By Chidanand Rajghatta
Feb 18, 2015
WASHINGTON: It's no secret that the United States believes in and has been spying on adversaries and allies alike through means human and technical, but what the most recent disclosure by the cyber-security firm Kaspersky Lab reveals is the penetration and complexity of the espionage using breakthrough methods that victim countries find it hard to shake off.
In a report published on Monday and presented at a conference in Mexico, Kaspersky Lab, which is a Russian firm, said a US cyber-espionage unit called the 'equation group' embedded surveillance tools on the hard drives produced by a number of well-known manufacturers including Western Digital, Seagate, Samsung, Hitachi and Toshiba, which are bought by countries, corporations, military and research institutions in countries across the world.
Targets of the equation group, the firm said, were observed in more than 30 countries including US adversaries such as Russia, China, and Iran, and troubled and failing countries such as Pakistan, Afghanistan, Iraq, Yemen and Somalia. But they also included US allies and friends such as the United Kingdom, Germany, France, Singapore, Mexico, Brazil — and India. The group said it detected particularly high infection rates in computers in Iran and Pakistan, whose nuclear programs the US is said to monitor most closely.
The new technology involves burrowing malware deep in the computer systems so as to enable it to infect the "firmware", the embedded software that boots up the computer's hardware before the operating system starts. The malware, Kaspersky says, is almost impossible to get rid off, even after disk reformatting and reinstalling the operating system. Current antivirus products and most security protocols are also incapable of removing the malware. The infiltrated tools are also designed to run on computers that are disconnected from the Internet.
Infiltrating the firmware — the closest one can get to the hardware of the machine — has long been the holy grail of cyberwarriors, cyberspies, and cybercriminals alike, because software security has improved significantly over the years and systems are now relatively well protected.
Wikileaks expose had already revealed US programs to install specialized hardware on computers being shipped to target countries. That hardware, according to the New York Times, can then receive low-frequency radio waves broadcast from a suitcase-size device that deployed by US intelligence around the world.