets included government and military institutions, telecommunication companies, banks, energy companies, nuclear researchers, media organisations and Islamic activists.
Spyware closely linked to Stuxnet
Kaspersky Lab researchers said the spyware was closely linked to Stuxnet, which was used to attack Iran’s uranium enrichment facility in an operation widely believed to have had US backing.
Commentators said the revelation of the NSA spyware planting operation will further damage the reputation of the US and increase suspicion of US-led technology.
They said the latest reports are likely to deal a further blow to US efforts to play down the global surveillance operation exposed by whistleblower Edward Snowden.
Kaspersky Lab researchers said the spyware represents a technological breakthrough in its ability to be hidden in the firmware of hard drives that launches every time a computer is turned on.
“The hardware will be able to infect the computer over and over,” said lead Kaspersky researcher Costin Raiu,
He said the operators of the spyware established full remote control only over machines belonging to the most desirable foreign targets.
The hardware will be able to infect the computer over and over
Costin Raiu, Kaspersky Lab
Kaspersky Lab researchers revealed the spyware could work in disc drives sold by more than a dozen companies, including Western Digital, Seagate, Toshiba, IBM, Micron, and Samsung Electronics.
Western Digital, Seagate and Micron said they had no knowledge of the spyware, reported The Telegraph. Toshiba and Samsung declined to comment, and IBM did not respond to requests for comment.
It is not yet known how the spyware was planted on the hard drives. It is possible the hard drives were physically intercepted and loaded with the spyware before being repacked and sent on to targets.
Other possibilities include that the NSA asked manufacturers for their source code directly or indirectly, or posed as software developers in the core hard disk manufacturing companies.
Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Related content from ComputerWeekly.com
RELATED CONTENT FROM THE TECHTARGET NETWORK