This week, the Internet security firm Kaspersky Lab released new details about a program developed by the NSA that was designed to burrow into the hard drives of computers from major manufactures such as Seagate, Western Digital, and Toshiba.
Unlike some of the other programs we’ve detailed so far, it seems this operation (or at least what data could be recovered from it) was relegated to countries like Algeria, Yemen, Afghanistan, and Iran. Known hotspots for terrorist activity, the nations in question have long since been havens for some of the most well-known organizations active in the international scene.
The company, which just made headlines this weekend for exposing the Carbanak banking trojan, revealed a set of documents which implicate the United States spy agency in undertaking operations that took years to perfect, but once implemented, were capable of seamlessly hopping from one machine to the next and avoiding all but the most thorough of detection methods.
Energy companies, nuclear researchers, telecoms, and military outfits were just a few of the institutions named on the NSA’s laundry list of available targets, all of whom had been connected to terrorists by association or otherwise.
Kaspersky has yet to outright name the NSA as the culprit in the effort, though they say the malware used to make the hops was a direct cousin of the now-infamous Stuxnet virus.
Stuxnet, first found on the Internet under the incarnation ‘Flame’, is still known as one of the most advanced pieces of spying programs manufactured to date, and has long since been ousted as a joint effort between the NSA and Israel surveillance agencies attempting to put a stop to uranium enrichment programs within Iranian borders.
The only confirmation sources have been able to use to verify the claim come from an unnamed NSA employee, who like Snowden before him, has chosen to speak out to the press about the government’s mandates in light of their overstepped boundaries in the hopes that media attention might bring a stop to a system run out of control.
Thankfully, according to Kaspersky’s independent report, the technology was reserved only for the highest profile targets in order to preserve its secrecy and efficiency. This is in stark contrast to other offensives launched by the agency, including the recording and archiving of hundreds of millions of cell phone calls every day by the NSA both domestically and abroad.
Most of the hard drive manufacturers implicated in the investigation/leak say they had no prior knowledge of the operation’s existence, and their companies would be working diligently to uproot any flaws in their systems which might allow surveillance teams to spy on their customers, legal or otherwise.
That said, the agency could have only developed these measures with explicit knowledge of the source code that makes each hard drive tick, respectively. This could have been achieved in myriad ways, though it’s suspected that social engineering was the primary culprit in the end.
The NSA would go to a hard drive manufacturer posing as an independent third-party software vendor, and the rest was as simple as playing the part from there.
“They don’t admit it, but they do say, ‘We’re going to do an evaluation, we need the source code,'” said Vincent Liu, a partner at security consulting firm Bishop Fox and former NSA analyst. “It’s usually the NSA doing the evaluation, and it’s a pretty small leap to say they’re going to keep that source code.”
For now, all we really know about the group responsible for the infection is the name that Kaspersky gave them, based on their love of methodically breaking encryption down by the basics of its internal math: “the Equation Group”.