NSA Hiding Undetectable Spyware in Hard Drives Worldwide – Video
NSA Hiding Undetectable Spyware in Hard Drives Worldwide
By: mikeroweRules12
Visit link:
NSA Hiding Undetectable Spyware in Hard Drives Worldwide - Video
Archive for the ‘NSA’ Category
NSA Hacks Hard Drives – Daily Security Byte EP.25 – Video
NSA Hacks Hard Drives - Daily Security Byte EP.25
In this short, daily video post, Corey Nachreiner, CISSP and Director of Security Strategy for WatchGuard Technologies, shares the biggest InfoSec story from the day -- often sharing useful...
By: Corey Nachreiner
Originally posted here:
NSA Hacks Hard Drives - Daily Security Byte EP.25 - Video
The NSA has reportedly found ways to avoid even the strongest security measures
The U.S. intelligence community has found ways to avoid even the strongest of security measures and practices, a new report from Moscow-based Kaspersky Lab suggests, demonstrating a range of technological accomplishments that place the nation's hackers as among the most sophisticated and well resourced in the world.
Hackers who are part of what the cybersecurity researchers call "Equation Group" have been operating under the radar for at least 14years, deploying a range of malware that could infect hard drives in a wayalmost impossible to remove and cold hide code in USB storage devicesto infiltratenetworks kept separate from the Internet for security purposes.
Kaspersky's report did not say the U.S. government wasbehind the group. But it did say the group was closely linked to Stuxnet -- malware widely reported to have been developed by the National Security Agency and Israel that was used in an attack against Iran's uranium enrichment program -- along with other bits of data that appear to align with previous disclosures. Reuters further linked the NSA to the Kaspersky report, citing anonymous former employees of the agency who confirmed Kaspersky's analysis.
NSA spokesperson Vanee Vines said in a statement that the agency was aware of the report, but would not comment publicly on any allegations it raises.
The Kaspersky report shows a highly sophisticated adversarythat has found ways to worm itself into computers with even the strongest of security measures in place. This matches up with what we know about other NSA efforts from documents leaked by former NSA contractor Edward Snowden, which showed efforts to undermine encryption and evade the protections major tech companies used to guard user data.
But the new report paints a more detailed picture of the breadth of the agency's reported offensive cyber arsenal. And unlike other recent revelations about U.S. government snooping, which have largely come from Snowden, the insights from Kaspersky came from examining attacks found in the digital wild. Victims were observed in more than 30 countries, withIran, Russia, Pakistan and Afghanistan having among the highest infection rates, according to the report.
One of the most sophisticatedattacks launched by theEquation Group lodged malware deep into hard drives, according to Kaspersky. It worked by reprogramming the proprietary code, called firmware, built into the hard drives themselves. That allowed for persistent storage hidden inside a target system that could survive the hard drive being reformatted or an operating system being reinstalled, the report says.
The code uncovered by Kaspersky suggests the malware was designed to work ondisk drives of more than a dozen major manufacturers -- including those from Seagate, Western Digital, Toshiba, IBM and Samsung. But the report also notes that this particular technique seemed to be rarely deployed, suggesting that it was used only on the most valuable victims or in unusual circumstances.
The Kaspersky report also said the group found ways to hide malicious files within aWindows operating system database on the targets' computer known as the registry -- encrypting and stashing the files so that they would be impossible to detect using antivirus software.
Equation Group also found ways to infiltratesystemsthat were kept off the Internet for security purposes -- commonly known as "air-gapped" networks. Malware used by the hackers relied on infected USB sticks to map out such networks -- or even remotely deploy code on them, according to the report.
See the original post here:
The NSA has reportedly found ways to avoid even the strongest security measures
Jeb Bush: NSA Bulk Telephone Records Collection Hugely Important
Video:Jeb Bush Backs NSA Powers
Former Florida Gov. Jeb Bush, who is seriously considering a run for the White House in 2016, said Wednesday that the National Security Agencys program that collects bulk telephone records was hugely important, throwing his support behind the practice as Congress debates whether to reauthorize or limit it.
At an event on foreign policy hosted by the Chicago Council on Global Affairs, Mr. Bush, a Republican, said, For the life of me, I dont understand the debate over the metadata program.
The programs many supporters say it helps the U.S. government prevent terrorist attacks. But its critics believe it exists with little oversight and few boundaries and could allow the government to spy on U.S. citizens.
Mr. Bushs comments are significant, as the legal authority that allows the program to exist is set to expire in June. Congress is weighing whether to rework the program in a way that would strip the NSA of some of its powers.
Details of the NSAs metadata bulk collection program were exposed in 2013 by former NSA contractor Edward Snowden, prompting a vigorous national debate over how much power the government should have to spy on people.
Mr. Bushs support for the metadata program puts him in sharp contrast with another likely GOP White House candidate, Sen. Rand Paul of Kentucky.
Mr. Paul is a critic of the NSA, and has joined a class-action lawsuit against the Obama administration over the NSAs spying practices. He also voted against a bill that would restrain some of the NSAs powers last year, saying it didnt go far enough.
Mr. Paul is popular with the libertarian wing of the GOP, and Mr. Bush as he made evident during his comments in Chicago supports more government spending on the military and a broader military influence.
Messrs. Bush and Paul will likely square off over the privacy issue on the campaign trail but also during GOP debates.
See original here:
Jeb Bush: NSA Bulk Telephone Records Collection Hugely Important
NSA planted surveillance software on hard drives, report says
Security vendor Kaspersky outs a group capable of inserting spying software onto hard drives around the world, while Reuters fingers the NSA as the culprit.
Is the NSA behind a sophsticated way of implanting spyware on hard drives?
The National Security Agency is able to infect hard drives with surveillance software to spy on computers, Reuters said on Tuesday, citing information from cyber researchers and former NSA operatives.
In a new report, Kaspersky revealed the existence of a group dubbed The Equation Group capable of directly accessing the firmware of hard drives from Western Digital, Seagate, Toshiba, IBM, Micron, Samsung and other drive makers. As such, the group has been able to implant spyware on hard drives to conduct surveillance on computers around the world.
In a blog posted on Monday, Kaspersky said this threat has been around for almost 20 years and "surpasses anything known in terms of complexity and sophistication of techniques." The security researcher called the group "unique almost in every aspect of their activities: they use tools that are very complicated and expensive to develop, in order to infect victims, retrieve data and hide activity in an outstandingly professional way, and utilize classic spying techniques to deliver malicious payloads to the victims."
Surveillance software implanted on hard drives is especially dangerous as it becomes active each time the PC boots up and thus can infect the computer over and over again without the user's knowledge. Though this type of spyware could have surfaced on a "majority of the world's computers," Kaspersky cited thousands or possibly tens of thousands of infections across 30 different countries.
Infected parties and industries include government and diplomatic institutions, as well as those involved in telecommunications, aerospace, energy, nuclear research, oil and gas, military and nanotechnology. Also, included are Islamic activists and scholars, mass media, the transportation sector, financial institutions and companies developing encryption technologies.
And who's responsible for this sophisticated spyware?
Kaspersky didn't name names but did say that the group has ties to Stuxnet, a virus used to infect Iran's uranium enrichment facility. The NSA has been accused of planting Stuxnet, leading Reuters to finger the agency as the source behind the hard drive spyware, especially based on outside information.
Kaspersky's analysis was right, a former NSA employee told Reuters, adding that the agency valued this type of spyware as highly as Stuxnet. Another "former intelligence operative" said that the NSA developed this method of embedding spyware in hard drives but said he didn't know which surveillance efforts used it.
Read more here:
NSA planted surveillance software on hard drives, report says