Russian security software maker Kaspersky Lab announced that a cyber espionage group, perhaps connected to the NSA, has developed a means to hide spying software within the hard drives of personal computers. Computers impacted include those manufactured by companies such as Western Digital and Seagate.
The surveillance program is among several spy surveillance programs discovered by Kaspersky. Although Kaspersky did not say specifically who planted the software, they said the program is closely linked to Stuxnet, an NSA-related cyberweapon that was used to attack Iran’s uranium enrichment facility.
The spies were able to access source codes for computer hard drives, allowing the attackers to better understand and control computer systems. According to unnamed former intelligence operators who spoke with Reuters, NSA employees may have obtained the source codes by posing as software developers and asking manufacturers directly for the information.
Knowing the source code allowed access to the drive, and spies were able to place spyware into the firmware. The corrupted firmware runs each time a computer is turned on. Firmware loads all the low-level drivers that manage a computer’s interfaces such as keyboards and displays before an operating system such as Windows is booted.
As the firmware helps to manage the computer’s operating system, the malware is able to access many of the computer’s folders, file-systems and operating system components. Viruses in the firmware are usually undetectable, and as a consequence are difficult to remove.
The surveillance software has been found on computers in 30 countries worldwide. Iran, Russia, Afghanistan, China, Mali, Pakistan, Syria, Yemen and Algeria were particularly targeted. Institutions of interest included government and military organizations, energy companies, Islamic activists and the media.