February 17, 2015 6:47 am
Researchers in Russia said they have found a series of sophisticated hacking tools within the hard drives of personal computers built by some of the world’s biggest manufacturers.
Kaspersky Labs, a Moscow-based cyber security company, said it had uncovered the spying software in computers that were used in 30 countries, including Iran, Pakistan, Russia and China, which have long been priorities for US intelligence agencies.
Without accusing the National Security Agency of being the source of the malware, Kaspersky researchers indirectly suggested that the tools were devised by the US.
If a US role in developing the new cyber-tools is confirmed, it could further tarnish the reputation of US technology companies after the damaging revelations about the NSA leaked by Edward Snowden in 2013.
Publishing the technical details of the spyware on Monday, Kaspersky said that they were introduced by a group “that surpasses anything known in terms of complexity and sophistication of techniques”.
Avoiding any direct reference to the NSA, Kaspersky said the spying software had been developed by an entity it called the Equation Group, which it said had been operating for 20 years.
It said, however, that the Equation Group had “solid links” to the creators of Stuxnet — the virus that attacked an Iranian nuclear facility and that wasdeveloped by the US, in co-operation with Israel.
As online threats race up national security agendas and governments look at ways of protecting their national infrastructures a cyber arms race is causing concern to the developed world
According to Kaspersky, one of the surveillance tools is embedded in the computer “firmware”, code that sends messages to the rest of a computer when it is switched on — a development the Russian researchers described as “an astonishing technical accomplishment” because it was so hard to detect and extract.
“To put it simply: for most hard drives there are functions to write into the hardware firmware area, but there are no functions to read it back,” said Costin Raiu, director of the global research and analysis team at Kaspersky Lab. “It means that we are practically blind, and cannot detect hard drives that have been infected by this malware.”
The report said that the Equation Group used the resultant capability to eavesdrop selectively. The targets had included banks, governments, nuclear researchers, military facilities and Islamic activists, it said.
The Kaspersky report also discussed the attempts by the Equation Group to map “air-gapped” networks that are not connected to the internet — as was the case for Iran’s nuclear facilities. It described a “unique USB-based command and control mechanism which allowed the attackers to pass data back and forth from air-gapped networks”.
Western Digital, Seagate and Micron said they had no knowledge of these spying programs. Toshiba and Samsung declined to comment. IBM did not respond to requests for comment.
Additional reporting by Kana Inagaki, Simon Mundy and agencies.