back to article Have YOU got Equation NSAware in your drives? Meh, not really our concern, says EU

After Kaspersky revealed the so-called Equation Group’s HDD-snooping malware, the European Commission says it's “up to member states to take appropriate measures” to deal with cyber-badness on their patches. With the spyware closely resembling Stuxnet, Kaspersky researchers have concluded that the US National Security Agency …

  1. NoneSuch Silver badge

    And yet #10 is totally unconcerned about UK computers being compromised by a so called ally.

    When governments no longer protect the rights and freedoms of their citizens, what are we supposed to do?

    1. Anonymous Coward
      Anonymous Coward

      Sometimes the government - or their contractors - have to do some real nasty stuff so you can carry on living with your "rights and freedoms". This is not new as it was first demonstrated at OHM 2013

      Have a nice peace.

      1. Destroy All Monsters Silver badge
        Thumb Up

        > Sometimes the government - or their contractors - have to do some real nasty stuff

        Nazi bullshit

        > living with your "rights and freedoms"

        Scare quotes. Thanks for clarifying.

        > This is not new as it was first demonstrated at OHM 2013

        This is not new as demonstrated by Reinhard Heydrich c.a. 1942.

        Get Rekt M8!

        The finger in the icon is not the correct one.

        1. tom dial Silver badge

          I think the reference was to:

          https://archive.org/details/D2T113201308012300HardDisksMoreThanJustBlockDevicesSpriteTm

          (Links to the presentation are there; the video is almost 2G) I thank the original poster for it.

      2. Trevor_Pott Gold badge

        "Sometimes the government - or their contractors - have to do some real nasty stuff so you can carry on living with your "rights and freedoms""

        First off, those "rights and freedoms" are Rights and Freedoms. Secondly, if my government can't trust it's people to understand what is done in their name and why, then it's time to clean house and replace the government. We're all people; those in the government and those not. When the government starts treating the people as the enemy, it's time for them to go.

        The government serves the people through transparency, trust in the people that elect it and by bowing to the will of the people...or it doesn't serve the people at all. If the government doesn't serve the people it will not be allowed to remain in power.

      3. hplasm
        FAIL

        Sometimes the Government

        Need to do what they are told.

        They work for us.

  2. Christian Berger

    I'm not sure if laws could do anything against that...

    ...since laws often leave gaps for secret services, or secret services simply ignore those gaps.

    Same goes for technologies like "Secure Boot" which centralize control over your hardware in a way hardware vendors can easily (be made to) cooperate with secret services against the interests of the users.

    What we need to do is to abolish secret services and to actually actively help people against foreign secret services.

  3. chivo243 Silver badge

    Can we trace our HD's heritage?

    Maybe I can find my HD's heritage, but can I trust the documentation behind it? Who is the mfg that can provide the public with a guarantee that it is "clean"?

    1. Paul Crawford Silver badge

      Re: Can we trace our HD's heritage?

      This family of infections has a (rare) module that can be used to infect your HDD's firmware so even having bought a clean one is no guarantee it will never have this.

  4. Anonymous Coward
    Anonymous Coward

    Encryption? Heard of it?

    It's 2015. Processors are fast. Really fast. For the vast majority of people, there is no reason not be using full disk encryption given the ongoing NSA-spies-on-everything revalations. Linux distros need to get their act together, and recommend full disk encryption by default.

    1. Anonymous Coward
      Anonymous Coward

      Detection

      So, has Kasperski or anyone else put together a utility one can run to see if the NSA's additional drive API's are active on a given drive? And given that Kasperski is a Russian company, how do we know their whole report isn't an FSB rouse?

      1. phil dude
        Black Helicopters

        Re: Detection

        If you read the full description from the guy to reversed engineered the hack, it was pointed out that the firmware could be made passive and simply respond to specific packets being written - including a certain filename. e.g the_register.gif.

        This is by far the most scary of exploits because the storage is compromised such that even encrypting the disk is not guaranteed, since the firmware may look for key signatures.

        Scary huh?

        P.

      2. Yet Another Anonymous coward Silver badge

        Re: Detection

        >And given that Kasperski is a Russian company,

        Is the only reason this is being made public

        Nice that we have to rely on the evil empire for Pravda and Izvestia

    2. tom dial Silver badge

      Re: Encryption? Heard of it?

      Disk encryption should be useless against this threat, which is activated during system (and disk subsystem) initialization. One must assume it has, or will have, access to the disk encryption secrets.

      1. Anonymous Coward
        Anonymous Coward

        Re: Encryption? Heard of it?

        Although there never is 100% guarantee of privacy and security of your data, there are ways to improve it. For example, rather than run Windows (or Linux, to one's taste) on bare metal, make yourself a VDI and run them with help of PCIe passthrough (for near-native performance) inside a virtual machine. VM disk images can be password protected inside a hypervisor.

        Also the hypervisor itself does not have to be setup on a machine it will be running on, instead one could boot it from a USB drive with an OS and keys, and set this USB up on a machine that can trusted a little more - e.g. a Raspberry Pi or an old laptop (e.g. something from http://shop.gluglug.org.uk/ )

        Is it worth the cost and trouble? I do not know, but some will appreciate the challenge, at least. Anonymous, because some dose of paranoia is healthy.

    3. Christian Berger

      Re: Encryption? Heard of it?

      Well that wouldn't help as the boot loader will always be read unencrypted. You could simply load your malware from there and then hand over control to the real boot loader.

      And since modern x86 CPUs are so mind bogglingly complex they have lots of ways to hide.

      What we'd need are simpler systems with less spaces to hide.

  5. This post has been deleted by its author

  6. Anonymous Coward
    Anonymous Coward

    add 1000% TAX on all hardware and software from US (and UK) companies

    Use money collected to invent in local companies. Basically boot start a EU wide tech sector. Fragment and diversify the tech market to make spying so complex that it would bankrupt any country that wanted to spy on everyone. The problem with a small number of large global technology monopolies is that it makes spying on everyone cheap, easy and almost a no brainier, why wouldn't you.

    Maybe start off at 1% TAX and over 25 years exponentially ramp it up to 1000%

    1. Destroy All Monsters Silver badge
      Facepalm

      Re: add 1000% TAX on all hardware and software from US (and UK) companies

      > Basically boot start a EU wide tech sector.

      Not sure whether serious or totally retarded.

      Have fun getting rid of all cross-licensing schemes and generally getting the EU tech sector anywhere other than navel-gazing and taxed/regulated/mismanaged to the general shape of a quivering puppy.

      There is a good reason why Europe is an economic shithole getting shittier by the day.

      The US is still the powerhouse, in spite of all its governments attempt at raping it into a socialistic shape amenable to the liberal lunatic fringe.

      1. Trevor_Pott Gold badge

        Re: add 1000% TAX on all hardware and software from US (and UK) companies

        "The US is still the powerhouse"

        And Hitler shaped a battered Germany into an economic superpower. Didn't make Nazi Germany a good place to live, or a champion of things good. But hey, hail the fatherland and all things conservative if you want. Fuck the proles in all their holes, you're America!

        1. Robert Helpmann??
          Childcatcher

          Re: add 1000% TAX on all hardware and software from US (and UK) companies

          Sorry, Trevor, but I am invoking Godwin's Law. Don't become so focused on the misdeeds of one country that you lose sight of the fact that are doing the same.

          1. Trevor_Pott Gold badge

            Re: add 1000% TAX on all hardware and software from US (and UK) companies

            Where did I ignore that other countries are doing the same thing?

            ...more to the point, since when is "they do it, so it's okay for me to do it" a legitimate rationale? What are you, two years old?

            And you don't get to invoke Godwin's law. Godwin's law only applies when the comparison is not justified. It's perfectly justified in this case.

            1. Robert Helpmann??
              Childcatcher

              Re: add 1000% TAX on all hardware and software from US (and UK) companies

              Where did I ignore that other countries are doing the same thing?

              So perhaps "ignore" is not the most accurate of terms. Perhaps "omit" would better fit.

              ...more to the point, since when is "they do it, so it's okay for me to do it" a legitimate rationale?

              Rather I was pointing out that focusing on one bad actor to the exclusion of others would seem to give the rest a free pass. So, sorry for the misunderstanding, but the intention was precisely the opposite of that.

              What are you, two years old?

              Moving on...

              And you don't get to invoke Godwin's law. Godwin's law only applies when the comparison is not justified. It's perfectly justified in this case.

              OK, so I am guilty of trolling you a bit...but no, it applies simply based on the perception of hyperbole. From my perspective, once the comparison is made, most people look at it as simple hyperbole and ignore the rest - whether or not it is accurate. If you just throw out a statement and expect everyone to follow you with nothing more than your say-so, you will only be drawing people who already believe what you are saying, not convincing anyone of its veracity. You are quite capable of making cogent and well-reasoned arguments, whether or not we agree. More of that, please.

              1. Trevor_Pott Gold badge

                Re: add 1000% TAX on all hardware and software from US (and UK) companies

                Look, I don't need to submit every bloody detail of argumentation right down to the creation of the universe in order to make a point. If you aren't bright enough to follow along, why the fucking skunk muffin are you reading The Register?

                You don't like that I call out the US for their role? Too fucking bad. With extra fucks. The grand old US of A is the one that storms around the planet bellowing about "American Exceptionalism" and generally putting deed to the word that they lead western civilization. Like it or not, they lead a huge chunk of the world, so their fuckery is - ultimately - contagious.

                And yes, I expect you to know that.

                In fact, I expect a great deal from Register readers. I sick and tired of having to dumb down everything I write - in forum or in article - to pander to a mythical median that I know damned well reads magazines other than this one. If you can't keep up, get the fuck out. It's that simple. I'm through with the white glove treatment, and you can deal with being treated like you grew a pair and learned a few things.

                America is corrupt. Top to bottom and start to finish. Other nations are bad - the UK and Australia are particularly appalling - but many (Germany, Canada, the Nordic countries) may yet be saved. We are living through the death of privacy at the same time we watch homosexual rights finally become mainstream, and we watch women's lib go beyond equality and towards gender supremacy for women.

                The world is changing. For good, for bad. We are entering an era where we are losing the right to our own private lives, but apparently gaining the "right not to be offended." We are watched 24 hours a day, 7 days a week, and everything we do or say that offends someone can and will be held against us before we ever see a court of law.

                The presumption of innocence in most avenues of life is being flushed down the toilet. The Americans are one Supreme Court decision away from granting corporations the fucking vote (and/or every dollar = a vote) and with things like civil forfeiture, suspension of the 4th amendment within 100 miles of the border and amnesty from prosecution for, apparently, everyone who works for the government, the grand old US of A has become a pretty fucking dark place.

                You don't like that I focus on the US? To bad. Cope. They're the worst of the worst (though the UK is a CLOSE second, and Oz a distant third.) They are exporting this madness around the world, and trying to invade my home with this shit through half-witted fuckery like the TPP.

                I don't give a rat's ass if it takes you a few extra clock cycles to fill in the blanks or if you get bent feels because I use the USA as the example of everything that was supposed to be good but has gone comprehensively to hell. When the world is getting more shit by the day (with a few bright spots, admittedly, like equal rights for homosexuals,) I don't really end up caring overmuch about what people on the internet think of me.

                Here's a thing I also want commenters to consider. I believe the needs of the many outweigh the needs of the few. I believe the needs of the one outweigh the desires of the many, but that the desires of the many outweigh the desires of the few. I believe in the UDHR, and other such "liberal hippy nonsense."

                So why - do please explain this to me - when someone who openly professes to be a hard core capitalist, or a Darwinian social economist or any of these other "fuck you, I got mine" belief systems says they think I am a bad person should I feel slighted? If people I hold to be truly awful human beings spit in my eye, shy should I stand a little straighter and be a little prouder?

                I'm not saying you're one such. But I want to put all of this in context. I no longer give a rat's ass about making friends. Not online, not in person. I care about what kind of a world we leave to those who come after us. Right now, I don't like what that's shaping up to be.

                And among the best examples of this is - like it or not - the US of A. Other places are worse, sure. Usually they're third world and involve slaughtering people with machetes. But those places don't generally claim to be saving the world and promoting liberty and all fluffy goodness.

                So yeah. The US is first on my shit list. Not the totality of it, but first and foremost. And if you - and anyone else - want to change it's position in my view (or the view of others who feel similarly to myself) why don't you start with making it a less awful place to live...or to live in the shadow of?

                Cheers.

                1. edge_e
                  Thumb Up

                  Re: add 1000% TAX on all hardware and software from US (and UK) companies

                  @Trevor_Pott

                  Best rant I've read on here for a very long time. Thank you.

                2. robmobz
                  Megaphone

                  Re: add 1000% TAX on all hardware and software from US (and UK) companies

                  While I think that your presentation was a bit offensive and standoffish at the same time I agree and commend you for saying it.

      2. amanfromMars 1 Silver badge

        Re: add 1000% TAX on all hardware and software from US (and UK) companies

        The US is still the powerhouse ...... Destroy All Monsters

        The US is just a powered madhouse, Destroy All Monsters, and the obvious simple and complex target to capture and short and hold to/for ransom, in order for certain orders/agents/non-state actors to fix practically all current escalating problems and poor media related tales, is the fiat dollar base and perverse intellectual property, national and international private personal and public pirate debt. Failure to realise and virtually micro and macro manage that, fully guarantees continuing SWIFT catastrophic systems collapse.

        1. Anonymous Coward
          Anonymous Coward

          Re: add 1000% TAX on all hardware and software from US (and UK) companies

          Hey, that's funny: I always thought you two guys (ManfromMars and DestroyAllMonsters) were actually one and the same :)

  7. Anonymous Coward
    Anonymous Coward

    Business Opportunity

    Seems whatever hard drive maker makes it so their firmware can be read back out and audited will have an advantage in the marketplace.

    1. pierce
      Coat

      Re: Business Opportunity

      seems to me that any hard drive maker that released their secret innards and magic recipes would immediately be faced with mass produced clones of their product line whose pricing benefits from being able to skip a huge amount of expensive R&D

      1. Flocke Kroes Silver badge

        The secrets are not in the software

        The big secret is to be Western Digital, Seagate or Toshiba. Those are the only drive manufacturers left. The margins on drives are so thin that enormous economies of scale are required to make any profit. The spinning disks market is in its final stage of consolidation. A new player would need to commit running their business at a loss until they can get above 10% of the market and refine their manufacturing process to the same efficiency levels as one of the big two. In real life, a new manufacturer will implode before they have a business worth being crushed and bought out by WD or Seagate.

        WD and Seagate could release their firmware under GPL without harming their businesses. The thing is, I am not sure it is their firmware. It certainly used to be a component they bought in - like the controller cards. If this problem gets fixed, it will be by people creating 'The Open Rotating Disk Initiative Obnubilating NSA' for themselves.

    2. Bartholomew

      Re: Business Opportunity

      So add a tiny prom who's sole purpose is to either read back and dump the firmware or just generate and return multiple hashes the eeprom firmware (MD5,SHA1,SHA256,SHA512). One checksum can be faked with enough computing power but by returning a few of them calculated by different algorithms it would make it exponentially more difficult by multiple orders of magnitude with each additional checksum.

      It sounds like a good idea.

      Of course this could be circumvented by measures to fake the calls in the host OS. Hard to kill every workaround.

  8. All names Taken
    Alien

    Now here this!

    Public management of revaluation.

    You are advised to play down the event.

    Smile, shrug your shoulders, say something suitably appeasing.

    Privately we will let you in to what you should now know.

    Send to all friendly guvmints.

    Signed NSA?

  9. Aslan

    What would be fun...

    Britain is the USA's friend and ally right? It would be interesting to get a dump of the Windows registry, and boot sector of a sensitive government computer, and see if it's infected, or has a a key to vaccinate against the infection.

  10. Dave Bell

    There's something in the disk firmware which leaves it open to this infection. And the same openness may be necessary to Data Recovery procedures.

    It would be impractical for these weaknesses to only be in drives delivered to target entities.

    Non-government actors can re-program the firmware on their drives. There are people who have described the process on the web, doing such things as installing Linux on the drive's circuit board. There are programmers who still work in machine code and assembler, and can reverse-engineer the firmware.

    The cat is out of the bag now. How long before malware is used for terrorism. If you can somehow install your own firmware without any need for permission or physical access, how long before every hard drive in an identifiable IP block gets trashed?

  11. Anonymous Coward
    Anonymous Coward

    It's not Spyware? it's..

    ..Spookware

  12. Anonymous Coward
    Anonymous Coward

    Just wondering..

    ..why this rather large story has not reached the major UK news outlets. http://www.reuters.com/article/2015/02/17/us-usa-cyberspying-idUSKBN0LK1QV20150217

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like