back to article Your hard drives were riddled with NSA spyware for years

The US National Security Agency (NSA) infected hard disk firmware with spyware in a campaign valued as highly as Stuxnet that dates back at least 14 years and possibly up to two decades – all according to an analysis by Kaspersky Labs. The campaign infected possibly tens of thousands of Windows computers in telecommunications …

  1. Captain DaFt

    "flexed their full remote access control over infected machines only for high value targets."

    Which recent history has shown to be anything/one that is not NSA.

    1. Anonymous Coward
      Anonymous Coward

      but the '...w.dll'

      Apparently not Microsoft Windows either. Well, I guess Microsoft could of NOT known about this, which leads me to believe that Microsoft's own kernel was NOT written to accommodate this (which truthfully there is a lot of things Microsoft's kernel might NOT pick up on). So, Microsoft did NOT know about this, so what else do they NOT know?

      Doesn't it make you feel like a secure Windows user when Windows just runs anything that is present? GO MICROSOFT! (Of course, is there a '...u.o' out there? Wait, would it matter?).

      1. 1Rafayal

        Re: but the '...w.dll'

        This could effect mono implementations?

      2. wilhil

        Re: but the '...w.dll'

        Which is why I don't get the flack when Microsoft try to implement (optional) technologies such as secureboot which have the ability to prevent these sort of attacks.

        1. Charles 9

          Re: but the '...w.dll'

          It's the Don't Trust Anything Closed-Source attitude. The thought is that any apparent security aid is really a super secret secret backdoor.

          1. Jaybus

            Re: but the '...w.dll'

            Any security software that relies on obfuscation is only a false hope of security. For example, if an encryption algorithm is mathematically sound, then there is no need for the algorithm itself to be secret. Knowing that there cannot be any benefit from the source code being secret, while there can of course be backdoors, why should we trust it? Wouldn't an open source version be more trustworthy simply because it makes it very hard indeed to hide a backdoor?

        2. Yet Another Anonymous coward Silver badge

          Re: but the '...w.dll'

          Because they don't prevent these sort of attacks when the attacker has a copy of the key

          But they do prevent you installing anything else to prevent these attacks

          1. Anonymous Coward
            Anonymous Coward

            Re: but the '...w.dll'

            "Because they don't prevent these sort of attacks when the attacker has a copy of the key"

            Just like any security system - you have to trust the author. If there was a boot loader around with a different checksum, it would soon be spotted.

            "But they do prevent you installing anything else to prevent these attacks"

            No, they don't stop that at all.

        3. Suricou Raven

          Re: but the '...w.dll'

          Wouldn't stop the NSA for long. All they need is a signing key or signing of their own bootloader. I can think straight away of three ways to get these:

          1. Hack Microsoft. Either technologically, or via blackmail/bribery.

          2. Super-secret national security letter demanding MS sign the NSA hack, or else someone goes to jail.

          3. Hint that people with Influence really want MS to be cooperative on this, and the government is considering converting a couple of departments to Windows 10 and Surface tablets.

          1. streaky

            Re: but the '...w.dll'

            "Wouldn't stop the NSA for long. All they need is a signing key or signing of their own bootloader"

            Anybody involved in this would go out of business very quickly - all their trust keys would be revoked and they'd be *extremely* lucky to have anybody ever accept them again.

            1. Anonymous Coward
              Anonymous Coward

              Re: but the '...w.dll'

              "Anybody involved in this would go out of business very quickly - all their trust keys would be revoked and they'd be *extremely* lucky to have anybody ever accept them again."

              And anybody NOT involved in this would lose a lot of customers and business just as quickly - so it's a dilemma. Defy and America blacklists you. Submit and everyone else blacklists you.

              1. Mike Smith

                Re: but the '...w.dll'

                If you look to the future, which is admittedly a bit of an ask for most current CEOs, it's not that much of a dilemma.

                Defy, and be damned to the Americans.

                The IT world isn't anything like as US-centric as it was even ten years ago - and even then, things were heading away from The Land Of The Free (TM). When I started in IT, longer ago than I care to remember, the US held most of the market and most of the knowledge. Now a lot of that has gone to India and China, encouraged by a generation of short-sighted idiots who were, and are, chronically incapable of seeing further than three months ahead.

                In ten years time, I can see the US becoming a technological backwater, with its priceless technical and manufacturing capabilities thrown to the dogs by myopic bean-counters, egged on by the retards of Wall Street. The people I feel sorry for are the ordinary Yanks with families to support and roofs to keep over their heads, as they'll cop for the fall out.

              2. Anonymous Coward
                Mushroom

                Re: but the '...w.dll'

                "And anybody NOT involved in this would lose a lot of customers and business just as quickly - so it's a dilemma. Defy and America blacklists you. Submit and everyone else blacklists you."

                That's why the USA needs to get their ass to mars so as to stop messing the planet up for the rest of us and stop meddling with our legal system (via treaties or strongarm tactics)

                Nuke icon because at least we'd be free of US tyranny if they did all board Mars One.

            2. JamesTQuirk

              Re: but the '...w.dll'

              I do think VM's will be next, Not that I am saying they are Now a issue, but a sub 5meg VM of a DOS or Tinycore Linux really screwed down @ about 8meg, on a Fast Internet Connection, with Virtualisation enabled on a Unsecured/unpatched windows box, could/would install in seconds, and then be running in background, either on a Real PC on a Cloud Server I suspect,

              But a theory .......

              1. Alan Brown Silver badge

                Re: but the '...w.dll'

                "Tinycore Linux really screwed down @ about 8meg, "

                I was able to run linux 24-port terminal servers with RADIUS in 4Mb back in the 1990s. Tinycore sounds a little bloated. :)

                1. JamesTQuirk

                  Re: but the '...w.dll'

                  Alan Brown

                  All true, I am still running Debian on Amiga 2000/060, 128mg ram, it's .iso is about 2.8 meg (OS only), however, I think giving the game anyway is a mistake, I was looking at updating old Concurrent DOS, as a plaything, less than 500kb, install... Tinycore can be nailed down a lot, 8 meg core, 12 meg with apps, is the way it comes from "factory", but it is Linux, cull, install, set it up to do what you want ... The original Amiga OS could run multitasking OS in about 1meg, so it is possible ..

            3. Anonymous Coward
              Anonymous Coward

              Re: but the '...w.dll'

              @ Streaky

              You're assuming that this highly classified involvement would ever be A) discovered and B) something that the "anybody" in questions competitors were not also involved in

            4. fajensen

              Re: but the '...w.dll'

              Anybody involved in this would go out of business very quickly

              Builders start a business, get credit with suppliers, max out credit, then go out of business *all the time*, the same builders, using the very same suppliers, that they ripped off two months ago.

              Why is this possible? Because of "securitisation", the suppliers just sell the credit on to "investors" for an immediate return. After that it's not their problem what happens to payments so they don't care, as long as there is a market for high yield paper, everyone are golden.

              A similar business model must already exist around key signing.

            5. Roo
              Windows

              Re: but the '...w.dll' - Could be time to IPL with Toggle Switches. ;)

              "Anybody involved in this would go out of business very quickly - all their trust keys would be revoked and they'd be *extremely* lucky to have anybody ever accept them again."

              Vendors are compelled to comply with the law - regardless of how stupid or counterproductive it may be.

              Besides I'll bet that most people would choose to have their machine boot with the NSA malware in place than not boot at all.

              At least the greybeards with old PDP-11s running V7 UNIX in the basement can bootstrap via toggle switches, so the world hasn't ended yet. ;)

          2. jgarbo
            Black Helicopters

            Re: but the '...w.dll'

            Since when was Bill Gates ever concerned about your privacy? MS has probably been in bed with the intelligence services from Day 1, as have Google. Wake up. You're on your own.

      3. Anonymous Coward
        Anonymous Coward

        Re: but the '...w.dll'

        The toolkit isn't limited to Windows.

        1. Anonymous Coward
          Anonymous Coward

          Re: but the '...w.dll'

          "The toolkit isn't limited to Windows."

          A windows .dll isn't going to be much use on Linux or *BSD and no use whatsoever if its a non x86 motherboard the disk finds itself connected to.

        2. Mark 65

          Re: but the '...w.dll'

          @AC: If, as you say, the toolkit isn't limited to windows then are you claiming that they have managed to pre-install a firmware for hard drives that contains malware to cover Linux, windows, OS X and bsd in x86, x86_64 and AMD variants? Not fucking likely. 32bit windows would be my guess.

      4. Anonymous Coward
        Anonymous Coward

        Re: but the '...w.dll'

        http://www.brainyquote.com/quotes/quotes/d/donaldrums148142.html

      5. ThinkingMonkey
        Linux

        Re: but the '...w.dll'

        Yes, Microsoft MAY not have known about it but MS has been suspected for years (please don't make me google for the papers, but I will), along with Google and a few other MAJOR players, to have "cooperated" with the NSA when asked to supply backdoors and other types of access. Apple famously refused the FBI. Not to say the NSA doesn't have complete access to Apple products but publicly Apple said "No way". The others didn't make it public but they were caught in various ways giving up user data just because they were asked for it. All this in the name of "National Security" and the "War on Crime".

    2. solo

      Re: anything/one that is not NSA.

      Including US senate

    3. Anonymous Coward
      Anonymous Coward

      This only adds to my opinion that the Americans are a lost people. They no longer live in a democracy and are ruled by power mad despots who care little for their own constitution and rule of law.

      1. jgarbo
        Big Brother

        It's taken this long - and this event - to make your realize that the US has been a fascist police state since, well, the 1960s? Have you been out of town?

        1. Anonymous Coward
          Anonymous Coward

          "It's taken this long - and this event - to make your realize that the US has been a fascist police state since, well, the 1960s? Have you been out of town?"

          You dont think every other government on the planet wouldnt do the same if they could (and perhaps already are)? Wake up sleeping beauty and smell some WelcomeToTheRealWorld coffee.

        2. ThinkingMonkey

          "...since, well, the 1960s"

          Maybe.

          The real police state started (well, when it became "We are the police and we'll do what we want and we don't give a fuck if you don't like it" anyway) right after the terrorist attacks 9/11.

          I personally had a couple of run-ins. Once when during a basic, routine traffic stop (I was speeding a little) a lady friend got her purse dumped and searched, I was pulled from the car and handcuffed "for my own safety" (what a load of shit), the trunk lid was popped, and the whole car and our persons were thoroughly searched, much to my verbal (thought polite) objections.

          I talked to a defense lawyer friend of mine soon after, intending for the cops involved to at least get an ass chewing from the chief, and he said I should basically just get used to it. (WTF?) They had new search and seize powers granted to them after 9/11 and could basically strip search you on the side of the road without a warrant, if they so pleased.

          And I served 11 years in the United States Marine Corps, supposedly protecting U.S "freedoms". What an idiot I was.

  2. This post has been deleted by its author

  3. Anonymous Coward
    Anonymous Coward

    Just when you think you're paranoid...

    1. Anonymous Coward
      Black Helicopters

      Why didn't you finish that line? Did the NSA's black-bag team grab you and stuff you in a van?!

      WE WANT TO KNOW!!!

      1. Anonymous Coward
        Anonymous Coward

        I remain unbagged and unvanned at the time of writing, thank you for your enquiry.

        The line remained unfinished because I was just back from the pub so I could have gone on a multi-page rant about the entitled tosspots who think they have a fucking right to mess with my own possessions in my own fucking house...or I could just fire up the Xbox and work out my ire on some pixels; which I did.

  4. RAMChYLD

    Wait

    So the malware on the firmware is a DLL, a Win32 library. If it was forced upon an OpenBSD or Linux system, wouldn't that caused the system to crash or fail to boot immediately?

    1. Anonymous Coward
      Anonymous Coward

      Re: Wait

      No, it shouldn't cause a non-Windows system to fail, being the non-Windows system is already running, it would just be ignored. But it does make you wonder if you the hdd would fail. There is no details about this yet, but it appears it relies on a win16 loader.

    2. Lee D Silver badge

      Re: Wait

      Likely it doesn't "force" anything. It probably intercepts calls to well-known Windows boot files and replaces them with it's own version. Might be behind a blue-screen or two but then you'd realise when you bin the drive it fixes itself (however, by then, the malware is likely inside your core Windows images and backups).

      But, yes, you have to start somewhere - you can't make a any-platform malware that'll work for everything, so you likely just write for your most likely target.

      More importantly, this will stop source-code access to such things and/or stop foreign entities trusting anything made in the US. And likely they aren't the first. There's never been anything stopping a hard disk firmware literally KNOWING when you are accessing, say, the Windows boot process files and slipping in its own data. It could even interpret the NTFS, check filenames, boot sectors, etc. on-the-fly.

      Except... surely... if you're encrypting everything that goes to disk, even the OS (which is the only secure way to encrypt)... this is useless? The hard disk won't be party to the key (because the read sectors will be encrypted data or an encrypted key which is only unlocked in RAM by the user's entered key?), and will never spot that the data going through it is ripe for insertion, nor have the ability to do so undetected.

      The only chance to infect is initial boot and, well, wouldn't TPM and/or privately signed bootloaders stop that in its tracks? Again, anyone SERIOUS about not wanting the NSA et al inside their machine (e.g. Iranian nuclear plants, Chinese military, etc.) could probably just encrypt and enforce basic security and they're done?

      Sorry, but these are attacks against bog-standard mainstream PC's with no security. Anyone with a brain shouldn't be storing anything of interest in there.

      1. Charles 9

        Re: Wait

        If it's not decrypted on the HDD, then it's being done somewhere on the motherboard, and the snoops have ways in there, too. And if you try to avoid them, you just get nailed by another snoop.

        1. Lee D Silver badge

          Re: Wait

          Sure, so we should all give up and just email our passwords to the NSA / GCHQ, then?

          No. Sorry. If the hard drive could be malware, then basic system security and encryption would have prevented it BEFORE we even knew about this attack. So enforce security or stop using hard drives. Same all the way to the metal in every case. Hell, you can use another motherboard/processor, but access to that kind of size of data storage isn't something that's available in every electronics hobbyist shed so you may be forced into using them.

          However, biggest thing would probably be - WATCH YOUR CONNECTIONS, because the only sensible way to control these things and have them talk back is to be on the net. And if someone is implanting Win32 malware into drive firmware, then you need to start watching what's going on in your supply chain - particularly because it means you're putting bog-standard Windows machines in areas that you shouldn't be.

          This is not "you can stop everyone getting in, ever", it's basic security. I'm sorry but it's embarrassing for you if your nuclear power plant is running on general purpose x86 hardware that loads from SATA and doesn't bother to check integrity of bootloaders, it really is. And it's laughable that NSA etc. are bothering to attack such open machines in so blatant - and recordable - a fashion.

          Secure your important stuff as if... well as if were important that others didn't get into it.

          1. tom dial Silver badge

            Re: Wait

            I will be dusting off and refurbishing my Epson Equity III+, with floppy disk, MFM hard disks, no cdrom, no ethernet, and no USB. And running Xenix.

            1. This post has been deleted by its author

              1. The Mole

                Re: Wait

                What makes you think they haven't developed linux versions of the attack? The basic mechanisms wouldn't be that different.

                1. JamesTQuirk

                  Re: Wait

                  You mean my custom Sandboxed - Live DVD version Xubuntu ? with Bios passworded ? maybe, I hope not, who knows I may have to reset to clear Memory, but in a few months, OK ?

                2. Mark 65

                  Re: Wait

                  What makes you think they haven't developed linux versions of the attack? The basic mechanisms wouldn't be that different.

                  Oh, the fact you don't know where said drive is headed and thus aim for the statistical sweet spot - 32 bit Windows.

                  1. Anonymous Coward
                    Anonymous Coward

                    Re: Wait

                    ... Or you go to Korea and show the geeks who wrote the software for the disc controllers a really good time and a duffel of nice, crisp, 500 EUR notes ... Theirs if they could, like, add one or two binaries to the link list - and the photo documentation of the really good time would not need to be published either.

                    1. Alan Brown Silver badge

                      Re: Wait

                      "Or you go to Korea and show the geeks who wrote the software for the disc controllers a really good time"

                      Do you think this hasn't already happened?

                      One of the things which is coming out of the Snowden revelations is that like decent security, serious attack plans tend to be layered too.

          2. Anonymous Coward
            Unhappy

            Re: Wait

            @Lee D.

            I think you give IT departments and users too much credit. Weren't we just treated to stories about how the Sony Pictures hack was aided by some unencrypted Excel spreadsheet of logins and passwords left lying around somewhere on the Sony Pictures network, where the bad guys scooped it up?

            If major corporations who know they have intellectual property to protect can do that kind of self-evidently stupid stuff, imagine how many machines can be swept up by something like what the NSA is doing.

            1. fajensen

              Re: Wait

              If major corporations who know they have intellectual property to protect can do that kind of self-evidently stupid stuff, ...

              It is very simple:

              Eliminating processes that does not produce a visible result to customers or on the bottom line is a Very Important Strategy in <Place-holder for the latest management religion/fad to infest businesses>

              It quickly becomes kind-of hard to defend the wasting resources on security when there is never any hacking incidents. So the accountants can always scale back the costs.

              However, once security becomes crappy enough, then the dynamics become self-reinforcing: There will never be any incidents because the gutted IT-systems cannot actually detect anything and the remaining staff left in IT, being the dregs of the barrel and living on the cutting edge of outplacement, will always fear that any problem there is was something they did or it will be blamed on them, triggering further pink-slipping (besides, the network monitoring is long since p0wned and lying about everything).

              The corporation, now like a larvae infested by a parasitic wasp, is just happily chucking along until the hackers get bored and spill the beans.

          3. Alan Brown Silver badge

            Re: Wait

            "I'm sorry but it's embarrassing for you if your nuclear power plant is running on general purpose x86 hardware that loads from SATA and doesn't bother to check integrity of bootloaders, it really is."

            Given that VMS is going off support 20 years prematurely, a bunch of existing plants are already in an awkward position.

      2. tom dial Silver badge

        Re: Wait

        Patching the Windows components appears to be done dynamically in memory, and would pccure after any decryption of data stored on the disk. The attacks undoubtedly are mainly against "against bog-standard mainstream PC's with no security" but seem designed to evade standared and even quite advanced security protocols. After all, they are intended for use in espionage.

  5. Spaceman Spiff

    Well, it's the NSA - paranoia rules!

    Sometimes if you think people are after you, there are!

    1. phil dude
      Boffin

      Re: Well, it's the NSA - paranoia rules!

      Read the Ars article here.

      I know Kasperksy is a company trying to make coin, but the work published here looks a non-trivial piece of detective work.

      P.

  6. Anonymous Coward
    Anonymous Coward

    Grzegorz Brzeczyszczykiewicz

    His name caused a buffer overflow in my brain from too many z's and c's, so the NSA probably felt they had to attack him first before the brains of everyone more than 200 miles west of the Danube crashed.

    1. Captain DaFt

      Re: Grzegorz Brzeczyszczykiewicz

      "Grzegorz Brzeczyszczykiewicz"

      Now there's a man that would seriously injure himself if he ever tried to 'write' his name on a snowbank!

      1. Mark 85
        Coffee/keyboard

        Re: Grzegorz Brzeczyszczykiewicz

        Have an upvote... I needed the laugh and now need a keyboard.

    2. Alister

      Re: Grzegorz Brzeczyszczykiewicz

      Wow, the poor bloke's got a serious vowel deficiency.

      1. Destroy All Monsters Silver badge

        Re: Grzegorz Brzeczyszczykiewicz

        The feel when SNOWCRASH!

      2. This post has been deleted by its author

      3. J. R. Hartley

        Re: Grzegorz Brzeczyszczykiewicz

        Irritable vowel syndrome.

        1. JamesTQuirk

          Re: Grzegorz Brzeczyszczykiewicz

          As 1 who sort of known's his pain, http://www.forvo.com/word/grzegorz_brz%C4%99czyszczykiewicz/

    3. chrishansenhome

      Re: Grzegorz Brzeczyszczykiewicz

      I plugged it into Google Translate and used the pronunciation tool to listen to his name. I do wish the pronouncer would slow down, though. I got the "B" fine--everything else was a blur.

      1. Martin Taylor 1

        Re: Grzegorz Brzeczyszczykiewicz

        This appears to be a fake name used as a tongue-twister in Polish - see http://translate.google.co.uk/translate?hl=en&sl=pl&u=http://pl.wikipedia.org/wiki/Grzegorz_Brz%25C4%2599czyszczykiewicz&prev=search for a translation of a wikipedia.pl page.

        Since this name seems to be fake, I find myself wondering about the veracity of the whole story.

        1. Peter2 Silver badge

          Re: Grzegorz Brzeczyszczykiewicz

          "Since this name seems to be fake, I find myself wondering about the veracity of the whole story.".

          Maybe the people responsible for doing the work didn't want to give their names to the NSA in case they suffered a traffic accident along the same lines as Iranian nuclear scientists do? (generally caused by a bullet rather than other road users)

          If I was releasing something like this then I can see why I might get quite paranoid.

          1. This post has been deleted by its author

          2. Indolent Wretch

            Re: Grzegorz Brzeczyszczykiewicz

            Two way street though isn't.

            Surely Grzegorz Brzeczyszczykiewicz only chance of safety from the NSAs snatch teams is that he becomes a public figure.

            Surely any other secrecy is already pointless anyway if the NSAs grip is so strong.

        2. Anonymous Coward
          Anonymous Coward

          Re: Grzegorz Brzeczyszczykiewicz

          Yes, the name is obviously fake. It has been used as a joke in a Polish war comedy where a guy interrogated by the Nazis gives a false name impossible by the Gestapo officer to write down. Look for "Grzegorz Brzęczyszczykiewicz. (translated). Polish tongue twister" on YouTube.

        3. sys3175

          Re: Grzegorz Brzeczyszczykiewicz

          Well, actually it is more of a pseudonym than a fake name - it's from a famous Polish film called 'How I unleashed WW II'. The main protagonist uses 'Grzegorz Brzęczyszczykiewicz' as name when caught by the Germans and registering it takes so much time that this saves him. So, yes, it is not a real name, but a well-chosen one given the context.

        4. xnetman

          Re: Grzegorz Brzeczyszczykiewicz

          Somebody being actively targeted probably wouldn't want their real name to be published.

        5. Anonymous Blowhard

          Re: Grzegorz Brzeczyszczykiewicz

          Since this name seems to be fake, I don't find myself wondering about the veracity of the whole story and I do think he might be worried about being the target of TLAs.

          1. Anonymous Coward
            Anonymous Coward

            Re: Grzegorz Brzeczyszczykiewicz

            For those trying to say it, rz is somewhere between a J and a SH, while cz is pretty much CH. I think SZ is pretty much an S of some description.

            Full disclosure: I have been to Krakow. Once. The recommended beer is good, but it's also not local.

        6. ppawel
          WTF?

          Re: Grzegorz Brzeczyszczykiewicz

          I'm a Pole and yes, it's a fake name, it's unlikely that someone would be named like that. Very strange to see this name used in a serious news story...

          1. TheRealRoland
            Happy

            Re: Grzegorz Brzeczyszczykiewicz

            >I'm a Pole and yes, it's a fake name, it's unlikely that someone would be named like that. Very strange to see this name used in a serious news story...

            Happened a while back with a story about Greek hovercrafts being sold off to China. The Navy spokesperson: Kleftos Priapos.

            http://foxtrotalpha.jalopnik.com/greece-just-sold-its-giant-zubr-class-hovercraft-to-chi-1677382483

        7. Anonymous Coward
          Anonymous Coward

          Re: Grzegorz Brzeczyszczykiewicz

          I actually googled this name because I want to see what scientific discipline he is in. However, there are actually a LOT of guys in Poland with this name!

          Hereafter, I intend to address anyone with this kind of name as "dude" or "bro" or maybe "slick".

          1. fearnothing

            Re: Grzegorz Brzeczyszczykiewicz

            The polish guys I work with say that it's more likely these polish people are copying the name from this little sketch and using it as an alias, than it being their real name.

            Dude, bro or slick might be appropriate. Also dupek.

            1. Anonymous IV

              Re: Grzegorz Brzeczyszczykiewicz

              So, basically, this is "Don't tell him, Pike" but in a Polish sketch?

    4. Anonymous Coward
      Coat

      Re: Grzegorz Brzeczyszczykiewicz

      He is also the Polish Scrabble champion

    5. Anonymous Coward
      Anonymous Coward

      Re: Grzegorz Brzeczyszczykiewicz

      Dreadful that the NSA would attack someone with Irritable Vowel Syndrome...

  7. Simon Brady

    Use the source, Luke

    Is there really "zero chance" the malware authors could hack drive firmware without access to the source code? Sure, publicly available firmware binaries are probably obfuscated in nasty ways and would require a lot of reverse engineering even after decryption, but why should that be beyond the ability of a well-resourced organisation like the NSA? There's a long tradition of amateurs hacking DVD-ROM firmware to disable region locking, for example - if J. Random Hacker can do this in the comfort of their own basement, why can't the professionals do it on a grander scale?

    1. Voland's right hand Silver badge

      Re: Use the source, Luke

      WD drives firmware was hacked recently without source access.

      Decompiling mmu-less arm linux (most common CPU on newer drives) is not that hard.

    2. fajensen

      Re: Use the source, Luke

      The chance for that the hardware can be hacked is 1.0:

      http://spritesmods.com/?art=hddhack - A hardcoded "/etc/shadow"-file, triggered on logging a special network address, not bad.

  8. Christian Berger

    And of course

    Secure boot would probably not help against that as the NSA will surely cooperate with the companies providing the code for secure boot so their malware will not be detected.

    It's time for some _really_ open source computers.

    1. Martin 47

      Re: And of course

      It's time for some _really_ open source computers.

      .......and NSA will kindly supply some people to help compile it free of charge.

      I think its time to invest in some typewriter manufacturers.

      1. Rich 11

        Re: And of course

        Typewriters? Too easy to compromise. I'm going back to a clay cylinder and a cuneus.

        1. billse10

          Re: And of course

          where are you buying that clay?

          Nanotech research has funding from all sorts of places :-)

  9. psychonaut

    Grzegorz Brzeczyszczykiewicz

    well, thats very easy for you to say.

    1. Peter Simpson 1
      Happy

      Re: Grzegorz Brzeczyszczykiewicz

      It's pronounced like it's spelled:

      George Bush

  10. Crisp
    Coat

    Stay away from Fanny...

    That's what I took away from the article anyway...

    1. Sir Runcible Spoon
      Coat

      Re: Stay away from Fanny...

      I was going to say something about Grayfish but thought better of it.

  11. yossarianuk
    Linux

    Linux safe?

    Is Linux safe from this ?

    1. Anonymous Coward
      Anonymous Coward

      Re: Linux safe?

      Probably is from this particular attack, but, do you honestly think that, in the reported 14 years since this started, nobody at the NSA turned round and said "So, that's Windows, what next, Linux?"

      The NSA could well have infected my laptop and... oh, someone at the door, two men in back suits and sunglasses... back in a minute....

      1. phil dude

        Re: Linux safe?

        I really wish the govt was as competent as this implies.

        I'm sure *someone* at the NSA has been assigned to "acquire other assets". So no, Linux is not safe.

        Let's not forget they have made it illegal to tell the truth if you DO add a backdoor to your software/hardware for them...

        But the gaping barn door that is Windows and the huge distributions of versions, makes it low hanging fruit politicians love so much.

        And I'm betting the NSA has its climbers on the inside like any company...

        P.

      2. Rule of Thumb

        Re: Linux safe?

        The report concerns itself entirely with analysis of Windows code, which seems to be the only code they have, but they have sinkholed some of the command and control servers and they mention getting traffic that purports to be from Mac OS clients, suggesting that there is a Mac OS version. They also speculate that there is an iOS version but I don't recall that they have any solid evidence for this. No mention of any Linux malware.

        This is just one program, but my guess is that they don't find their target audience (which appear to be folks like Islamic scholars or jihadist supporters) using Linux a lot.

        But it would be foolish to feel safer (using Linux) because of this non-evidence.

    2. BenDwire Silver badge
      Black Helicopters

      Re: Linux safe?

      It's a .dll, so yes. For your OS they have renamed it "systemd" ...

    3. Anonymous Coward
      Anonymous Coward

      Re: Linux safe?

      Don't need to fear the NSA when you have the Unholy Trinity of Red Hat, Gnome & Poettering

    4. Anonymous Coward
      Anonymous Coward

      Re: Linux safe?

      No!

      This press releases focusing on the windows attacks, yes. but these guys are tailoring the payload to suit the target.

      What is truly terrifying is the scope of the hard drive firmware hacks. All the vendors.

      Just think, with control of the firmware you can, determine what os is running, just fingerprint the loader used at boot. If the UEFI signatures are NOT present you can patch the OS loader. Without full drive encryption you can inject any file into the file system at any time, alter any scripts that at any time, to include your payload, say only include the script when another section of data typically used during boot. All other times its read its unpatched.

      Now how do you detect this playfullness Easy! Plug in some electronics directly to your hard disk, controller board and read the firmware, and verify its a legit version. HDD manufacturers of course dont help you with anything you need. (Checksums, circuit diagrams, chip descriptions etc). IE virus scanning is IMPRACTICAL

      You may find, after much digging a firmware that you can flash to the hard drive, but this assumes that the web site you've gone to has not been poisoned or faked in transit, and to flash the drive without the payload having a chance to activate it can't be in a system as a boot device. So you can''t flash drives daily, and then you''ve got the effects of worn out flash

      Ok, so how do you protect your system? UEFI, full disk encryption? Not if they have a valid UEFI key, MS's is loaded everywhere.....

      Best solution would be to have the manufacturers include a flash write protect switch/jumper so a local physical action is required to change the firmware, and that may protect you from the nastiest of their virus vectors.

      Combine this with instant secure erase, and you don''t have a cyber espionage tool. You have a cyberwarfare WMD when Access time=XXX secure erase.

      1. Anonymous Coward
        Anonymous Coward

        Re: Linux safe?

        What is truly terrifying is the scope of the hard drive firmware hacks. All the vendors.

        The system memory controller is the same kind of beast - It has a CPU in it (often Cortex M3), running firmware which presumably can be hacked and replaced. Even the SDRAM-chips themselves have some kind of programmable controller inside - back in the day I had to spend a long time crafting a string of micro-code for the SDRAM controller on a Motorola card I did a BSP for.

        These chips started as 8-bit, sequential read. Microcode is needed to get 64-bit and burst-read switched on. The SDRAM memory controller loads the microcode to the SDRAM chips on boot. It has a 580 page manual .... Aararraragh .... BLAM ...

    5. fajensen

      Re: Linux safe?

      Ericsson use Linux for a lot of their stuff; SUSE, to be exact - on PC-like hardware. Now, why would someone like the NSA ignore something as juicy as a complete telecommunication network?

  12. David Roberts
    Coat

    Fifty shades of hacking?

    Or do our cousins not understand Fanny....Double Fantasy......Tripple Fantasy!!!!

  13. plrndl
    Mushroom

    Goodbye

    So that's the end of the US technology sector then. Good job NSA.

    1. Peter Simpson 1
      Thumb Up

      Re: Goodbye

      On one hand: Shocking! Terrible! How dare they?

      On the other: Damn fine work, guys...except for the getting found out part, of course.

    2. Anonymous Coward
      Anonymous Coward

      Re: Goodbye

      What does this have to do with the US technology sector? These types of attacks would be possible if instead of Seagate and Western Digital we had Lenovo and Xiaomi as the main companies making hard drives (which are manufactured outside the US anyway)

      The NSA's activities hurt cloud computing or models where overseas data is stored inside the US, but these sort of hacks would make it so there's no difference where your cloud resources lie! Hard drives in a server farm in China or Australia or Switzerland could be hacked just as easily as ones in a server in the US. Perhaps there's no reason for people outside the US to abandon US cloud services, because there's nowhere you can hide from the NSA!

  14. joeldillon

    'Fanny', really?

    Agreeing with others that this all sounds a bit fishy...

  15. Douchus McBagg

    yay.

    so, who else supplies drives we can use?

    or am I going to be installing/running a non mainstream OS and hope for security by obscurity?

    1. Loud Speaker

      Re: yay.

      You could always try Alibaba (ducks)

    2. asdf

      Re: yay.

      Tails OS CD is probably the best you can hope for security wise assuming their web site hasn't been man in the middled already.

      1. Mark 65

        Re: yay.

        SSL observatory would find mismatching info and you can check the fingerprint against grc.com or whatever the site is.

        1. Anonymous Coward
          Anonymous Coward

          Re: yay.

          Unless they slipped it into the main tree, say puecemeal that requires a magic knock, and then got it signed...

  16. Chris G
    Black Helicopters

    Ubiquitous Iniquity

    Bearing in mind the actions of the US since 1945 and its increasing belief that it is the only nation that has a god given right to poke it's nose into and control any country it wishes, this should not come as too much of a surprise.

    What anyone with an interest in keeping and maintaining their data secure should beware of is assuming that Linux or iOS is immune.

    The article states that the NSA has been doing this since at least 2001 and maybe for 2 decades, in 2013 the estimated budget for the NSA alone was 10.8 billion, also according to documents leaked by Snowden the combined alphbet soup agencies budget reached a combined figure of 53.6 billion dollars.

    Don't forget the NSA are not the only players and that all of the various intel agencies have their own teams of hackers, if common sense as evidenced on these forums tells people that Windows is the most compromised OS so they should use Linux or iOS etc then the alphbetties will know that just as well and will be sure to target any place that people think is secure. As mentioned good secure housekeeping and where necessary a genuine air gap and good encryption for anything that is valuable/sensitive.

    In fairness the US and it's allies are not the only ones trying to steal all that is yours so trust no one and suspect everyone.

    1. Indolent Wretch

      Re: Ubiquitous Iniquity

      Im not a person who agrees in anyway with the statement "If you haven't done anything wrong then you haven't anything to fear", I honestly believe that's an appalling argument.

      But the diametrically opposed statement you just made

      "so trust no one and suspect everyone"

      Is just as bad if not worse and I'm not going to live like that.

      I'll take some reasonable precautions, live my life, try and be good. I think that's probably easier and better.

      1. DropBear
        Devil

        Re: Ubiquitous Iniquity

        I'll take some reasonable precautions, live my life, try and be good. I think that's probably easier and better.

        "Good" is entirely irrelevant (for anything other than your own conscience); what you need to be is "unremarkable"...

        1. Anonymous Coward
          Anonymous Coward

          Re: Ubiquitous Iniquity

          I'm a different poster than who you replied to I suppose all my anti-harper rants, Canadian Prime Minister, have put me on the not "unremarkable" Excel spreadsheet.

          hey, if they use use an Excel spreadsheet we might be OK

      2. Rol

        Re: Ubiquitous Iniquity

        Kaspersky has niftily managed to pick up the call home addresses for some hacked computers, which is rather fortunate, as it could quite easily have been an organisation with totally different designs.

        That said, an NSA compromised computer is only so until nefarious hackers under a different flag get a shoe in, using the NSA hacks to their own ends.

        You may be honest and morally centred, but when it comes to paying the ransom to get your now encrypted data back, you will be just another Mark.

        You could try asking the NSA to recover your data as it was their compromising of your system that allowed the hackers to encrypt it, but I fear, the all hearing all seeing organisation, will suddenly become deaf to your protestations and blind to its involvement.

    2. JamesTQuirk

      Re: Ubiquitous Iniquity

      Aside from the fact the USA is trying to break up the rest of world into smaller & smaller "bite size chunks", maybe paranoia is Not wrong for Govs & business, but for me, business as usual, doing what I can to keep my system clean & running ....

  17. Tromos

    Note to Gregory Brown

    We have fixed your keyboard. The biggest problem was around the 'Z' key where most of the damage was observed. Be more careful with your coffee in future.

  18. Anonymous Coward
    Anonymous Coward

    Ha!

    You think hard disc firmware is scary. Have a look at that iLO or iDRAC or whatever on all your production servers and wonder to yourself:

    "WTF is that doing at the moment?"

    Hint: it can pause execution of its host, dump any range of memory, registers etc, all without the host knowing what's going on. Its also a Linux box with a full toolset running in plain sight. vPRO covers many desktops in a similar way and hard discs for the rest.

    Trojan-tastic

  19. David Lawrence
    Joke

    Fanny infection?

    Hello? Helpdesk? Yes I think I have a Fanny infection on my computer..... Napoleon Solo tells me it was probably the work of Thrush..........!!!

    1. JamesTQuirk

      Re: Fanny infection?

      heard down back @ server room, "NO, it came thru your Windows, dumb whore"

  20. jake Silver badge

    Oh. Windows.

    Nobody with a clue thinks redmond understands/cares about security.

    kaspersky is grasping at straws, looking for free press.

  21. naive

    Perhaps firewalls can help to prevent leakage

    It seems to be the fate of the unsuspecting user that it always is hunting season for him, and there is little hope this will improve soon, even Microsoft would have a hard time fighting organizations with so much resources, in the case they were willing to do so.

    Increasing complexity may help. Perhaps firewalls should copy email spam filter techniques by consulting databases with white listed websites and ip addresses. The PDF from Kaspersky showed that this malware makes extensive use of C&C systems. By combining black and white listed ip addresses, the user would not be protected against the malware itself, but could do an attempt to prevent it leaking information to the internet. These databases could, like SPAMHOUSE, collect information about general surfing behavior, and warn when strange addresses are visited.

    1. Anonymous Coward
      Mushroom

      Re: Perhaps firewalls can help to prevent leakage

      Um, no, why do you think woowee is making inroads into former cisco territory? because their devices don't get transshipped via the US where they can be intercepted, unsealed, hacked, resealed, repacked and put back on a truck for your delivery.

      1. naive

        Re: Perhaps firewalls can help to prevent leakage

        You are right in the sense that nothing is trust worthy in a world where nothing can be trusted.

        The raspberry Pi shows that it is possible to build quite capable firewalls for little cost.

        Reading the PDF shows how determined and aggressive the attackers are, what is needed is that the manufacturers in the field selling these products, which are in hindsight sensitive to being hacked, show the same determination to prevent this from happening. The PDF also shows a potential market for Kaspersky and the likes, they could develop such a firewall product, linked to databases, it would not prevent new viruses, but perhaps most of the data leaks they cause. This is not about MS or Linux, it is about raising the bar, the people doing this are the elite in IT, fighting them makes no sense, there will always be flaws in complex systems that they will exploit.

  22. Anonymous Coward
    Anonymous Coward

    Praise Brzeczyszczykiewicz

    I'm surprised my system hasn't been infected. I update my disk firmware every day just to be sure I have the latest version. Imagine how difficult that would be if I had to remove a jumper to upgrade the firmware and replace it to get back to safe non-writable firmware mode.

  23. Scott 53

    3 of the first 5 comments

    "could of"

    "effect"

    "flack"

    Sigh

    1. DropBear
      Windows

      Re: 3 of the first 5 comments

      Shhhh. Don't let them see you're affected! This is a well-known method for driving certain types of people crazy...

      1. sabroni Silver badge
        Headmaster

        Re: 3 of the first 5 comments

        I believe this is, the icon your looking four....

  24. Rambler

    reading how they 'cracked' the hash of one to be 'unassigned' and failed to break others, new team took a punt Alan Turing style on it being 'unassigned' in Arabic - and got it

    so, if we take the code to be the work of a brilliant mind, and the unassigned being set so any unregistered users logged in they would NOT be targeted, so what else would you deduce about said coders ?

    GEEKS

    and what do geeks speak - Elvish / Klingon ?

    any bets on finding 'unassigned' in these tongues as an MD5 hash :o)

    1. JamesTQuirk

      Sujatlh 'e' yImev

      tlhIngan maH!

      NSA lojmIt yIpoSmoH!

      buy' ngop

      yIDoghQo' ... 'arlogh Qoylu'pu'? .. Hab SoSlI' Quch!

  25. phil dude
    Coat

    Let us not forget....

    We don't live in a vacuum. As bad as all this NSA press has been, there ARE real bad guys out there.

    But making the public vulnerable to external abuse is not sustainable way to vanquish the "enemy".

    Because if criminals get this technology it might be used in our institutions to exploit valuable information. Like our banks, for example.

    Oh wait a minute...

    P.

    1. Jeremy Allison

      Re: Let us not forget....

      Unfortunately the NSA/GCHQ *ARE* the real bad guys.

      If by "there ARE real bad guys out there" you're referring to people like the Islamists and the IRA, as Steve Bell famously pointed out, they're bad guys wearing clown shoes. Getting hurt by them is like a car accident, you're just unlucky.

      No, NSA/GCHQ are *much* *much* worse. As good 'ol King Henry VIII says in "A Man For All Seasons" : they are "a deadly canker in the body politic". They are an infection in the very ideals of our Democracy, and there's no way back from that.

      1. Charles 9

        Re: Let us not forget....

        Then what are the Russians and Chinese? Chop suey?

  26. Anonymous Coward
    Anonymous Coward

    Kaspersky, eh?

    The old man and cynic in me questions the source. I know, I myself I have used Kaspersky's tools and know they have a top notch respect. However, given where they are and the man running their country, I'll wait for independent verification.

  27. Anonymous Coward
    Childcatcher

    >custom malware dubbed Fanny<

    Fnar, fnar!

  28. Anonymous Coward
    Anonymous Coward

    So

    Only the crims need be concerned. No one actually cares what's on your HDD unless you are a crim.

    1. Sir Runcible Spoon

      Re: So

      And who, pray tell, are the 'crims' you are referring to?

      For all you know it could be you.

    2. Anonymous Coward
      Anonymous Coward

      Re: So

      Posting information on the internet without a verifiable real world identity is being made illegal. We're also making this retrospective.

      You're nicked mate.

      See how stupid your comment is?

  29. Anonymous Coward
    Anonymous Coward

    Day after details of Bank malware

    Seems Russia has just pointed out to the rest of the world that they know all the backdoors the US has planted. This comes just after they told the world they have malware on the Wests banking systems which mean they can effectively destroy the western banks if they want to. I wonder if this has anything to do with the Ukraine conflict?

    Apart from the French and German efforts at appeasement we should realise we are at war with Russia.

  30. Echo 5

    heaping pile of Bolshevik BS

    It's bullsh*t. Drive manufacturers would never go for it and the govt would need permission. They'd never risk their brand reputation on it. This is Russian fear mongering as part of the current East/West EU/NATO/Ukraine/sanctions thing. It's a way they can negatively impact a western business. Nice try Vladi (Huilo)

    1. Kunari

      Re: heaping pile of Bolshevik BS

      I'm suspicious too. Seems too much like a movie plot to me.

    2. Nelbert Noggins

      Re: heaping pile of Bolshevik BS

      the govt would need what....?

      ... time for a new keyboard... this one doesn't seem keen on the coffee

      1. Sir Runcible Spoon

        Re: heaping pile of Bolshevik BS

        I can't see any Russian having the foreskinsight to name something 'Fanny'.

  31. Anonymous Coward
    Big Brother

    If all else fails, there's NSA microcode in x86 chips right?

  32. All names Taken
    Alien

    Eh?

    Is it first of April already?

    (I'd guess Bzeh-chish-chik-ee-eh-veech for Brzeczyszczykiewicz)

  33. HarryBl

    Can't they find any porn of their own? Why do they have to steal mine?

  34. tom dial Silver badge

    It is clear from the Kaspersky paper Arstechnica links to that the software suite in question is meant for very selective targeting of specific organizations, individuals, and computers. The targets appear to be heavily biased toward what one would expect to be standard espionage targets like diplomatic, military, aerospace, and telecommunications organizations, with some additional antiterrorism and financial crime targets. The NSA is a plausible source, but any other major country would love to have the sources that Kaspersky's usage breakdown suggests; it is interesting that there appear to be no Israeli targets at all.

    In addition, while adding a fair amount of interesting detail, the Kaspersky report describes little that should come as a big surprise. BIOS resident malware has been known for a while, and exploits using USB and HDD firmware, although more recently revealed, are not new. Other potential, but probably less likely, targets would include video adapter, SCSI HBA, and LAN card firmware.

    Windows is the same kind of target for SIGINT agencies that it is for independent hackers after financial and identity data: the main opportunity. MacOS/iOS, Linux, or *BSD will have been secondary. Widespread Linux use in the web server market might have made it the #2 platform target, but the evident intended use makes it likely that the main target after Windows is MacOS/iOS due to the popularity of iThings; it is not mentioned, but it might well be that there is similar software for Android devices.

    The suggestion made or implied in quite a number of posts that ordinary citizens are being targeted by this is quite unwarranted; it is unlikely that the total number of targets affected by this type of activity exceeds the number of intelligence analysts by as much as an order of magnitude, so probably is well under 150,000, assuming the NSA is the source, or 250,000 if they outsource part of the work to other agencies. (NSA, for example, would penetrate and collect on behalf of FBI or DHS targets.) While large, this is a tiny fraction of the population even of Russia, let alone Western Europe, India, China, or the world. Only a select (relative) few will receive these implants. The rest of us will be targets of private entrepreneurs after our identities and money.

  35. Anonymous Coward
    Stop

    This is why we need some ACTUAL transparency on what these sigint agencies are doing

    "spread its spy tools through compromised watering hole jihadist sites and by intercepting and infecting removable media including CDs.

    The latter vector was discovered in 2009 when a scientist named Grzegorz Brzeczyszczykiewicz received a CD sent by a unnamed prestigious international scientific conference he had just attended in Houston."

    Isn't this more than a little indiscriminate? I can understand that the NSA/GCHQ/etc. need to be able to penetrate SOME machines that are out there, but sending CDs of conference proceedings (that are bound to be shared with other scientists/technicians the recipient knows) through the mail is going to infect and sweep up a lot of machines that have nothing to do with the actual target. Also, I assume from the scientist's name that he is Polish, and I'm pretty sure that Poland was a NATO ally and one of the "good guys" in 2009--so I'm not going to take it on faith that it was necessary to spy on them. Also, I am going to take another small leap and say that if the NSA intercepted and infected Mr. Brzeczyszczykiewicz's CD, then they probably did the same thing for some number of other attendees of this conference, much less the thousands of other conferences that might have hit the NSA's target list over the years.

    Well, thank you again, Edward Snowden. Though this seems to be something that Kaspersky picked up on, the work that Snowden did is what makes sure that this story gets some actual front-page exposure, and is not buried in the back of the tech news section.

  36. Gannon (J.) Dick
    Flame

    Grzegorz Brzeczyszczykiewicz

    Shit. I hate it when I have to find another password for my Mother-In-Law. I'll have to find the old bat something harder to remember.

  37. twelvebore

    SR-71 moment

    I do wonder if this revelation is a little like when the SR-71 was finally revealed to the world. Obviously by then it was old tech, and the boys-in-black had already moved on. I wonder what the Equation Chaps are using these days? Hacking the firmware of LED light bulbs maybe??

  38. ufoolme

    Hard drive hack

    If you can get Linux to run on a modern hard drives ( http://spritesmods.com/?art=hddhack ) then these types of backdoors by government states should be a given / not big news.

  39. Anonymous Coward
    Anonymous Coward

    Now I suddenly understand why GCHQ destroyed the Guardian's motherboards and other electrical components...

  40. ukgnome

    those pesky blighters

  41. RIBrsiq
    Black Helicopters

    Reading the comments, I can only think one thing:

    When did the tin-foil hat brigade take over this place...?

    Show some scepticism, you lot: does what's being claimed seem feasible?

    1. tom dial Silver badge

      One up for scepticism comment. Scepticism is much needed when thinking about what it is the agencies are doing and to whom they most likely are doing it.

      However, some time around the advent of ATA drives, and probably earlier for SCSI, disk drive controllers became capable of running an operating system of the complexity order of, say Minix. That is to say, capable of running the disk, managing the device cache, handling a command stream, and editing the data going between the disk and the system to which it is attached.

      1. JamesTQuirk

        or http://www.reddit.com/r/netsec/comments/1jkuts/flashing_hard_drive_controller_firmware_to_enable/

        this is from a year ago ...

  42. Anonymous Coward
    Anonymous Coward

    Your hard drives were RIDDLED with NSA SPYWARE for YEARS

    Why do you think my hard drives are full of porn?

  43. Riggo

    As far as the hacking a hard drive's firmware goes...

    A hard drive is a dumb storage device that has no way to transfer data to a host with out the host requesting it. Hacking a drive's firmware with some kind of virus would allow you to do nothing.

    A hard drive can not execute programs in a PC's memory.

    It can not send data to a host unsolicited.

    It has no idea what the data being requested is... i.e. jpeg, exe, dll...

    It sends LBA's requested by the host and nothing else.

    It is not a PC with an OS and a file system that can execute programs.

    This story is a joke...

    1. diodesign (Written by Reg staff) Silver badge

      Re: As far as the hacking a hard drive's firmware goes...

      "A hard drive is a dumb storage device that has no way to transfer data to a host with out the host requesting it. Hacking a drive's firmware with some kind of virus would allow you to do nothing."

      You are so wrong it's not even funny. If the OS requests data from the disk (such as files for the boot process) and you, the malicious firmware, modifies that data, you can make the OS execute code it shouldn't.

      So if Windows requests important_startup_file.dll, you change the content to include code that loads other malicious programs from the disk. Take a look again at the diagrams in the article.

      C.

      1. Riggo

        Re: As far as the hacking a hard drive's firmware goes...

        "You are so wrong it's not even funny."

        Try reading a specification before making yourself look foolish. Windows does not request important_startup_file.dll from a hard drive. Windows requests a range of LBAs from a hard drive. A hard drive not aware of what is in those LBAs, it just delivers the data.

        In your tin foil hat scenario, hacked firmware would not know what file is being requested unless Windows stored the file in the exact same location on every hard drive. Even then, the hacked viral version important_startup_file.dll would have to be the EXACT same size payload or it would not get transfered in its entirety and would most likely not execute.

        This is a non-story.

    2. JamesTQuirk

      Re: As far as the hacking a hard drive's firmware goes...

      I was thinking so until I posted link about it from last year regarding it, and now from 2009 .. I found this ...

      http://www.linuxquestions.org/questions/linux-hardware-18/firmware-update-seagate-barracuda-1-gb-drive-4175484578/

      The Post reads ..

      -------------------

      I have successfully flashed a Seagate Barracuda 7200.12 ST31000528AS (1TB SATA) drive with the following method: (***Use at your own risk!***)

      1. Download ISO from Seagate: http://www.seagate.com/staticfiles/s...2-ALL-CC49.iso

      2. mount/extract `PH-CC49.ima` from .iso file

      3. dd the .ima to a USB thumb-drive:

      `dd if=./PH-CC49.ima of=/dev/sdX bs=512k`

      4. Turn off computer and disconnect all drives except drive(s) to be flashed

      5. Boot from USB-thumb drive (this will boot into the Seagate Firmware update utility

      6. Follow simple on-screen instructions to flash the drive(s)

      7. Power off, reconnect everything back, and power on

      That's it! No Windows, No bulky CD's, no Grub edits, no FreeDOS, no flaky Windows .exe's

      ------------

      that article, show's reflashing HDD, from there is finding Embedded OS LinuxFlavoured i found in google searches & better, I suspect & casting it in a VM, to play with to ARM up, before it's tested....

      I do propose to discuss Technicalities of this !!!

      1. Charles 9

        Re: As far as the hacking a hard drive's firmware goes...

        That's assuming you can boot from USB. Many older systems lack the capacity, and newer ones with EFI may have the ability locked out. I speak from experience.

    3. frankzentura

      Re: As far as the hacking a hard drive's firmware goes...

      You got a couple of downvotes but that's my thought as well. The software to sort out the the writes and reads of data is less practical than sending a hooker to the mark. All doing all this would prove is how good the government is at pissing away money!

  44. Anonymous Coward
    Anonymous Coward

    RE. Re: As far as the hacking a hard drive's firmware goes...

    Wonder how many "failed" hard drives (cough drive with weird name instead of product ID in BIOS /cough) were actually NSA fails?

    It does concern me that people could have lost data this way if for some reason the drive locked itself during a "routine" installation or transfer to another machine etc.

    1. JamesTQuirk

      Re: RE. As far as the hacking a hard drive's firmware goes...

      I wonder if we disassemble the onboard memory of those HDD's and NSA tools, will we find out it's them causing Component crashes & replacement ?

      What will anyone do ?

  45. Winkypop Silver badge
    Joke

    Anyone got their phone number?

    I have an old HDD that's completely banjexed.

    I wonder if they can access the data for me.

  46. Anonymous Coward
    Flame

    Always check the evidence

    Way back in July 2013 a demo was given of how to Read / Write & Reflash disk hardware whilst continuing normal OS operating conditions. The POC given allowed the root password to be changed on the fly as part of normal disk IO.

    I congratulate the tiny minority of forum members who have viewed the video and understood what was said. Some days It's hard to believe that the majority of Register's readership are allegedly technically competent.

    The rest of you should stop playing crossy road or watching the dancing catz and watch the vid. If you don't have the time or inclination to learn about the hardware stuff per se then skip to 33 mins. You may learn some things to your benefit that could vastly improve the content of this allegedly technical discussion.Failing that find someone who can explain it to you.

    No doubt the Guardian will have sensational breaking "news" in their usual "no one told us" style. Like the Raytheon RIOT story this - http://www.theguardian.com/world/2013/feb/10/software-tracks-social-media-defence#comments :(

  47. Conundrum1885
    Gimp

    RE. failed drives

    I have two here if someone has a fix tool.

    Both Maxtor Diamondmax

  48. frankzentura

    Yeah well I seriously doubt this has any investigative value whatsoever in terms of "preventing terrorism". What this does do though is leave PCs open for identity theft and perhaps blackmail materials. Besides, there is no way all that data glut can be examined real-time so there's no preventative value. All this really proves is that the government is the champion at being bloated and inefficient and wasting good taxpayer money. Not impressed at all...

  49. Tom Czerniawski

    Burn the NSA to the ground. Salt the earth, so nothing grows there again.

    1. Charles 9

      And if it's able to grow, vay THRIVE, in salt, and happens to be an Andromeda Strain that would GROW on nukes?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like