NSA planted surveillance software on hard drives, report says

The National Security Agency is able to infect hard drives with surveillance software to spy on computers, Reuters said on Tuesday, citing information from cyber researchers and former NSA operatives.

In a new report, Kaspersky revealed the existence of a group dubbed The Equation Group capable of directly accessing the firmware of hard drives from Western Digital, Seagate, Toshiba, IBM, Micron, Samsung and other drive makers. As such, the group has been able to implant spyware on hard drives to conduct surveillance on computers around the world.

In a blog posted on Monday, Kaspersky said this threat has been around for almost 20 years and “surpasses anything known in terms of complexity and sophistication of techniques.” The security researcher called the group “unique almost in every aspect of their activities: they use tools that are very complicated and expensive to develop, in order to infect victims, retrieve data and hide activity in an outstandingly professional way, and utilize classic spying techniques to deliver malicious payloads to the victims.”

Surveillance software implanted on hard drives is especially dangerous as it becomes active each time the PC boots up and thus can infect the computer over and over again without the user’s knowledge. Though this type of spyware could have surfaced on a “majority of the world’s computers,” Kaspersky cited thousands or possibly tens of thousands of infections across 30 different countries.

Infected parties and industries include government and diplomatic institutions, as well as those involved in telecommunications, aerospace, energy, nuclear research, oil and gas, military and nanotechnology. Also, included are Islamic activists and scholars, mass media, the transportation sector, financial institutions and companies developing encryption technologies.

And who’s responsible for this sophisticated spyware?

Kaspersky didn’t name names but did say that the group has ties to Stuxnet, a virus used to infect Iran’s uranium enrichment facility. The NSA has been accused of planting Stuxnet, leading Reuters to finger the agency as the source behind the hard drive spyware, especially based on outside information.

Kaspersky’s analysis was right, a former NSA employee told Reuters, adding that the agency valued this type of spyware as highly as Stuxnet. Another “former intelligence operative” said that the NSA developed this method of embedding spyware in hard drives but said he didn’t know which surveillance efforts used it.

Lead Kaspersky researcher Costin Raiu told Reuters that the creators of the spyware must have had access to the source code for the infected hard drives. Such code can pinpoint vulnerabilities that can be exploited by malicious-software writers.

“There is zero chance that someone could rewrite the [hard drive] operating system using public information,” Raiu said.

A spokesperson for Western Digital told Reuters that the company had not “provided its source code to government agencies.” A Seagate spokesman said the company takes secure measures to guard against tampering or reverse engineering of its hard drive firmware. And a Micron spokesman said that “we are not aware of any instances of foreign code.”

However, the NSA has ways of accessing source code from technology firms, Reuters said, including simply asking for it directly and posing as a software developer.

“They don’t admit it, but they do say, ‘We’re going to do an evaluation, we need the source code,'” Vincent Liu, a partner at security consulting firm Bishop Fox and former NSA analyst said. “It’s usually the NSA doing the evaluation, and it’s a pretty small leap to say they’re going to keep that source code.”

Responding to a request for comment, the NSA sent CNET the following statement:

We are aware of the recently released report. We are not going to comment publicly on any allegations that the report raises, or discuss any details. On January 17, 2014, the President gave a detailed address about our signals intelligence activities, and he also issued Presidential Policy Directive 28 (PPD-28). As we have affirmed publicly many times, we continue to abide by the commitments made in the President’s speech and PPD-28. The U.S. Government calls on our intelligence agencies to protect the United States, its citizens, and its allies from a wide array of serious threats – including terrorist plots from al-Qaeda, ISIL, and others; the proliferation of weapons of mass destruction; foreign aggression against ourselves and our allies; and international criminal organizations.


How to get 2GB free on Google Drive

Nicole Cozma/CNET

A recent blog post by Google details how you can earn an extra 2GB of space for photos, documents, spreadsheets or whatever else you store on Drive. To get your free space, you’ll have to perform a security checkup on your account by February 17, 2015.

Google account recovery information.Screenshot by Nicole Cozma/CNET

To get started, head to the Security checkup that Google provides for your account. You’ll need to verify your backup information, including phone number, recovery email address and backup security question. These fields must be filled out for this portion of the security checkup to be considered complete.

Recent activity on your Google account.Screenshot by Nicole Cozma/CNET

Now you’ll be able to check your recent activity. This is all devices that have recently signed in to your account. If you have any mobile devices you have attached to your Google account, you will see them in this list. If something looks wrong, you’ll be prompted to change the password on your account to make sure the device in question can no longer connect.

Google account permissions.Screenshot by Nicole Cozma/CNET

This next section might be a long one if you’ve used Google to log in to many devices or websites. Each device and site will be listed with a Remove button to the right, allowing you to cancel access right now. You can always come back to this at a later time if you change devices or no longer want to use a specific website/service. This is the end of the security checkup if you are not using two-step authentication.

App-specific passwords.Screenshot by Nicole Cozma/CNET

If you are using two-step authentication on your account, you may notice that some devices do not support the authentication code. For these, you would have used an application-specific password. This section allows you to revoke any of the devices you no longer want on your account.

Two-step verification settings.Screenshot by Nicole Cozma/CNET

The final section of the security checkup includes your 2-step verification settings, which should include a backup phone number and backup codes. The phone number will help you work out access to your account with Google if you lose other methods of logging in, and the backup codes serve as one-use passwords if you lose the authenticator.

After finishing, you’ll see a “Nicely done” page load, and the 2 GB of Drive space will be awarded to your account around February 28, 2015, according to Google. So hurry, and grab your free gigs now!