Security researchers at Kaspersky Lab in Russia report that they have discovered how American intelligence agencies have subverted computer hardware, software and networks in an effort to spy on other countries. The surveillance and sabotage technologies have been discovered in systems in China, Iran, Pakistan, Russia, and elsewhere.
Kaspersky has a policy of not naming countries it believes are behind hacking attacks. But it says that unnamed intelligence agencies—clearly the National Security Agency (NSA) and the United States Cyber Command—from an unnamed country—the United States—have figured out how to hack virtually anything—computers, hard drives, software and networks—in ways that have thus far eluded detection and then cannot be removed.
And they’ve been doing so for decades, at least as far back as 2001.
This hacking “surpasses anything known in terms of complexity and sophistication of techniques, and that has been active for almost two decades,” the firm claimed. And Kaspersky has been able to identify key similarities from famous electronic attacks such as 2010’s Stuxnet—a successful effort to set back Iran’s nuclear program—with other attacks, some older and some more recent.
Kaspersky specifically called out one example of the hacking: it found very similar malware in the controller code for hard drives manufactured by Micron, Samsung, Seagate and Western Digital. This malware can survive even the drive makers’ own recovery tools, and of course can survive OS reinstalls should an antimalware solution flag suspicious behavior. The hard drive makers say they are unaware of this activity and in some cases claim outright that they have never worked with any government agency.
The firm also said it discovered PC firmware hacks that are beyond the reach of traditional anti-malware software, including Kaspersky’s. This type of malware provides access to a PC’s encryption keys, letting the US agencies access encrypted data.
“If the malware gets into the firmware, it is able to resurrect itself forever,” the Kaspersky report claims. “It means that we are practically blind and cannot detect hard drives that have been infected with this malware.”
Kaspersky also addressed the issue of offline and so-called “air gapped” PCs that are never connected to the Internet. In the case of Stuxnet, Iran’s offline PCs were infected on-site using a USB key, while in other cases, US intelligence agencies have simply “intercepted” PCs in transit, infecting them and then sending them on their way: since the malware can survive OS reinstalls, it doesn’t matter what the recipient does to protect them after the fact.
Eugene Kaspersky founded Kaspersky Labs in Russia with the backing of the KGB and the Russian military. Its software is not used by US intelligence agencies—irony alert—because of surveillance fears. But it is quite popular with the governments of the countries—China, Iran, Pakistan, Russia—that are hacked most often by the US government, in part because the US is so distrustful of the software. For this reason, Kaspersky has an unusually broad view of the US spying efforts.
The NSA, of course, refuses to acknowledge or deny the Kaspersky report.
“We are not going to comment publicly on any allegations that the report raises, or discuss any details,” an NSA statement notes.