Russian researchers expose breakthrough U.S. spying program

Discussion in 'privacy general' started by tgell, Feb 16, 2015.

Thread Status:
Not open for further replies.
  1. tgell

    tgell Registered Member

    Joined:
    Nov 12, 2004
    Posts:
    1,073
    Article
     
  2. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    1,955
    Location:
    DC Metro Area
    "[T]he firm [Kaspersky] declined to publicly name the country behind the spying campaign, but said it was closely linked to Stuxnet, the NSA-led cyberweapon that was used to attack Iran's uranium enrichment facility."

    http://www.reuters.com/article/2015...20150216?feedType=RSS&feedName=technologyNews

    Thus it appears that the NSA "...has figured out how to hide spying software deep within hard drives made by Western Digital, Seagate, Toshiba and other top manufacturers, giving the agency the means to eavesdrop on the majority of the world's computers, according to cyber researchers and former operatives.........

    Disk drive firmware is viewed by spies and cybersecurity experts as the second-most valuable real estate on a PC for a hacker, second only to the BIOS code invoked automatically as a computer boots up.,,,,,,,,,,,

    ...authors of the spying programs must have had access to the proprietary source code that directs the actions of the hard drives.......

    It is not clear how the NSA may have obtained the hard drives' source code. Western Digital spokesman Steve Shattuck said the company "has not provided its source code to government agencies.' The other hard drive makers would not say if they had shared their source code with the NSA.

    NB: The Yahoo story carries a (Reuters) by line and was posted 3 hours after the initial Reuters story was published. The Reuters story published by Yahoo clearly states that the culprit is NSA. After reading the earlier Reuters story I changed this post, but should have left it as is which stated that "The NSA has figured a way to..."

    For fear of over-quoting I did not post these lines from the Yahoo artice: "A former NSA employee told Reuters that Kaspersky's analysis was correct, and that people still in the intelligence agency valued these spying programs as highly as Stuxnet'."


    http://news.yahoo.com/russian-resea...rough-u-spying-program-194217480--sector.html

    "Millions of computers may be compromised by US spyware............

    Kaspersky said it found personal computers in 30 countries infected with one or more of the spying programmes,"

    http://www.telegraph.co.uk/news/wor...-may-be-compromised-by-US-spyware-report.html

    IMHO this is a HUGE story. Scan your hard drive's software rececntlyo_O

    I have yet to find a story explaining how the NSA gets the software into the hard drive's firware. Do the manufacturer's cooperate? US Govt and Intelligence Contractors are HUGE buyers of PCs and hard drives.

    According to a major investigatve series by the Washington Post's Intelligence writers: "Some 1,271 government organizations and 1,931 private companies work on programs related to counterterrorism, homeland security and intelligence in about 10,000 locations across the United States." I would think that the NSA is capable of having a huge impact on HD makers' profits and therefore might have a huge influence on them. These days nothing would surprise me.

    http://projects.washingtonpost.com/...ticles/a-hidden-world-growing-beyond-control/
     
    Last edited: Feb 16, 2015
  3. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,469
    I wonder where they hide the spyware?

    I have always wondered about the 'DCO Hidden Sectors and HPA' described in the product features of BCWipe Total WipeOut.
    http://www.jetico.com/products/personal-privacy/bcwipe-total-wipeout
     
  4. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
  5. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    1,628
    Location:
    Toronto, Canada
  6. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,028
    Yes, inquiring minds want to know.

    Also good to know would be which operating systems are vulnerable :) All, I suppose :(

    This is an excellent reminder that effective compartmentalization depends on hardware and network isolation. That is, you want to use dedicated machines, with dedicated network connectivity, for working anonymously (using Tor, anyway) and pseudonymously (using VPNs). Even if all of your machines are compromised, the fundamental compartments (true-identity vs anonymous/pseudonymous stuff) remain isolated.
     
  7. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    1,955
    Location:
    DC Metro Area
    Last edited: Feb 16, 2015
  8. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    No need to be sorry hawki ;), I only posted the link as one can be closed and/or the threads can be merged.
     
  9. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,728
    Location:
    Texas
Loading...
Thread Status:
Not open for further replies.