It looks like you're using an Ad Blocker.

Please white-list or disable AboveTopSecret.com in your ad-blocking tool.

Thank you.

 

Some features of ATS will be disabled while you continue to use an ad-blocker.

 

Moscow-Based Security Firm Reveals What May Be The Biggest NSA "Backdoor Exploit" Ever

page: 1
57
<<   2  3  4 >>

log in

join
share:
+19 more 
posted on Feb, 16 2015 @ 08:29 PM
link   
Moscow-Based Security Firm Reveals What May Be The Biggest NSA "Backdoor Exploit" Ever



Since 2001, a group of hackers - dubbed the "Equation Group" by researchers from Moscow-based Kaspersky Lab - have infected computers in at least 42 countries (with Iran, Russia, Pakistan, Afghanistan, India, and Syria most infected) with what Ars Technica calls "superhuman technical feats" indicating "extraordinary skill and unlimited resources."

The exploits - including the 'prized technique' of the creation of a secret storage vault that survives military-grade disk wiping and reformatting - cover every hard-drive manufacturer and have many similar characteristics to the infamous NSA-led Stuxnet virus.


Source

As Johan Cruyff once said, "Every advantage has its disadvantage."

That`s not good for how the World sees US technology and can have a serious economic backlash down the road.

While this is probably used to spy on big targets, it leaves everyone`s PC capable to be being spied on with every hard drive able to act as a gateway.



This thread has been promoted on the ATS Twitter Feed with the following image

edit on 17-2-2015 by SkepticOverlord because: ADDED TO TWITTER



+18 more 
posted on Feb, 16 2015 @ 08:40 PM
link   
a reply to: BornAgainAlien

Well, what it is, is, there is a micro in the control chip for the drive. There is firmware the micro runs to do its function. That firmware is not documented, but can control anything the drive does. So, it could return a fake sector full of code from the EPROM for you to execute, thus producing a virus for you to run. That virus would not appear on the disk surface, could not be wiped.

It is tricky to know when the OS is reading an executable. That I will leave as an exercise to the student.

There are other, similar types of infestations. You can, for example, have any board with a BIOS on it, especially ones with a processor that can do first party DMA, either go and poke around in the memory when you're not using them, possibly overwriting memory areas that would be guaranteed to be executed, or present the BIOS with a bit of code to run that's got nothing to do with the board's function, including finding your drive and modifying the boot code.

The BIOS for the machine can also do something along those lines, a bit more indirectly. And the processor itself gets a download of microcode the contents of which only a handful of people are familiar with. It's encrypted and you get it as a bin file you have to include in the BIOS. Maybe it's microcode. Maybe it's something else - you'll never know.

Then the OS, of course, is compromised, and there are exploits for even the supposedly safe OSes that would make you sad to contemplate. Even if you have source code.
edit on 16-2-2015 by Bedlam because: (no reason given)

edit on 16-2-2015 by Bedlam because: (no reason given)



posted on Feb, 16 2015 @ 08:43 PM
link   
a reply to: Bedlam

Thank you for breaking this down for us. And I must say star for you for being really,really smart. But you did put it in a way I could even understand.....Thanks.
edit on 16-2-2015 by SubTruth because: (no reason given)



posted on Feb, 16 2015 @ 08:46 PM
link   

originally posted by: SubTruth
a reply to: Bedlam

Thank you for breaking this down for us. And I must say star for you for being really,really smart. But you did put it in a way I could even understand.....Thanks.


YW...it gets worse. At one time Winders could be modified/scanned from USB ports, and either Windows or *ix could be from 1394 ports. I haven't sat down and contemplated if I could pull that off from Thunderbolt. But I wager I could.

It's one reason a good FSO/CSSO removes or renders useless any USB, FireWire, Thunderbolt, younameit port on SCIF systems, and removes any ports for rewriteable media like CF drives. Also any sort of CD, DVD etc.

They're just ways for arseholes to introduce a virus or walk off with secure material. You want something read in, you'll give it to the CSSO or the appointed substitute in MY SCIF, and it'll be vetted before it goes into the network. Then I will put your media in the burn bag, so be ready to kiss it bye bye.


Or that's the way it used to be, I'm not there enough anymore so one of the other poor barstids is the CSSO/FSO. Good riddance.
edit on 16-2-2015 by Bedlam because: (no reason given)



posted on Feb, 16 2015 @ 08:53 PM
link   


Wow, using HD firmware. This seems pretty advanced, I wonder if it belongs to USA or Israel?



posted on Feb, 16 2015 @ 08:55 PM
link   
a reply to: BornAgainAlien
You don't reveal what you know about the enemy's SIGINT capabilities until you have already taken all you can from them. If the Russians are revealing an NSA capability, it suggests the Russians have been aware of this capability for some time, and have been piggybacking off it.



posted on Feb, 16 2015 @ 08:59 PM
link   

originally posted by: Elton


Wow, using HD firmware. This seems pretty advanced, I wonder if it belongs to USA or Israel?


It's been tossed around since IDE drives came out. We used to call any firmware exploit a "BIRUS" (BIOS virus), hell, if you have enough info you can have one board rewrite the BIOSes on other boards and spread themselves all over the system.

In fact, a real possible problem might be that some of the more capable chips on the board, let's say the video part, *could* have the ability to store a few K of code onboard and re-infest you when the time was right. Or the chipset parts.



posted on Feb, 16 2015 @ 09:01 PM
link   
a reply to: BornAgainAlien

Great find I'm going to look into this after some sleep. S&F



posted on Feb, 16 2015 @ 09:08 PM
link   
Would be interesting if they provided a widely published free tool to examine a system for any of these type exploits. Not sure how manufacturers would react to millions of upset customers. Although I imagine there would be lots of bricked systems when trying to flash new firmware.



posted on Feb, 16 2015 @ 09:49 PM
link   
a reply to: Bedlam

Thanks, I wasn't feeling enough paranoia today. I think I'm good for the rest of the month now.




posted on Feb, 16 2015 @ 10:54 PM
link   
thanks bedlam, I just learned a bunch from ya!!... I understand the big picture picture now.....exe. files are powerful....huhh!
edit on 16-2-2015 by GBP/JPY because: yahushua, our new King


+4 more 
posted on Feb, 16 2015 @ 11:28 PM
link   
a reply to: BornAgainAlien

There's also some detailed coverage here:
HUGE SPY PROGRAM EXPOSED: NSA has hidden software in hard drives around the world

Concerns about access to source code flared after a series of high-profile cyberattacks on Google Inc and other U.S. companies in 2009 that were blamed onChina. Investigators have said they found evidence that the hackers gained access to source code from several big U.S. tech and defense companies.

It is not clear how the NSA may have obtained the hard drives' source code. Western Digital spokesman Steve Shattuck said the company "has not provided its source code to government agencies." The other hard drive makers would not say if they had shared their source code with the NSA.


This looks like the NSA has created a permanent, non-removeable zero-day exploit on millions of computers around the world.

This is as bad as it gets.



posted on Feb, 16 2015 @ 11:35 PM
link   
If all those computers were networked together(even if only using a fraction of the host's computer is capable) it could work like one giant super computer.

This looks bad for the NSA, more Americans are waking up to their actions and spy game/war. It will interesting to see how the media spins this story.



posted on Feb, 16 2015 @ 11:39 PM
link   
a reply to: SkepticOverlord

So...virtually every hard drive has this backdoor hardwired into it?
They leave the shop with it? That would have to be the case, right?



posted on Feb, 16 2015 @ 11:40 PM
link   
a reply to: SkepticOverlord

Is this like the Chinese routers deal on steroids?

Wouldn't this bypass any OS on the planet? If the hardware has a built in breach, the software doesn't matter?



posted on Feb, 16 2015 @ 11:44 PM
link   
a reply to: jrod

Not so worried about a supercomputer, latency and whatnot.
Personally not worried about the NSA.
The idea that a clever person can take advantage of it...



posted on Feb, 16 2015 @ 11:46 PM
link   

originally posted by: Phage
a reply to: jrod

The idea that a clever person can take advantage of it...


Should that be an option provided by those who serve the folks?



posted on Feb, 16 2015 @ 11:55 PM
link   
a reply to: JacKatMtn

Yes, very much so.

There's no scenario that could be worse, really.



posted on Feb, 16 2015 @ 11:57 PM
link   
a reply to: Elton


The firm declined to publicly name the country behind the spying campaign, but said it was closely linked to Stuxnet, the NSA-led cyberweapon that was used to attack Iran's uranium enrichment facility. The NSA is the agency responsible for gathering electronic intelligence on behalf of the United States.

source

Kaspersky is certain that the United States is responsible. Most likely through NSA employees or assets in sensitive positions at hard drive manufacturers.



posted on Feb, 17 2015 @ 12:02 AM
link   
a reply to: SkepticOverlord

I wish I could say I am shocked...

if it goes this far, how long til we hear the news that all motherboard manufacturers have been compromised?

Free speech on the web, is an illusion?



new topics

top topics



 
57
<<   2  3  4 >>

log in

join