"flexed their full remote access control over infected machines only for high value targets."
Which recent history has shown to be anything/one that is not NSA.
The US National Security Agency (NSA) infected hard disk firmware with spyware in a campaign valued as highly as Stuxnet that dates back at least 14 years and possibly up to two decades – all according to an analysis by Kaspersky Labs. The campaign infected possibly tens of thousands of Windows computers in telecommunications …
Apparently not Microsoft Windows either. Well, I guess Microsoft could of NOT known about this, which leads me to believe that Microsoft's own kernel was NOT written to accommodate this (which truthfully there is a lot of things Microsoft's kernel might NOT pick up on). So, Microsoft did NOT know about this, so what else do they NOT know?
Doesn't it make you feel like a secure Windows user when Windows just runs anything that is present? GO MICROSOFT! (Of course, is there a '...u.o' out there? Wait, would it matter?).
Any security software that relies on obfuscation is only a false hope of security. For example, if an encryption algorithm is mathematically sound, then there is no need for the algorithm itself to be secret. Knowing that there cannot be any benefit from the source code being secret, while there can of course be backdoors, why should we trust it? Wouldn't an open source version be more trustworthy simply because it makes it very hard indeed to hide a backdoor?
"Because they don't prevent these sort of attacks when the attacker has a copy of the key"
Just like any security system - you have to trust the author. If there was a boot loader around with a different checksum, it would soon be spotted.
"But they do prevent you installing anything else to prevent these attacks"
No, they don't stop that at all.
Wouldn't stop the NSA for long. All they need is a signing key or signing of their own bootloader. I can think straight away of three ways to get these:
1. Hack Microsoft. Either technologically, or via blackmail/bribery.
2. Super-secret national security letter demanding MS sign the NSA hack, or else someone goes to jail.
3. Hint that people with Influence really want MS to be cooperative on this, and the government is considering converting a couple of departments to Windows 10 and Surface tablets.
"Wouldn't stop the NSA for long. All they need is a signing key or signing of their own bootloader"
Anybody involved in this would go out of business very quickly - all their trust keys would be revoked and they'd be *extremely* lucky to have anybody ever accept them again.
"Anybody involved in this would go out of business very quickly - all their trust keys would be revoked and they'd be *extremely* lucky to have anybody ever accept them again."
And anybody NOT involved in this would lose a lot of customers and business just as quickly - so it's a dilemma. Defy and America blacklists you. Submit and everyone else blacklists you.
If you look to the future, which is admittedly a bit of an ask for most current CEOs, it's not that much of a dilemma.
Defy, and be damned to the Americans.
The IT world isn't anything like as US-centric as it was even ten years ago - and even then, things were heading away from The Land Of The Free (TM). When I started in IT, longer ago than I care to remember, the US held most of the market and most of the knowledge. Now a lot of that has gone to India and China, encouraged by a generation of short-sighted idiots who were, and are, chronically incapable of seeing further than three months ahead.
In ten years time, I can see the US becoming a technological backwater, with its priceless technical and manufacturing capabilities thrown to the dogs by myopic bean-counters, egged on by the retards of Wall Street. The people I feel sorry for are the ordinary Yanks with families to support and roofs to keep over their heads, as they'll cop for the fall out.
"And anybody NOT involved in this would lose a lot of customers and business just as quickly - so it's a dilemma. Defy and America blacklists you. Submit and everyone else blacklists you."
That's why the USA needs to get their ass to mars so as to stop messing the planet up for the rest of us and stop meddling with our legal system (via treaties or strongarm tactics)
Nuke icon because at least we'd be free of US tyranny if they did all board Mars One.
I do think VM's will be next, Not that I am saying they are Now a issue, but a sub 5meg VM of a DOS or Tinycore Linux really screwed down @ about 8meg, on a Fast Internet Connection, with Virtualisation enabled on a Unsecured/unpatched windows box, could/would install in seconds, and then be running in background, either on a Real PC on a Cloud Server I suspect,
But a theory .......
All true, I am still running Debian on Amiga 2000/060, 128mg ram, it's .iso is about 2.8 meg (OS only), however, I think giving the game anyway is a mistake, I was looking at updating old Concurrent DOS, as a plaything, less than 500kb, install... Tinycore can be nailed down a lot, 8 meg core, 12 meg with apps, is the way it comes from "factory", but it is Linux, cull, install, set it up to do what you want ... The original Amiga OS could run multitasking OS in about 1meg, so it is possible ..
Anybody involved in this would go out of business very quickly
Builders start a business, get credit with suppliers, max out credit, then go out of business *all the time*, the same builders, using the very same suppliers, that they ripped off two months ago.
Why is this possible? Because of "securitisation", the suppliers just sell the credit on to "investors" for an immediate return. After that it's not their problem what happens to payments so they don't care, as long as there is a market for high yield paper, everyone are golden.
A similar business model must already exist around key signing.
"Anybody involved in this would go out of business very quickly - all their trust keys would be revoked and they'd be *extremely* lucky to have anybody ever accept them again."
Vendors are compelled to comply with the law - regardless of how stupid or counterproductive it may be.
Besides I'll bet that most people would choose to have their machine boot with the NSA malware in place than not boot at all.
At least the greybeards with old PDP-11s running V7 UNIX in the basement can bootstrap via toggle switches, so the world hasn't ended yet. ;)
@AC: If, as you say, the toolkit isn't limited to windows then are you claiming that they have managed to pre-install a firmware for hard drives that contains malware to cover Linux, windows, OS X and bsd in x86, x86_64 and AMD variants? Not fucking likely. 32bit windows would be my guess.
"It's taken this long - and this event - to make your realize that the US has been a fascist police state since, well, the 1960s? Have you been out of town?"
You dont think every other government on the planet wouldnt do the same if they could (and perhaps already are)? Wake up sleeping beauty and smell some WelcomeToTheRealWorld coffee.
I remain unbagged and unvanned at the time of writing, thank you for your enquiry.
The line remained unfinished because I was just back from the pub so I could have gone on a multi-page rant about the entitled tosspots who think they have a fucking right to mess with my own possessions in my own fucking house...or I could just fire up the Xbox and work out my ire on some pixels; which I did.
Likely it doesn't "force" anything. It probably intercepts calls to well-known Windows boot files and replaces them with it's own version. Might be behind a blue-screen or two but then you'd realise when you bin the drive it fixes itself (however, by then, the malware is likely inside your core Windows images and backups).
But, yes, you have to start somewhere - you can't make a any-platform malware that'll work for everything, so you likely just write for your most likely target.
More importantly, this will stop source-code access to such things and/or stop foreign entities trusting anything made in the US. And likely they aren't the first. There's never been anything stopping a hard disk firmware literally KNOWING when you are accessing, say, the Windows boot process files and slipping in its own data. It could even interpret the NTFS, check filenames, boot sectors, etc. on-the-fly.
Except... surely... if you're encrypting everything that goes to disk, even the OS (which is the only secure way to encrypt)... this is useless? The hard disk won't be party to the key (because the read sectors will be encrypted data or an encrypted key which is only unlocked in RAM by the user's entered key?), and will never spot that the data going through it is ripe for insertion, nor have the ability to do so undetected.
The only chance to infect is initial boot and, well, wouldn't TPM and/or privately signed bootloaders stop that in its tracks? Again, anyone SERIOUS about not wanting the NSA et al inside their machine (e.g. Iranian nuclear plants, Chinese military, etc.) could probably just encrypt and enforce basic security and they're done?
Sorry, but these are attacks against bog-standard mainstream PC's with no security. Anyone with a brain shouldn't be storing anything of interest in there.
Sure, so we should all give up and just email our passwords to the NSA / GCHQ, then?
No. Sorry. If the hard drive could be malware, then basic system security and encryption would have prevented it BEFORE we even knew about this attack. So enforce security or stop using hard drives. Same all the way to the metal in every case. Hell, you can use another motherboard/processor, but access to that kind of size of data storage isn't something that's available in every electronics hobbyist shed so you may be forced into using them.
However, biggest thing would probably be - WATCH YOUR CONNECTIONS, because the only sensible way to control these things and have them talk back is to be on the net. And if someone is implanting Win32 malware into drive firmware, then you need to start watching what's going on in your supply chain - particularly because it means you're putting bog-standard Windows machines in areas that you shouldn't be.
This is not "you can stop everyone getting in, ever", it's basic security. I'm sorry but it's embarrassing for you if your nuclear power plant is running on general purpose x86 hardware that loads from SATA and doesn't bother to check integrity of bootloaders, it really is. And it's laughable that NSA etc. are bothering to attack such open machines in so blatant - and recordable - a fashion.
Secure your important stuff as if... well as if were important that others didn't get into it.
... Or you go to Korea and show the geeks who wrote the software for the disc controllers a really good time and a duffel of nice, crisp, 500 EUR notes ... Theirs if they could, like, add one or two binaries to the link list - and the photo documentation of the really good time would not need to be published either.
"Or you go to Korea and show the geeks who wrote the software for the disc controllers a really good time"
Do you think this hasn't already happened?
One of the things which is coming out of the Snowden revelations is that like decent security, serious attack plans tend to be layered too.
I think you give IT departments and users too much credit. Weren't we just treated to stories about how the Sony Pictures hack was aided by some unencrypted Excel spreadsheet of logins and passwords left lying around somewhere on the Sony Pictures network, where the bad guys scooped it up?
If major corporations who know they have intellectual property to protect can do that kind of self-evidently stupid stuff, imagine how many machines can be swept up by something like what the NSA is doing.
If major corporations who know they have intellectual property to protect can do that kind of self-evidently stupid stuff, ...
It is very simple:
Eliminating processes that does not produce a visible result to customers or on the bottom line is a Very Important Strategy in <Place-holder for the latest management religion/fad to infest businesses>
It quickly becomes kind-of hard to defend the wasting resources on security when there is never any hacking incidents. So the accountants can always scale back the costs.
However, once security becomes crappy enough, then the dynamics become self-reinforcing: There will never be any incidents because the gutted IT-systems cannot actually detect anything and the remaining staff left in IT, being the dregs of the barrel and living on the cutting edge of outplacement, will always fear that any problem there is was something they did or it will be blamed on them, triggering further pink-slipping (besides, the network monitoring is long since p0wned and lying about everything).
The corporation, now like a larvae infested by a parasitic wasp, is just happily chucking along until the hackers get bored and spill the beans.
"I'm sorry but it's embarrassing for you if your nuclear power plant is running on general purpose x86 hardware that loads from SATA and doesn't bother to check integrity of bootloaders, it really is."
Given that VMS is going off support 20 years prematurely, a bunch of existing plants are already in an awkward position.
Patching the Windows components appears to be done dynamically in memory, and would pccure after any decryption of data stored on the disk. The attacks undoubtedly are mainly against "against bog-standard mainstream PC's with no security" but seem designed to evade standared and even quite advanced security protocols. After all, they are intended for use in espionage.
This appears to be a fake name used as a tongue-twister in Polish - see http://translate.google.co.uk/translate?hl=en&sl=pl&u=http://pl.wikipedia.org/wiki/Grzegorz_Brz%25C4%2599czyszczykiewicz&prev=search for a translation of a wikipedia.pl page.
Since this name seems to be fake, I find myself wondering about the veracity of the whole story.
"Since this name seems to be fake, I find myself wondering about the veracity of the whole story.".
Maybe the people responsible for doing the work didn't want to give their names to the NSA in case they suffered a traffic accident along the same lines as Iranian nuclear scientists do? (generally caused by a bullet rather than other road users)
If I was releasing something like this then I can see why I might get quite paranoid.
Yes, the name is obviously fake. It has been used as a joke in a Polish war comedy where a guy interrogated by the Nazis gives a false name impossible by the Gestapo officer to write down. Look for "Grzegorz Brzęczyszczykiewicz. (translated). Polish tongue twister" on YouTube.
Well, actually it is more of a pseudonym than a fake name - it's from a famous Polish film called 'How I unleashed WW II'. The main protagonist uses 'Grzegorz Brzęczyszczykiewicz' as name when caught by the Germans and registering it takes so much time that this saves him. So, yes, it is not a real name, but a well-chosen one given the context.
>I'm a Pole and yes, it's a fake name, it's unlikely that someone would be named like that. Very strange to see this name used in a serious news story...
Happened a while back with a story about Greek hovercrafts being sold off to China. The Navy spokesperson: Kleftos Priapos.
Is there really "zero chance" the malware authors could hack drive firmware without access to the source code? Sure, publicly available firmware binaries are probably obfuscated in nasty ways and would require a lot of reverse engineering even after decryption, but why should that be beyond the ability of a well-resourced organisation like the NSA? There's a long tradition of amateurs hacking DVD-ROM firmware to disable region locking, for example - if J. Random Hacker can do this in the comfort of their own basement, why can't the professionals do it on a grander scale?
Probably is from this particular attack, but, do you honestly think that, in the reported 14 years since this started, nobody at the NSA turned round and said "So, that's Windows, what next, Linux?"
The NSA could well have infected my laptop and... oh, someone at the door, two men in back suits and sunglasses... back in a minute....
I really wish the govt was as competent as this implies.
I'm sure *someone* at the NSA has been assigned to "acquire other assets". So no, Linux is not safe.
Let's not forget they have made it illegal to tell the truth if you DO add a backdoor to your software/hardware for them...
But the gaping barn door that is Windows and the huge distributions of versions, makes it low hanging fruit politicians love so much.
And I'm betting the NSA has its climbers on the inside like any company...
The report concerns itself entirely with analysis of Windows code, which seems to be the only code they have, but they have sinkholed some of the command and control servers and they mention getting traffic that purports to be from Mac OS clients, suggesting that there is a Mac OS version. They also speculate that there is an iOS version but I don't recall that they have any solid evidence for this. No mention of any Linux malware.
This is just one program, but my guess is that they don't find their target audience (which appear to be folks like Islamic scholars or jihadist supporters) using Linux a lot.
But it would be foolish to feel safer (using Linux) because of this non-evidence.
This press releases focusing on the windows attacks, yes. but these guys are tailoring the payload to suit the target.
What is truly terrifying is the scope of the hard drive firmware hacks. All the vendors.
Just think, with control of the firmware you can, determine what os is running, just fingerprint the loader used at boot. If the UEFI signatures are NOT present you can patch the OS loader. Without full drive encryption you can inject any file into the file system at any time, alter any scripts that at any time, to include your payload, say only include the script when another section of data typically used during boot. All other times its read its unpatched.
Now how do you detect this playfullness Easy! Plug in some electronics directly to your hard disk, controller board and read the firmware, and verify its a legit version. HDD manufacturers of course dont help you with anything you need. (Checksums, circuit diagrams, chip descriptions etc). IE virus scanning is IMPRACTICAL
You may find, after much digging a firmware that you can flash to the hard drive, but this assumes that the web site you've gone to has not been poisoned or faked in transit, and to flash the drive without the payload having a chance to activate it can't be in a system as a boot device. So you can''t flash drives daily, and then you''ve got the effects of worn out flash
Ok, so how do you protect your system? UEFI, full disk encryption? Not if they have a valid UEFI key, MS's is loaded everywhere.....
Best solution would be to have the manufacturers include a flash write protect switch/jumper so a local physical action is required to change the firmware, and that may protect you from the nastiest of their virus vectors.
Combine this with instant secure erase, and you don''t have a cyber espionage tool. You have a cyberwarfare WMD when Access time=XXX secure erase.
What is truly terrifying is the scope of the hard drive firmware hacks. All the vendors.
The system memory controller is the same kind of beast - It has a CPU in it (often Cortex M3), running firmware which presumably can be hacked and replaced. Even the SDRAM-chips themselves have some kind of programmable controller inside - back in the day I had to spend a long time crafting a string of micro-code for the SDRAM controller on a Motorola card I did a BSP for.
These chips started as 8-bit, sequential read. Microcode is needed to get 64-bit and burst-read switched on. The SDRAM memory controller loads the microcode to the SDRAM chips on boot. It has a 580 page manual .... Aararraragh .... BLAM ...
What does this have to do with the US technology sector? These types of attacks would be possible if instead of Seagate and Western Digital we had Lenovo and Xiaomi as the main companies making hard drives (which are manufactured outside the US anyway)
The NSA's activities hurt cloud computing or models where overseas data is stored inside the US, but these sort of hacks would make it so there's no difference where your cloud resources lie! Hard drives in a server farm in China or Australia or Switzerland could be hacked just as easily as ones in a server in the US. Perhaps there's no reason for people outside the US to abandon US cloud services, because there's nowhere you can hide from the NSA!
Bearing in mind the actions of the US since 1945 and its increasing belief that it is the only nation that has a god given right to poke it's nose into and control any country it wishes, this should not come as too much of a surprise.
What anyone with an interest in keeping and maintaining their data secure should beware of is assuming that Linux or iOS is immune.
The article states that the NSA has been doing this since at least 2001 and maybe for 2 decades, in 2013 the estimated budget for the NSA alone was 10.8 billion, also according to documents leaked by Snowden the combined alphbet soup agencies budget reached a combined figure of 53.6 billion dollars.
Don't forget the NSA are not the only players and that all of the various intel agencies have their own teams of hackers, if common sense as evidenced on these forums tells people that Windows is the most compromised OS so they should use Linux or iOS etc then the alphbetties will know that just as well and will be sure to target any place that people think is secure. As mentioned good secure housekeeping and where necessary a genuine air gap and good encryption for anything that is valuable/sensitive.
In fairness the US and it's allies are not the only ones trying to steal all that is yours so trust no one and suspect everyone.
Im not a person who agrees in anyway with the statement "If you haven't done anything wrong then you haven't anything to fear", I honestly believe that's an appalling argument.
But the diametrically opposed statement you just made
"so trust no one and suspect everyone"
Is just as bad if not worse and I'm not going to live like that.
I'll take some reasonable precautions, live my life, try and be good. I think that's probably easier and better.
Kaspersky has niftily managed to pick up the call home addresses for some hacked computers, which is rather fortunate, as it could quite easily have been an organisation with totally different designs.
That said, an NSA compromised computer is only so until nefarious hackers under a different flag get a shoe in, using the NSA hacks to their own ends.
You may be honest and morally centred, but when it comes to paying the ransom to get your now encrypted data back, you will be just another Mark.
You could try asking the NSA to recover your data as it was their compromising of your system that allowed the hackers to encrypt it, but I fear, the all hearing all seeing organisation, will suddenly become deaf to your protestations and blind to its involvement.
You think hard disc firmware is scary. Have a look at that iLO or iDRAC or whatever on all your production servers and wonder to yourself:
"WTF is that doing at the moment?"
Hint: it can pause execution of its host, dump any range of memory, registers etc, all without the host knowing what's going on. Its also a Linux box with a full toolset running in plain sight. vPRO covers many desktops in a similar way and hard discs for the rest.
It seems to be the fate of the unsuspecting user that it always is hunting season for him, and there is little hope this will improve soon, even Microsoft would have a hard time fighting organizations with so much resources, in the case they were willing to do so.
Increasing complexity may help. Perhaps firewalls should copy email spam filter techniques by consulting databases with white listed websites and ip addresses. The PDF from Kaspersky showed that this malware makes extensive use of C&C systems. By combining black and white listed ip addresses, the user would not be protected against the malware itself, but could do an attempt to prevent it leaking information to the internet. These databases could, like SPAMHOUSE, collect information about general surfing behavior, and warn when strange addresses are visited.
Um, no, why do you think woowee is making inroads into former cisco territory? because their devices don't get transshipped via the US where they can be intercepted, unsealed, hacked, resealed, repacked and put back on a truck for your delivery.
You are right in the sense that nothing is trust worthy in a world where nothing can be trusted.
The raspberry Pi shows that it is possible to build quite capable firewalls for little cost.
Reading the PDF shows how determined and aggressive the attackers are, what is needed is that the manufacturers in the field selling these products, which are in hindsight sensitive to being hacked, show the same determination to prevent this from happening. The PDF also shows a potential market for Kaspersky and the likes, they could develop such a firewall product, linked to databases, it would not prevent new viruses, but perhaps most of the data leaks they cause. This is not about MS or Linux, it is about raising the bar, the people doing this are the elite in IT, fighting them makes no sense, there will always be flaws in complex systems that they will exploit.
I'm surprised my system hasn't been infected. I update my disk firmware every day just to be sure I have the latest version. Imagine how difficult that would be if I had to remove a jumper to upgrade the firmware and replace it to get back to safe non-writable firmware mode.
reading how they 'cracked' the hash of one to be 'unassigned' and failed to break others, new team took a punt Alan Turing style on it being 'unassigned' in Arabic - and got it
so, if we take the code to be the work of a brilliant mind, and the unassigned being set so any unregistered users logged in they would NOT be targeted, so what else would you deduce about said coders ?
and what do geeks speak - Elvish / Klingon ?
any bets on finding 'unassigned' in these tongues as an MD5 hash :o)
We don't live in a vacuum. As bad as all this NSA press has been, there ARE real bad guys out there.
But making the public vulnerable to external abuse is not sustainable way to vanquish the "enemy".
Because if criminals get this technology it might be used in our institutions to exploit valuable information. Like our banks, for example.
Oh wait a minute...
Unfortunately the NSA/GCHQ *ARE* the real bad guys.
If by "there ARE real bad guys out there" you're referring to people like the Islamists and the IRA, as Steve Bell famously pointed out, they're bad guys wearing clown shoes. Getting hurt by them is like a car accident, you're just unlucky.
No, NSA/GCHQ are *much* *much* worse. As good 'ol King Henry VIII says in "A Man For All Seasons" : they are "a deadly canker in the body politic". They are an infection in the very ideals of our Democracy, and there's no way back from that.
Seems Russia has just pointed out to the rest of the world that they know all the backdoors the US has planted. This comes just after they told the world they have malware on the Wests banking systems which mean they can effectively destroy the western banks if they want to. I wonder if this has anything to do with the Ukraine conflict?
Apart from the French and German efforts at appeasement we should realise we are at war with Russia.
It's bullsh*t. Drive manufacturers would never go for it and the govt would need permission. They'd never risk their brand reputation on it. This is Russian fear mongering as part of the current East/West EU/NATO/Ukraine/sanctions thing. It's a way they can negatively impact a western business. Nice try Vladi (Huilo)
It is clear from the Kaspersky paper Arstechnica links to that the software suite in question is meant for very selective targeting of specific organizations, individuals, and computers. The targets appear to be heavily biased toward what one would expect to be standard espionage targets like diplomatic, military, aerospace, and telecommunications organizations, with some additional antiterrorism and financial crime targets. The NSA is a plausible source, but any other major country would love to have the sources that Kaspersky's usage breakdown suggests; it is interesting that there appear to be no Israeli targets at all.
In addition, while adding a fair amount of interesting detail, the Kaspersky report describes little that should come as a big surprise. BIOS resident malware has been known for a while, and exploits using USB and HDD firmware, although more recently revealed, are not new. Other potential, but probably less likely, targets would include video adapter, SCSI HBA, and LAN card firmware.
Windows is the same kind of target for SIGINT agencies that it is for independent hackers after financial and identity data: the main opportunity. MacOS/iOS, Linux, or *BSD will have been secondary. Widespread Linux use in the web server market might have made it the #2 platform target, but the evident intended use makes it likely that the main target after Windows is MacOS/iOS due to the popularity of iThings; it is not mentioned, but it might well be that there is similar software for Android devices.
The suggestion made or implied in quite a number of posts that ordinary citizens are being targeted by this is quite unwarranted; it is unlikely that the total number of targets affected by this type of activity exceeds the number of intelligence analysts by as much as an order of magnitude, so probably is well under 150,000, assuming the NSA is the source, or 250,000 if they outsource part of the work to other agencies. (NSA, for example, would penetrate and collect on behalf of FBI or DHS targets.) While large, this is a tiny fraction of the population even of Russia, let alone Western Europe, India, China, or the world. Only a select (relative) few will receive these implants. The rest of us will be targets of private entrepreneurs after our identities and money.
"spread its spy tools through compromised watering hole jihadist sites and by intercepting and infecting removable media including CDs.
The latter vector was discovered in 2009 when a scientist named Grzegorz Brzeczyszczykiewicz received a CD sent by a unnamed prestigious international scientific conference he had just attended in Houston."
Isn't this more than a little indiscriminate? I can understand that the NSA/GCHQ/etc. need to be able to penetrate SOME machines that are out there, but sending CDs of conference proceedings (that are bound to be shared with other scientists/technicians the recipient knows) through the mail is going to infect and sweep up a lot of machines that have nothing to do with the actual target. Also, I assume from the scientist's name that he is Polish, and I'm pretty sure that Poland was a NATO ally and one of the "good guys" in 2009--so I'm not going to take it on faith that it was necessary to spy on them. Also, I am going to take another small leap and say that if the NSA intercepted and infected Mr. Brzeczyszczykiewicz's CD, then they probably did the same thing for some number of other attendees of this conference, much less the thousands of other conferences that might have hit the NSA's target list over the years.
Well, thank you again, Edward Snowden. Though this seems to be something that Kaspersky picked up on, the work that Snowden did is what makes sure that this story gets some actual front-page exposure, and is not buried in the back of the tech news section.
I do wonder if this revelation is a little like when the SR-71 was finally revealed to the world. Obviously by then it was old tech, and the boys-in-black had already moved on. I wonder what the Equation Chaps are using these days? Hacking the firmware of LED light bulbs maybe??
One up for scepticism comment. Scepticism is much needed when thinking about what it is the agencies are doing and to whom they most likely are doing it.
However, some time around the advent of ATA drives, and probably earlier for SCSI, disk drive controllers became capable of running an operating system of the complexity order of, say Minix. That is to say, capable of running the disk, managing the device cache, handling a command stream, and editing the data going between the disk and the system to which it is attached.
A hard drive is a dumb storage device that has no way to transfer data to a host with out the host requesting it. Hacking a drive's firmware with some kind of virus would allow you to do nothing.
A hard drive can not execute programs in a PC's memory.
It can not send data to a host unsolicited.
It has no idea what the data being requested is... i.e. jpeg, exe, dll...
It sends LBA's requested by the host and nothing else.
It is not a PC with an OS and a file system that can execute programs.
This story is a joke...
"A hard drive is a dumb storage device that has no way to transfer data to a host with out the host requesting it. Hacking a drive's firmware with some kind of virus would allow you to do nothing."
You are so wrong it's not even funny. If the OS requests data from the disk (such as files for the boot process) and you, the malicious firmware, modifies that data, you can make the OS execute code it shouldn't.
So if Windows requests important_startup_file.dll, you change the content to include code that loads other malicious programs from the disk. Take a look again at the diagrams in the article.
"You are so wrong it's not even funny."
Try reading a specification before making yourself look foolish. Windows does not request important_startup_file.dll from a hard drive. Windows requests a range of LBAs from a hard drive. A hard drive not aware of what is in those LBAs, it just delivers the data.
In your tin foil hat scenario, hacked firmware would not know what file is being requested unless Windows stored the file in the exact same location on every hard drive. Even then, the hacked viral version important_startup_file.dll would have to be the EXACT same size payload or it would not get transfered in its entirety and would most likely not execute.
This is a non-story.
I was thinking so until I posted link about it from last year regarding it, and now from 2009 .. I found this ...
The Post reads ..
I have successfully flashed a Seagate Barracuda 7200.12 ST31000528AS (1TB SATA) drive with the following method: (***Use at your own risk!***)
1. Download ISO from Seagate: http://www.seagate.com/staticfiles/s...2-ALL-CC49.iso
2. mount/extract `PH-CC49.ima` from .iso file
3. dd the .ima to a USB thumb-drive:
`dd if=./PH-CC49.ima of=/dev/sdX bs=512k`
4. Turn off computer and disconnect all drives except drive(s) to be flashed
5. Boot from USB-thumb drive (this will boot into the Seagate Firmware update utility
6. Follow simple on-screen instructions to flash the drive(s)
7. Power off, reconnect everything back, and power on
That's it! No Windows, No bulky CD's, no Grub edits, no FreeDOS, no flaky Windows .exe's
that article, show's reflashing HDD, from there is finding Embedded OS LinuxFlavoured i found in google searches & better, I suspect & casting it in a VM, to play with to ARM up, before it's tested....
I do propose to discuss Technicalities of this !!!
You got a couple of downvotes but that's my thought as well. The software to sort out the the writes and reads of data is less practical than sending a hooker to the mark. All doing all this would prove is how good the government is at pissing away money!
Wonder how many "failed" hard drives (cough drive with weird name instead of product ID in BIOS /cough) were actually NSA fails?
It does concern me that people could have lost data this way if for some reason the drive locked itself during a "routine" installation or transfer to another machine etc.
Way back in July 2013 a demo was given of how to Read / Write & Reflash disk hardware whilst continuing normal OS operating conditions. The POC given allowed the root password to be changed on the fly as part of normal disk IO.
I congratulate the tiny minority of forum members who have viewed the video and understood what was said. Some days It's hard to believe that the majority of Register's readership are allegedly technically competent.
The rest of you should stop playing crossy road or watching the dancing catz and watch the vid. If you don't have the time or inclination to learn about the hardware stuff per se then skip to 33 mins. You may learn some things to your benefit that could vastly improve the content of this allegedly technical discussion.Failing that find someone who can explain it to you.
No doubt the Guardian will have sensational breaking "news" in their usual "no one told us" style. Like the Raytheon RIOT story this - http://www.theguardian.com/world/2013/feb/10/software-tracks-social-media-defence#comments :(
Yeah well I seriously doubt this has any investigative value whatsoever in terms of "preventing terrorism". What this does do though is leave PCs open for identity theft and perhaps blackmail materials. Besides, there is no way all that data glut can be examined real-time so there's no preventative value. All this really proves is that the government is the champion at being bloated and inefficient and wasting good taxpayer money. Not impressed at all...
Biting the hand that feeds IT © 1998–2019