WASHINGTON: The US National Security Agency reportedly figured out how to conceal spyware in hard drives. Any errors in the implanted malware would completely destroy a hard drive, rendering a computer useless and unable to boot up.
As a matter of policy, Kaspersky Lab, which publicized the discovery in a report on Monday, withheld the name of the country it suspects of being behind the operation.
But the Moscow-based anti-virus company said the country behind the implanted spyware was closely linked to Stuxnet, the computer worm deployed by the U.S. National Security Agency to disable Iran’s nuclear-enrichment capabilities.
A highly reputable anti-virus firm, was correct. They said the NSA’s ability to secretly embed spyware into hard drives has long been prized by the surveillance agency.
While the scope of the operation isn’t fully understood yet, Kaspersky’s chief malware analyst and other cybersecurity experts helped explain what’s contained in the report, how the spyware works and why the revelations may have caught so many by surprise.
How is this spyware unique?
Cybersecurity researchers have detected malware — foreign software that’s intended to disable or take over a computer — on computer operating systems in the past.
Vitaly Kamluk, principal security researcher at Moscow-based Kaspersky Lab, says one of the only ways for any party to acquire the source code for a hard drive would be to steal it from the manufacturer. (YouTube)
But this presents a new level of sophistication that Kaspersky’s principal security researcher Vitaly Kamluk calls “revolutionary.”
“Until now, we’ve never seen malware get to the micro-code, the microsystem running the hard drive itself,” Kamluk said from Singapore.
To implant spyware on hard drives would require the device’s source code — the raw written backbone of software that users would never see — and perhaps product blueprints that “only manufacturers would have access to,” Kamluk said, suggesting such proprietary information could only be obtained through limited means.