The NSA has a long history of questionable spying methods for the purpose of national security. With the use of home computers and mobile devices increasing exponentially in today’s world, its no surprise that cyberspying is the agency’s number one priority. Viruses and malware are words every computer user is familiar with, and most have negative experiences involving loss of data, privacy breaches and even identity theft. Until now, virus and malware removal has been fairly straightforward with the right tools or tech knowledge; simply delete the antagonistic data and move on. But what if this process lost its effectiveness? Recent findings by Russian security firm Kaspersky Labs reveals the latest mutation – spying software that cannot be deleted.
How is this possible? First, a little background on software vs firmware.
Software vs. Firmware
This is a very common term in today’s world, and most people can define what software is. By the same token, many people struggle defining what software isn’t. Ask anybody – most will say software is programs and data that preform virtual functions on a computer system. This definition is correct, but also defines and overlaps the concept of firmware. Where software may be any aspect of installable and functional computer data; firmware refers to data you cannot uninstall (for the most part). For example, when you clicked the left button on your mouse navigating to this article, the firmware stored in your computer mouse’s hardware recognized this action and translated it into information your web browser software could act upon. Its important to mention firmware can be changed and modified, but only if the hardware supports it. Much of firmware is stored on ROM (read-only memory), and is essentially “written in stone”.
The NSA and Firmware Spyware
The NSA has figured out how to hide spyware within the firmware of most hard drive manufacturers, including Western Digital, Seagate, Toshiba, and other high-volume memory companies. This particular spyware, unlike your average software based malware, is virtually permanent. Though Kaspersky declined to publicly name the country responsible, the report did state the spying campaign was closly linked to Stuxnet, the NSA-lead cyberweapon behind attacks on Iran’s uranium enrichment facility. A former NSA employee confirmed Kaspersky’s findings, and mentioned that individuals within the intelligence agency valued these spying mechanisms highly for data gathering. A recent comment by Peter Swire, one of the five members of U.S Presedent Barack Obama’s Review Group on Intelligence and Communications Technology, expressed concern for the country to consider the repercussions of such spying systems on diplomatic and trade relations. “There can be serious negative effects on other U.S interests,” said Swire.
In their report, Kaspersky released this map showing countries effected:
A more detailed article by Reuters digs deeper into the issue, read it here.