Donald
United States
New Alexandria
Pennsylvania
flag msg tools
Avatar
mbmbmbmbmb
Looks like it's for foreign spying only.

Quote:
You probably won't have to worry about these bugged drives at home, but they're likely to be major concerns abroad.


So far.
 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
J
United States
Lexington
Kentucky
flag msg tools
admin
Avatar
mbmbmbmbmb
The Kaspersky source never names the NSA, although it does compare the group doing this stuff (which it calls The Equation Group) to the group that made the Regin malware (which is thought to be the NSA due to the Snowden leaks) and finds that they are probably different.

I would suggest reading some of the source material rather than the Engadget article as it gets most everything about this wrong.
 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
Mutton Chops
United Kingdom
flag msg tools
badge
Avatar
mbmbmbmbmb
bjlillo wrote:
I guess I shouldn't really be surprised anymore.

Quote:
Security researchers at Kaspersky Lab have discovered apparently state-created spyware buried in the firmware of hard drives from big names like Seagate, Toshiba and Western Digital. When present, the code lets snoops collect data and map networks that would otherwise be inaccessible -- all they need to retrieve info is for an unwitting user to insert infected storage (such as a CD or USB drive) into an internet-connected PC. The malware also isn't sitting in regular storage, so you can't easily get rid of it or even detect it.


Wonderful.


How would this work, though? Where would the code run, exactly? On the drive? It's not going to be able to access any resources of the host device, though, is it? How's it going to "map networks"? In order to do that, it'd need access to the network stack - how would it get that? Magic?

It might be able to grab data as it went past, but where's it going to put it? It's a hard-drive - it doesn't have any capability to send the data remotely, it can't run code from "firmware" in user or system space, and there's no point in storing it locally on itself: people will notice if their drive is filling up twice as fast as it should. I guess they'd have to put extra platters in to accomodate it, right? And they'd have to either magically improve the performance of the drive to offset the load imposed by effectively RAID 1-ing onto a single drive, or lie about performance.

As for talk of a "CD drive"...where's this story coming from, a wormhole through to the 90's?

Paranoiac drivel.
 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
Boaty McBoatface
England
County of Essex
flag msg tools
badge
Avatar
mbmbmbmbmb
bjlillo wrote:
I guess I shouldn't really be surprised anymore.

Quote:
Security researchers at Kaspersky Lab have discovered apparently state-created spyware buried in the firmware of hard drives from big names like Seagate, Toshiba and Western Digital. When present, the code lets snoops collect data and map networks that would otherwise be inaccessible -- all they need to retrieve info is for an unwitting user to insert infected storage (such as a CD or USB drive) into an internet-connected PC. The malware also isn't sitting in regular storage, so you can't easily get rid of it or even detect it.


Wonderful.
Sure I suggested this a while ago.
 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
Carl Parsons
United States
Carrollton
Texas
flag msg tools
badge
Avatar
mbmbmbmbmb
That is so cool. I think I saw this on Person of Interest.
 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
Mutton Chops
United Kingdom
flag msg tools
badge
Avatar
mbmbmbmbmb
galad2003 wrote:


Well, that's a better article, unlike the first one, which was, as I said, paranoiac drivel. It still doesn't give details, so I'll do some more digging.
 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
Mutton Chops
United Kingdom
flag msg tools
badge
Avatar
mbmbmbmbmb
mutton_chops wrote:
galad2003 wrote:


Well, that's a better article, unlike the first one, which was, as I said, paranoiac drivel. It still doesn't give details, so I'll do some more digging.


From the Kaspersky site. The Engadget article implies some things that aren't really so, but the Kaspersky article makes it clear what's going on.
 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
Mutton Chops
United Kingdom
flag msg tools
badge
Avatar
mbmbmbmbmb
mutton_chops wrote:
mutton_chops wrote:
galad2003 wrote:


Well, that's a better article, unlike the first one, which was, as I said, paranoiac drivel. It still doesn't give details, so I'll do some more digging.


From the Kaspersky site. The Engadget article implies some things that aren't really so, but the Kaspersky article makes it clear what's going on.


This PDF contains the low-down on the suite of trojans that do the heavy lifting. One of the most interesting is GrayFish. It's remarkable:

Quote:

When the computer starts, GrayFish hijacks the OS loading mechanisms by injecting its code into the boot record. This allows it to control the launching of Windows at each stage. In fact, after infection, the computer is not run by itself more:it is GrayFish that runs it step by step, making the necessary changes on the fly.


Quote:
If an error happens during launch, the entire GrayFish platform self-destructs.


Quote:

When used together with the bootkit, all the modules as well as the stolen data are stored in encrypted form in the registry and dynamically decrypted and executed. There are no malicious executable modules at all on the filesystem of an infected system.


It's beautiful...


 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
Tom McVey
United States
SF Bay Area
California
flag msg tools
Avatar
mbmbmb
bjlillo wrote:
The report comes from Kaspersky who is a Russian company, so there may be reason not to trust it. I'd like to see verification from another source or two.


Given Kaspersky's son was rescued by the FSB (domestic wing of the former KGB) from a kidnapping, he owes the former KGB a solid. http://www.forbes.com/sites/juliaioffe/2011/04/27/son-of-kas... So yeah, I'd be skeptical.
 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
Mutton Chops
United Kingdom
flag msg tools
badge
Avatar
mbmbmbmbmb
tmcvey wrote:
bjlillo wrote:
The report comes from Kaspersky who is a Russian company, so there may be reason not to trust it. I'd like to see verification from another source or two.


Given Kaspersky's son was rescued by the FSB (domestic wing of the former KGB) from a kidnapping, he owes the former KGB a solid. http://www.forbes.com/sites/juliaioffe/2011/04/27/son-of-kas... So yeah, I'd be skeptical.


Very well, but would you suspect that the creators of the Equation group software are not the NSA, then? If not them, then which global player with a specific interest in data acquisition from Middle-Eastern targets might have the resources and intellectual capital to mount such an operation?

Or do you suspect the Equation group is a fabrication...?
 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
Front Page | Welcome | Contact | Privacy Policy | Terms of Service | Advertise | Support BGG | Feeds RSS
Geekdo, BoardGameGeek, the Geekdo logo, and the BoardGameGeek logo are trademarks of BoardGameGeek, LLC.