Cyber-security company Kaspersky Labs has just exposed a U.S. spying program. According to Kaspersky the NSA is making hard drive manufactures WD and Seagate embed backdoors straight into the hard drive firmware. This lets the NSA directly access raw data, agnostic of partition method (low-level format), file-system (high-level format), operating system, or even user access-level.
Kaspersky has said it has found PCs in 30 countries with one or more of the spying programs, with the most infections being seen in Iran, followed by Russia, Pakistan, Afghanistan, China, Mali, Syria, Yemen and Algeria.
Kaspersky has claimed that these HDD backdoors have already been used and are currently being used to sky on foreign governments, military organizations, telecom companies, banks, nuclear researchers, and much more. Kaspersky has declined to say who designed the malware, but did say that it has close ties to the developement of Stuxnet, the same cyber-weapon used by the NSA to destabilize Iran’s uranium-enrichment facilities.
According to Kaspersky the backdoor is perfect in design. Each time you turn on your PC on, the system BIOS load the firmware of all hardware components onto the system memory, even before the OS is booted. This is when the malware is activated, giving access to critical OS components, this would include network and file-system access.
Both WD and Seagate have denied sharing the source-code of their hard drive firmware with any government agency and have maintained that their hard drive firmware is designed to prevent tampering or reverse engineering. Former NSA employees have said it is fairly easy for the agency to obtain such source code. They can pose as a software developer or the government could seek source code by telling a manufacturer it needs to inspect the code to make sure its clean before it can buy PCs running their hard drives.
It is quite surprising that “tampered” hard drive firmware has made it to mass-production though. Both Seagate and WD have manufacturing facilities in countries like Thailand and China, which are located in high-security zones to prevent intellectual theft or sabotage. It is very hard to imagine this firmware making it on to production drives without some type of collaboration from the company.