Home > Linkfest > Interesting Links: Feb 16, 2015

Interesting Links: Feb 16, 2015

Here are links to some interesting news articles I came across today. As you might notice, all three are about the latest revelations on what the NSA has been upto for all these years.

Link 1: How “omnipotent” hackers tied to NSA hid for 14 years—and were found at last

It wasn’t the first time the operators—dubbed the “Equation Group” by researchers from Moscow-based Kaspersky Lab—had secretly intercepted a package in transit, booby-trapped its contents, and sent it to its intended destination. In 2002 or 2003, Equation Group members did something similar with an Oracle database installation CD in order to infect a different target with malware from the group’s extensive library. Kaspersky settled on the name Equation Group because of members’ strong affinity for encryption algorithms, advanced obfuscation methods, and sophisticated techniques.

The money and time required to develop the Equation Group malware, the technological breakthroughs the operation accomplished, and the interdictions performed against targets leave little doubt that the operation was sponsored by a nation-state with nearly unlimited resources to dedicate to the project. The countries that were and weren’t targeted, the ties to Stuxnet and Flame, and the Grok artifact found inside the Equation Group keylogger strongly support the theory the NSA or a related US agency is the responsible party, but so far Kaspersky has declined to name a culprit. NSA officials didn’t respond to an e-mail seeking comment for this story.

Link 2: Russian researchers expose breakthrough U.S. spying program

The U.S. National Security Agency has figured out how to hide spying software deep within hard drives made by Western Digital, Seagate, Toshiba and other top manufacturers, giving the agency the means to eavesdrop on the majority of the world’s computers, according to cyber researchers and former operatives. That long-sought and closely guarded ability was part of a cluster of spying programs discovered by Kaspersky Lab, the Moscow-based security software maker that has exposed a series of Western cyberespionage operations.

According to Kaspersky, the spies made a technological breakthrough by figuring out how to lodge malicious software in the obscure code called firmware that launches every time a computer is turned on.Disk drive firmware is viewed by spies and cybersecurity experts as the second-most valuable real estate on a PC for a hacker, second only to the BIOS code invoked automatically as a computer boots up.

Link 3: The NSA hides surveillance software in hard drives

It’s been known for a while that the NSA will intercept and bug equipment to spy on its soon-to-be owners, but the intellgency agency’s techniques are apparently more clever than first thought. Security researchers at Kaspersky Lab have discovered apparently state-created spyware buried in the firmware of hard drives from big names like Seagate, Toshiba and Western Digital. When present, the code lets snoops collect data and map networks that would otherwise be inaccessible — all they need to retrieve info is for an unwitting user to insert infected storage (such as a CD or USB drive) into an internet-connected PC. The malware also isn’t sitting in regular storage, so you can’t easily get rid of it or even detect it.

What do you think? Comments?

Categories: Linkfest
  1. P Ray
    February 16, 2015 at 7:47 pm

    The takeaway from that revelation,
    is that SSDs may be safer than hard disks.

    Also, firmware updates to hard drives exist, it is remarkable that the software escaped detection.
    It may be time to look at the SSDs from Asian countries then. e.g. Plextor, Kingmax, Apacer, Transcend …

    • barrkel
      February 18, 2015 at 10:55 am

      SSDs have even more complex firmware than HDDs; write levelling, write combining, caching etc. is the biggest difference between vendors, many of which are using flash chips from the same manufacturer. I don’t think SSDs are any safer than HDDs; if anything, you can hide more in an SSD.

      • P Ray
        February 18, 2015 at 11:30 am

        many of which are using flash chips from the same manufacturer.
        That also means a single point of failure if the chips are defective, kind of like how bad capacitors created a depression in the pc industry some years back.

        I don’t think SSDs are any safer than HDDs; if anything, you can hide more in an SSD.
        Have you seen an SSD fail? Some even come with abortion switches, so they are overvolted and utterly destroyed.
        Useful if you handle any kind of sensitive information.

  2. mark
    February 17, 2015 at 5:01 am

    Interesting stuff and interesting work, doing it and uncovering it. “A long list of almost superhuman technical feats illustrate Equation Group’s extraordinary skill, painstaking work, and unlimited resources.”
    The question, in my mind, is Snowden now working at Kaspersky Lab’s, the Kremlin or both?

    • hoipolloi
      February 17, 2015 at 5:25 am

      A good guess. I would be surprised if he is not involved in the reported Kaspersky Lab’s work.

    • P Ray
      February 19, 2015 at 6:49 am

      Don’t forget that Kasperksy himself has been working with the KGB.
      Interesting how the people “outing the spies” are themselves involved in the business.

  3. February 18, 2015 at 9:49 pm

    American Hi-tech products will take a hit in worldwide sales

    • February 21, 2015 at 1:44 pm

      From my cursory research, US high-tech tends to be weaponry, such as armed drones. I doubt this snoopware is going to affect those sales much.

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: