It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Thank you.
Some features of ATS will be disabled while you continue to use an ad-blocker.
Moscow-Based Security Firm Reveals What May Be The Biggest NSA "Backdoor Exploit" Ever
page: 1share:
Moscow-Based Security Firm Reveals What May Be The Biggest NSA "Backdoor Exploit" Ever
Source
As Johan Cruyff once said, "Every advantage has its disadvantage."
That`s not good for how the World sees US technology and can have a serious economic backlash down the road.
While this is probably used to spy on big targets, it leaves everyone`s PC capable to be being spied on with every hard drive able to act as a gateway.
This thread has been promoted on the ATS Twitter Feed with the following image
Since 2001, a group of hackers - dubbed the "Equation Group" by researchers from Moscow-based Kaspersky Lab - have infected computers in at least 42 countries (with Iran, Russia, Pakistan, Afghanistan, India, and Syria most infected) with what Ars Technica calls "superhuman technical feats" indicating "extraordinary skill and unlimited resources."
The exploits - including the 'prized technique' of the creation of a secret storage vault that survives military-grade disk wiping and reformatting - cover every hard-drive manufacturer and have many similar characteristics to the infamous NSA-led Stuxnet virus.
Source
As Johan Cruyff once said, "Every advantage has its disadvantage."
That`s not good for how the World sees US technology and can have a serious economic backlash down the road.
While this is probably used to spy on big targets, it leaves everyone`s PC capable to be being spied on with every hard drive able to act as a gateway.
This thread has been promoted on the ATS Twitter Feed with the following image
edit on 17-2-2015 by SkepticOverlord because: ADDED TO TWITTER
a reply to: BornAgainAlien
Well, what it is, is, there is a micro in the control chip for the drive. There is firmware the micro runs to do its function. That firmware is not documented, but can control anything the drive does. So, it could return a fake sector full of code from the EPROM for you to execute, thus producing a virus for you to run. That virus would not appear on the disk surface, could not be wiped.
It is tricky to know when the OS is reading an executable. That I will leave as an exercise to the student.
There are other, similar types of infestations. You can, for example, have any board with a BIOS on it, especially ones with a processor that can do first party DMA, either go and poke around in the memory when you're not using them, possibly overwriting memory areas that would be guaranteed to be executed, or present the BIOS with a bit of code to run that's got nothing to do with the board's function, including finding your drive and modifying the boot code.
The BIOS for the machine can also do something along those lines, a bit more indirectly. And the processor itself gets a download of microcode the contents of which only a handful of people are familiar with. It's encrypted and you get it as a bin file you have to include in the BIOS. Maybe it's microcode. Maybe it's something else - you'll never know.
Then the OS, of course, is compromised, and there are exploits for even the supposedly safe OSes that would make you sad to contemplate. Even if you have source code.
Well, what it is, is, there is a micro in the control chip for the drive. There is firmware the micro runs to do its function. That firmware is not documented, but can control anything the drive does. So, it could return a fake sector full of code from the EPROM for you to execute, thus producing a virus for you to run. That virus would not appear on the disk surface, could not be wiped.
It is tricky to know when the OS is reading an executable. That I will leave as an exercise to the student.
There are other, similar types of infestations. You can, for example, have any board with a BIOS on it, especially ones with a processor that can do first party DMA, either go and poke around in the memory when you're not using them, possibly overwriting memory areas that would be guaranteed to be executed, or present the BIOS with a bit of code to run that's got nothing to do with the board's function, including finding your drive and modifying the boot code.
The BIOS for the machine can also do something along those lines, a bit more indirectly. And the processor itself gets a download of microcode the contents of which only a handful of people are familiar with. It's encrypted and you get it as a bin file you have to include in the BIOS. Maybe it's microcode. Maybe it's something else - you'll never know.
Then the OS, of course, is compromised, and there are exploits for even the supposedly safe OSes that would make you sad to contemplate. Even if you have source code.
edit on 16-2-2015 by Bedlam because: (no reason given)
edit on 16-2-2015 by Bedlam because: (no reason
given)
originally posted by: SubTruth
a reply to: Bedlam
Thank you for breaking this down for us. And I must say star for you for being really,really smart. But you did put it in a way I could even understand.....Thanks.
YW...it gets worse. At one time Winders could be modified/scanned from USB ports, and either Windows or *ix could be from 1394 ports. I haven't sat down and contemplated if I could pull that off from Thunderbolt. But I wager I could.
It's one reason a good FSO/CSSO removes or renders useless any USB, FireWire, Thunderbolt, younameit port on SCIF systems, and removes any ports for rewriteable media like CF drives. Also any sort of CD, DVD etc.
They're just ways for arseholes to introduce a virus or walk off with secure material. You want something read in, you'll give it to the CSSO or the appointed substitute in MY SCIF, and it'll be vetted before it goes into the network. Then I will put your media in the burn bag, so be ready to kiss it bye bye.
Or that's the way it used to be, I'm not there enough anymore so one of the other poor barstids is the CSSO/FSO. Good riddance.
edit on
16-2-2015 by Bedlam because: (no reason given)
Wow, using HD firmware. This seems pretty advanced, I wonder if it belongs to USA or Israel?
a reply to: BornAgainAlien
You don't reveal what you know about the enemy's SIGINT capabilities until you have already taken all you can from them. If the Russians are revealing an NSA capability, it suggests the Russians have been aware of this capability for some time, and have been piggybacking off it.
You don't reveal what you know about the enemy's SIGINT capabilities until you have already taken all you can from them. If the Russians are revealing an NSA capability, it suggests the Russians have been aware of this capability for some time, and have been piggybacking off it.
originally posted by: Elton
Wow, using HD firmware. This seems pretty advanced, I wonder if it belongs to USA or Israel?
It's been tossed around since IDE drives came out. We used to call any firmware exploit a "BIRUS" (BIOS virus), hell, if you have enough info you can have one board rewrite the BIOSes on other boards and spread themselves all over the system.
In fact, a real possible problem might be that some of the more capable chips on the board, let's say the video part, *could* have the ability to store a few K of code onboard and re-infest you when the time was right. Or the chipset parts.
Would be interesting if they provided a widely published free tool to examine a system for any of these type exploits. Not sure how manufacturers
would react to millions of upset customers. Although I imagine there would be lots of bricked systems when trying to flash new firmware.
thanks bedlam, I just learned a bunch from ya!!... I understand the big picture picture now.....exe. files are powerful....huhh!
edit on
16-2-2015 by GBP/JPY because: yahushua, our new King
a reply to: BornAgainAlien
There's also some detailed coverage here:
HUGE SPY PROGRAM EXPOSED: NSA has hidden software in hard drives around the world
This looks like the NSA has created a permanent, non-removeable zero-day exploit on millions of computers around the world.
This is as bad as it gets.
There's also some detailed coverage here:
HUGE SPY PROGRAM EXPOSED: NSA has hidden software in hard drives around the world
Concerns about access to source code flared after a series of high-profile cyberattacks on Google Inc and other U.S. companies in 2009 that were blamed onChina. Investigators have said they found evidence that the hackers gained access to source code from several big U.S. tech and defense companies.
It is not clear how the NSA may have obtained the hard drives' source code. Western Digital spokesman Steve Shattuck said the company "has not provided its source code to government agencies." The other hard drive makers would not say if they had shared their source code with the NSA.
This looks like the NSA has created a permanent, non-removeable zero-day exploit on millions of computers around the world.
This is as bad as it gets.
If all those computers were networked together(even if only using a fraction of the host's computer is capable) it could work like one giant super
computer.
This looks bad for the NSA, more Americans are waking up to their actions and spy game/war. It will interesting to see how the media spins this story.
This looks bad for the NSA, more Americans are waking up to their actions and spy game/war. It will interesting to see how the media spins this story.
a reply to: SkepticOverlord
So...virtually every hard drive has this backdoor hardwired into it?
They leave the shop with it? That would have to be the case, right?
So...virtually every hard drive has this backdoor hardwired into it?
They leave the shop with it? That would have to be the case, right?
a reply to: SkepticOverlord
Is this like the Chinese routers deal on steroids?
Wouldn't this bypass any OS on the planet? If the hardware has a built in breach, the software doesn't matter?
Is this like the Chinese routers deal on steroids?
Wouldn't this bypass any OS on the planet? If the hardware has a built in breach, the software doesn't matter?
a reply to: Elton
source
Kaspersky is certain that the United States is responsible. Most likely through NSA employees or assets in sensitive positions at hard drive manufacturers.
The firm declined to publicly name the country behind the spying campaign, but said it was closely linked to Stuxnet, the NSA-led cyberweapon that was used to attack Iran's uranium enrichment facility. The NSA is the agency responsible for gathering electronic intelligence on behalf of the United States.
source
Kaspersky is certain that the United States is responsible. Most likely through NSA employees or assets in sensitive positions at hard drive manufacturers.
a reply to: SkepticOverlord
I wish I could say I am shocked...
if it goes this far, how long til we hear the news that all motherboard manufacturers have been compromised?
Free speech on the web, is an illusion?
I wish I could say I am shocked...
if it goes this far, how long til we hear the news that all motherboard manufacturers have been compromised?
Free speech on the web, is an illusion?
new topics
-
A Bunch of Maybe Drones Just Flew Across Hillsborough County
Aircraft Projects: 2 hours ago -
Who's coming with me?
General Conspiracies: 3 hours ago -
FBI Director CHRISTOPHER WRAY Will Resign Before President Trump Takes Office on 1.20.2025.
US Political Madness: 6 hours ago -
The NIH is still sending taxpayer money to Chinese Labs to Conduct cruel animal experiments
Mainstream News: 7 hours ago -
Angela Merkel is terrified of dogs
Politicians & People: 8 hours ago
top topics
-
The NIH is still sending taxpayer money to Chinese Labs to Conduct cruel animal experiments
Mainstream News: 7 hours ago, 11 flags -
FBI Director CHRISTOPHER WRAY Will Resign Before President Trump Takes Office on 1.20.2025.
US Political Madness: 6 hours ago, 8 flags -
Should be BANNED!
General Chit Chat: 17 hours ago, 6 flags -
Will all hell break out? Jersey drones - blue beam
Aliens and UFOs: 14 hours ago, 5 flags -
A Bunch of Maybe Drones Just Flew Across Hillsborough County
Aircraft Projects: 2 hours ago, 5 flags -
Who's coming with me?
General Conspiracies: 3 hours ago, 4 flags -
Angela Merkel is terrified of dogs
Politicians & People: 8 hours ago, 3 flags
active topics
-
Mass UAP events. DC. Machester Airport, UFOs over sub base in CT, Nuke bases.
Aliens and UFOs • 55 • : dashen -
FBI Director CHRISTOPHER WRAY Will Resign Before President Trump Takes Office on 1.20.2025.
US Political Madness • 14 • : WeMustCare -
Who's coming with me?
General Conspiracies • 19 • : AlroyFarms -
And Here Come the Excuses!!
General Conspiracies • 153 • : DBCowboy -
ILLUMINATION – Reverse Perception Of Cyclic Probability – CEO ASSASSINATION
Secret Societies • 23 • : NoCorruptionAllowed -
Drones everywhere in New Jersey
Aliens and UFOs • 58 • : imitator -
UnitedHealthcare CEO Brian Thompson shot dead in Midtown Manhattan, masked gunman at large
Other Current Events • 170 • : interupt42 -
-@TH3WH17ERABB17- -Q- ---TIME TO SHOW THE WORLD--- -Part- --44--
Dissecting Disinformation • 3617 • : WeMustCare -
A Bunch of Maybe Drones Just Flew Across Hillsborough County
Aircraft Projects • 10 • : nugget1 -
The Acronym Game .. Pt.4
General Chit Chat • 1006 • : JJproductions