Yes, I know: The world is heading toward hell and the teevee news channels are shouting for war. Very soon, I'll have much to say about all of that. But right now, I want to talk about the war against your privacy.
The Russian anti-malware firm Kaspersky has verified what many have suspected: The NSA has found a way to hide spy programs in the firmware of your hard drives
The bad code is not on the platter -- not even in the boot sector. It's in the guts of the electronics built into the metal box encasing the platter. Even if you completely wipe the drive, the spy code is still there. No matter what you do, the malware says "Hello, Fort Meade!"
every single time you turn on your system.
Though the leaders of the still-active espionage campaign could have taken control of thousands of PCs, giving them the ability to steal files or eavesdrop on anything they wanted, the spies were selective and only established full remote control over machines belonging to the most desirable foreign targets, according to Raiu. He said Kaspersky found only a few especially high-value computers with the hard-drive infections.
Kaspersky's reconstructions of the spying programs show that they could work in disk drives sold by more than a dozen companies, comprising essentially the entire market. They include Western Digital Corp, Seagate Technology Plc, Toshiba Corp, IBM, Micron Technology Inc and Samsung Electronics Co Ltd.
Question: How did the NSA pull off this trick? My first thought was that the Agency must have worked with the manufacturers. But:
Western Digital, Seagate and Micron said they had no knowledge of these spying programs. Toshiba and Samsung declined to comment. IBM did not respond to requests for comment.
It is not clear how the NSA may have obtained the hard drives' source code. Western Digital spokesman Steve Shattuck said the company "has not provided its source code to government agencies." The other hard drive makers would not say if they had shared their source code with the NSA.
The above-linked article contains much speculation as to the various ways the NSA might have gotten hold of the source code. However, there is no speculation as to how the Agency might have replaced the manufacturer's code with modified code.
A virus? Well, yes: It is
possible to write a virus that digs into the firmware, but the risk has always been considered low. Here's why
(from an older article about malware):
According to Computerworld, Western Digital Vice President Gary Meister said there is a way to build a virus that can damage a particular hard drive's firmware and disable the device. However, the firmware can be flashed and restored to its original state, so the firmware-damaging virus still can't permanently disable a hard drive. The firmware-damaging virus is an impractical creation, though, as it is extremely difficult to code, has to be tailor-coded for each specific hard drive and lacks motivational intent because it would disable a computer instead of steal information.
Obviously, the NSA would rather spy than fry your drive, and it seems that they have found a way to do just that. Could they really have pulled off this trick without working with the Seagate, WD and the others? Despite the protestations of the companies, the simplest theory is that this thing was an inside job.
The NYT expands upon this story here
. This story suggests that the spyware burrows into the motherboard's firmware, not just the firmware used by the hard drive.
A reader named Propertius, who definitely seems to know what he is talking about, takes issue with my suggestion that this was an inside job. I'm sure he won't mind seeing his words republished here...
I disagree. For anyone with decent assembler or machine code programming skills, the simplest theory is that they picked up some drives at Best Buy, read out the contents of the PROMs, and modified the code. I spent half my career doing assembly code for supercomputers - I could do this in my sleep and I'm hardly unique. No assistance from the manufacturer required.
But how to get the firmware bug onto the system in the first place? I'd love to hear from people who are more computer-savvy than I...