Page 1 of 2 1 2 LastLast
Results 1 to 15 of 18

Thread: Big-brand hard drive firmware is RIDDLED with NSA SPY KIT

  1. #1
    #DeSantis2024 Teh One Who Knocks's Avatar
    Join Date
    Jan 2011
    Location
    5280' Above Sea Level
    Posts
    256,044
    vCash
    10966
    Mentioned
    20 Post(s)
    Thanks
    23,810
    Thanked 113,085 Times in 59,902 Posts

    Notice Big-brand hard drive firmware is RIDDLED with NSA SPY KIT

    Darren Pauli - The Register


    America's National Security Agency (NSA) has infected hard disk firmware with spy nasties in a campaign valued as highly as Stuxnet and dating back at least 14 years and possibly up to two decades, according to an analysis by Kaspersky Labs.

    The campaign infected possibly tens of thousands of computers in telecommunications providers, governments, militaries, utilities, and mass media organisations among others in more than 30 countries.

    The agency is said to have compromised hard drive firmware for more than a dozen top brands, including Seagate, Western Digital, IBM, Toshiba, Samsung and Maxtor, Kaspersky researchers revealed.

    Reuters reports sources formerly working with the NSA confirmed the agency was responsible for the attacks, which Kaspersky doesn't lay at the feet of the agency.

    Kaspersky's analysis says the NSA made a breakthrough by infecting hard disk firmware with malware known only as nls_933w.dll capable of persisting across machine wipes to re-infect targeted systems.



    Researchers said the actors dubbed 'The Equation Group' had access to the firmware source code and flexed their full remote access control over infected machines only for high value targets.



    "The Equation group is probably one of the most sophisticated cyber attack groups in the world," Kaspersky bods said in an advisory.

    "This is an astonishing technical accomplishment and is testament to the group's abilities."

    "For many years they have interacted with other powerful groups, such as the Stuxnet and Flame groups; always from a position of superiority, as they had access to exploits earlier than the others."

    It called the campaign the "Death Star" of the malware universe, and said (PDF) the Equation moniker was given based on the attackers' "love for encryption algorithms and obfuscation strategies".

    Reuters sources at the NSA said the agency would sometimes pose as software developers to trick manufacturers into supplying source code, or could simply keep a copy of the data when the agency did official code audits on behalf of the Pentagon.

    Western Digital said it did not share source code with the agency. It was unknown if other named hard drive manufacturers had done so.

    Vectors

    The agency spread its spy tools through compromised watering hole jihadist sites and by intercepting and infecting removable media including CDs.

    The latter vector was discovered in 2009 when a scientist named Grzegorz Brzeczyszczykiewicz received a CD sent by a unnamed prestigious international scientific conference he had just attended in Houston.

    Kaspersky said that CD contained three exploits, of which two were zero day, sent by the "almost omnipotent" attack group.

    Another method included a custom malware dubbed Fanny which used two zero day flaws identical to those executed later in Stuxnet.

    Its main purpose, Kaspersky's researchers said, was to map air-gap networks using a unique USB-based command and control mechanism which could pass data back and forth from air-gapped networks.

    This researchers said indicated the authors worked in collaboration with those behind the Natanz uranium plant weapon and further shored-up claims the NSA was behind the detailed attacks.

    Other trojans used in the prolonged and wipe spread attacks were dubbed Equationlaser; Equationdrug; Doublefantasy; Triplefantasy, and Grayfish.

    It detailed the trojans in a document:

    • EQUATIONDRUG – A very complex attack platform used by the group on its victims. It supports a module plugin system, which can be dynamically uploaded and unloaded by the attackers.
    • DOUBLEFANTASY – A validator-style Trojan, designed to confirm the target is the intended one. If the target is confirmed, they get upgraded to a moresophisticated platform such as EQUATIONDRUG or GRAYFISH.
    • EQUESTRE – Same as EQUATIONDRUG.
    • TRIPLEFANTASY – Full-featured backdoor sometimes used in tandem with GRAYFISH. Looks like an upgrade of DOUBLEFANTASY, and is possibly a more recent validator-style plugin.
    • GRAYFISH – The most sophisticated attack platform from the EQUATION Group. It resides completely in the registry, relying on a bootkit to gain execution at OS startup.
    • FANNY – A computer worm created in 2008 and used to gather information about targets in the Middle East and Asia. Some victims appear to have been upgraded first to DoubleFantasy, and then to the EQUATIONDRUG system.
    • Fanny used exploits for two zero-day vulnerabilities which were later discovered with Stuxnet.
    • EQUATIONLASER – An early implant from the EQUATION group, used around2001-2004. Compatible with Windows 95/98, and created sometime between DOUBLEFANTASY and EQUATIONDRUG.




    Kaspersky has included indicators of compromise for the malware strains it refers to and will publish an update in the coming days, it has said.

  2. #2
    Dilly dilly Goofy's Avatar
    Join Date
    Jan 2011
    Location
    On the oche
    Posts
    52,011
    vCash
    5200
    Mentioned
    124 Post(s)
    Thanks
    6,061
    Thanked 13,156 Times in 6,846 Posts

  3. #3
    unedited FBD's Avatar
    Join Date
    Mar 2011
    Location
    26,000LYR out, paying taxes to pedophiles
    Posts
    24,602
    vCash
    1000
    Mentioned
    10 Post(s)
    Thanks
    15,855
    Thanked 5,822 Times in 3,934 Posts
    Almost the entire government is illegal

  4. #4
    Forever Alone! Loser's Avatar
    Join Date
    Jan 2011
    Location
    Surrounded by amish Q.Q
    Posts
    5,490
    vCash
    3000
    Mentioned
    0 Post(s)
    Thanks
    3,738
    Thanked 1,286 Times in 869 Posts
    "Windows"....

    Quote Originally Posted by Hal-9000 View Post
    I already have your name on my butthole...too bad the tattoo artist couldn't spell
    Looser
    Quote Originally Posted by Hal-9000 View Post
    murder my ass..shove it up my ass....both are beautiful terms of endearment

  5. #5
    unedited FBD's Avatar
    Join Date
    Mar 2011
    Location
    26,000LYR out, paying taxes to pedophiles
    Posts
    24,602
    vCash
    1000
    Mentioned
    10 Post(s)
    Thanks
    15,855
    Thanked 5,822 Times in 3,934 Posts
    "security" any computer of mine that has anything important on it has no network connection.

  6. #6
    unedited FBD's Avatar
    Join Date
    Mar 2011
    Location
    26,000LYR out, paying taxes to pedophiles
    Posts
    24,602
    vCash
    1000
    Mentioned
    10 Post(s)
    Thanks
    15,855
    Thanked 5,822 Times in 3,934 Posts
    of importance:

    Reuters sources at the NSA said the agency would sometimes pose as software developers to trick manufacturers into supplying source code, or could simply keep a copy of the data when the agency did official code audits on behalf of the Pentagon.

    Western Digital said it did not share source code with the agency. It was unknown if other named hard drive manufacturers had done so.
    This is NOT some "software trick." This is fuggin firmware embedded into devices.

    So while Western Digital may have not been lying when it said "it didnt share code with the agency" note that they said absolutely nothing about the fact they simply LET the NSA do this, under threats or not, this was done with the full knowledge and cooperation of every single one of these companies.


    Essentially what the NSA is doing is hobbling US tech industry by completely breaking all of the security.

    It is well known that the NSA actually has its own security hash for windows operation systems. (While all the time MS insisted there were only two, there were three, and the third was handed directly over to the spy agencies.)

    Its going to drive as many foreign companies as possible away from US or Israeli based products.

  7. #7
    transracial Hal-9000's Avatar
    Join Date
    Jan 2011
    Location
    On the Discovery
    Posts
    92,141
    vCash
    1000
    Mentioned
    1 Post(s)
    Thanks
    5,799
    Thanked 11,829 Times in 8,168 Posts
    that's probably why the windows updates were such a shitshow on my last install

  8. #8
    Shelter Dweller PorkChopSandwiches's Avatar
    Join Date
    Jan 2011
    Posts
    77,135
    vCash
    5000
    Mentioned
    15 Post(s)
    Thanks
    47,197
    Thanked 29,254 Times in 16,488 Posts
    Quote Originally Posted by Loser View Post
    "Windows"....
    Its at the BIOS level, its ALL computers.






  9. #9
    transracial Hal-9000's Avatar
    Join Date
    Jan 2011
    Location
    On the Discovery
    Posts
    92,141
    vCash
    1000
    Mentioned
    1 Post(s)
    Thanks
    5,799
    Thanked 11,829 Times in 8,168 Posts
    yep....MBR then load VBR



    bastards

  10. #10
    unedited FBD's Avatar
    Join Date
    Mar 2011
    Location
    26,000LYR out, paying taxes to pedophiles
    Posts
    24,602
    vCash
    1000
    Mentioned
    10 Post(s)
    Thanks
    15,855
    Thanked 5,822 Times in 3,934 Posts
    Quote Originally Posted by PorkChopSandwiches View Post
    Its at the BIOS level, its ALL computers.
    hdd firmware - BIOS is easily enough to upgrade and overwrite, but who's getting at their fkn hdd firmware? fugettaboutit, you cant touch it. you have to buy a hdd from a mfg who has not sold their soul and their customer's data to the NSA

  11. #11
    Shelter Dweller PorkChopSandwiches's Avatar
    Join Date
    Jan 2011
    Posts
    77,135
    vCash
    5000
    Mentioned
    15 Post(s)
    Thanks
    47,197
    Thanked 29,254 Times in 16,488 Posts
    My bad, but yeah, thats what I meant






  12. #12
    unedited FBD's Avatar
    Join Date
    Mar 2011
    Location
    26,000LYR out, paying taxes to pedophiles
    Posts
    24,602
    vCash
    1000
    Mentioned
    10 Post(s)
    Thanks
    15,855
    Thanked 5,822 Times in 3,934 Posts
    I know (that you knew)

  13. The Following User Says Thank You to FBD For This Useful Post:

    PorkChopSandwiches (02-17-2015)

  14. #13
    Forever Alone! Loser's Avatar
    Join Date
    Jan 2011
    Location
    Surrounded by amish Q.Q
    Posts
    5,490
    vCash
    3000
    Mentioned
    0 Post(s)
    Thanks
    3,738
    Thanked 1,286 Times in 869 Posts
    Quote Originally Posted by PorkChopSandwiches View Post
    Its at the BIOS level, its ALL computers.
    It's at the bios level, that has to access "nls_933w.dll", which is a windows protocol.

    Without accessing "nls_933w.dll", the bios based malware does NOT get root privileges. Therefor, linux isn't affected.

    Quote Originally Posted by Hal-9000 View Post
    I already have your name on my butthole...too bad the tattoo artist couldn't spell
    Looser
    Quote Originally Posted by Hal-9000 View Post
    murder my ass..shove it up my ass....both are beautiful terms of endearment

  15. #14
    unedited FBD's Avatar
    Join Date
    Mar 2011
    Location
    26,000LYR out, paying taxes to pedophiles
    Posts
    24,602
    vCash
    1000
    Mentioned
    10 Post(s)
    Thanks
    15,855
    Thanked 5,822 Times in 3,934 Posts
    linux isnt invulnerable, but I dont think anyone's questioning its astronomically more secure than windows. that dll isnt the only mechanism either, so its not specific to windows.

  16. #15
    Forever Alone! Loser's Avatar
    Join Date
    Jan 2011
    Location
    Surrounded by amish Q.Q
    Posts
    5,490
    vCash
    3000
    Mentioned
    0 Post(s)
    Thanks
    3,738
    Thanked 1,286 Times in 869 Posts
    I'm not saying it is. It's just magnitudes less vulnerable than windows.

    A lot of the issues I have with windows is the fact that it's closed source, and if you believe microshit hasn't put holes in their software at the bidding of the government, you're delusional.

    Quote Originally Posted by Hal-9000 View Post
    I already have your name on my butthole...too bad the tattoo artist couldn't spell
    Looser
    Quote Originally Posted by Hal-9000 View Post
    murder my ass..shove it up my ass....both are beautiful terms of endearment

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •