Link

‘Breakthrough’ NSA spyware shows deep grasp of makers’ hard drives

‘Breakthrough’ NSA spyware shows deep grasp of makers’ hard drives:

The espionage program appears to be fairly targeted, said Chris Parsons, an expert on state surveillance tools with the University of Toronto’s Citizen Lab.“This is what we can count,” a Kaserpsky spokesperson said. “Because of [the] self-destroying function of the malware, the number [of victims] could be much higher.”

“Realistically, that’s a comparatively small number when you look at the global population of computers that are sold,” Parsons said.

Canada was not identified as one of the nations that has been targeted by the tampered hard drives.

What is firmware?

Firmware is software that enables a computer to perform its basic functions, Parsons explained.

“It’s essentially the operating code that runs the devices in your computer,” he said. “Think of it as the base code that’s used to run the hardware. Once the firmware is running … all the pieces of your computer get activated and are able to function.”

Kaspersky’s analysis suggests the spyware could work on popular hard drives manufactured by Western Digital, Seagate Technology, Toshiba, IBM, Micron Technology and Samsung.

“The value of getting in before everything else loads is you can influence what loads, how it loads, when it loads, and the value is much higher than if you waited until the operating system booted up,” Parsons said.

That’s because most anti-virus programs tend to be designed to take action following the loading of firmware. This particular program, however, would be “masked” in the firmware.

Which users might be affected by this?

Parsons points out that so far all the malware collected has been designed to work with Microsoft Windows.

One of the characteristics of this malware was to modify the sensor instructions to make the changes to the firmware “almost impossible to detect,” Parsons explained.

“So by the time you go to boot into Windows, it’s already compromised, and this has been hidden for at least eight to 14 years,” he said.

Parsons anticipates hackers will be emboldened by the report’s findings.

“By now knowing the kinds of attacks possible, you can be certain that other actors will now try to emulate and copy what we’ve seen here,” he said. “The risk of copycats is now much more likely.”