A Russian research group, Kaspersky Lab, has uncovered a very tricky bit of NSA spyware that can embed in virtually any hard drive, no matter the manufacturer, to collect information, or even control computers remotely:
According to Kaspersky, the spies made a technological breakthrough by figuring out how to lodge malicious software in the obscure code called firmware that launches every time a computer is turned on. . . .
Though the leaders of the still-active espionage campaign could have taken control of thousands of PCs, giving them the ability to steal files or eavesdrop on anything they wanted, the spies were selective and only established full remote control over machines belonging to the most desirable foreign targets, according to Raiu. He said Kaspersky found only a few especially high-value computers with the hard-drive infections.
The question is how spies got the source code for these hard drives. One couldn’t guess at such information, so the spies would have had to gain access to insider information. Is it possible the hard drive manufacturers cooperated with the NSA? Possibly.
But that should worry us. Given the fact that most if not all of these hard drives are manufactured in China, it could very well be the case that other countries, besides the US, have gained access to this information. And it would be all too easy for China to embed spyware in the hard drives at their source. I wouldn’t be surprised if something like this had already happened.
So what now? This technique has been exposed, and it is likely that countries or entities in opposition to the US will do what they can to get clean hard drives free from spyware. Further, this will probably hurt American tech exports, and continue to deteriorate our relations with nominally friendly countries. I’m not sure such a fallout was worth the risk. Does that mean the NSA will stop doing things like this? Likely not.