Moscow-Based Security Firm Reveals What May Be The Biggest NSA "Backdoor Exploit" Ever

a reply to: staple
Thanks for the compliment, I'm in Upstate NY.
I would suggest visiting in the summer.

originally posted by: bw1000
Big difference, and I'd like to know which it is.

I interpreted that completely different from either one of those. I thought the "vault" they meant was the just an area of the hard drive bios. I think they call it a "vault" because ordinary antivirus wouldn't be able to remove it since it's in a somewhat isolated and protected area of storage.

In order to activate that exploit in the "vault", they have to plant something like a rootkit on the computer. But I'm betting that once the exploit in the hard drive bios is activated by the rootkit or whatever, it will continue to activate every time you boot the computer, even if the rootkit is detected and removed.

a reply to: bw1000

Youre completely misunderstanding this story.

It means every single hard drive infected with this virus creates a secret storage vault within that hard drive that cannpt be wiped by military grade wiping. That means millions of PCs around the world, millions of hard drives, that people think are clean, are actually not... Even after being wiped, the secret storage vault remains on the hard drive. That is what this means.

originally posted by: funkadeliaaaa
a reply to: bw1000

Youre completely misunderstanding this story.

It means every single hard drive infected with this virus creates a secret storage vault within that hard drive that cannpt be wiped by military grade wiping. That means millions of PCs around the world, millions of hard drives, that people think are clean, are actually not... Even after being wiped, the secret storage vault remains on the hard drive. That is what this means.

Define military grade wiping. There is no such thing, if you think there is you're delusional. Anyone that thinks their hard drive is sacred has their head buried deep in the sand.

originally posted by: mtnshredder

originally posted by: funkadeliaaaa
a reply to: bw1000

Youre completely misunderstanding this story.

It means every single hard drive infected with this virus creates a secret storage vault within that hard drive that cannpt be wiped by military grade wiping. That means millions of PCs around the world, millions of hard drives, that people think are clean, are actually not... Even after being wiped, the secret storage vault remains on the hard drive. That is what this means.

Define military grade wiping. There is no such thing, if you think there is you're delusional. Anyone that thinks their hard drive is sacred has their head buried deep in the sand.

I think the secret storage vault may refer to the firmware on the micochip that controls the drive...
So it would just reinfect the hard each time its wiped.

Military grade wiping is defined by how many times you wipe the drive, after you set the whole drives to 1's or 0's there is still a "ghost" of the prior state. So you blast 1's then 0's, then 10101010's then some other pattern, etc 7 times and the original state is undetectable.

There is some room in the chips on the board for some small, very elegantly written code. Since the firmware defines the geometry, some sectors of the drive could be made unavailable to the EU. When you buy a 500 GB drive it formats to 494 GB or some capacity slightly less than the 500GB. All drives at the time of manufacture have a percentage of sectors that do not pass QC, as well as some set aside to move other sectors to that become unreliable over time. This is called overhead.

So "bad" firmware would have some code that sets some sectors aside, either marked as bad or not available for re-allocation, and the payload would be located there, while the small amount of code in the firmware would deploy the payload, most likely after the drive ran for so many hours, or so many power cycles, etc.

It would still have to be a small number of sectors to not attract attention, or to impact drive performance.

a reply to: SolRozenberg

What do you think of belems theory a few pages back?
He said something along the lines of it being written physically the lines of the disk itself that divide the sectors.

originally posted by: SolRozenberg
There is some room in the chips on the board for some small, very elegantly written code. Since the firmware defines the geometry, some sectors of the drive could be made unavailable to the EU. When you buy a 500 GB drive it formats to 494 GB or some capacity slightly less than the 500GB. All drives at the time of manufacture have a percentage of sectors that do not pass QC, as well as some set aside to move other sectors to that become unreliable over time. This is called overhead.

This is just due to marketing. The technical definition of a gigabyte, which computers use is 1024 megabytes. However the marketing term of a gigabyte is 1000 megabytes.

Using the 500 GB example, 500 GB is 500,000,000,000 bytes however using computer numbers of 1024 instead of 1000 this only comes out to 465.67 GB. There's a little overhead after this point, but this is the primary reason you see a disparity. With a 2TB drive, it will format to 1.82TB so instead of losing 6.9% of the stated size you lose 9%. As drive sizes grow this disparity increases.

a reply to: Aazadan

you're right, but there are most definitely extra sectors beyond that. Whether they are utilized for the malicious code or not depends on how much room they need. The nvram chip maps this, which is why it has to follow the platters during recovery, even on a new drive there are bads & spares.
I don't think it's possible to use space between the sectors or tracks, it's just enough to allow reliable reading & would not be trivial to convince the mfgr to accommodate that.

a reply to: SolRozenberg

Not trivial does not mean not impossible though right... And if its routine, it could trivial to them!

originally posted by: SolRozenberg
I don't think it's possible to use space between the sectors or tracks...

Actually, what I said was if I was going to do this at the factory, I'd probably do it on the test stand.

They used to write the track and sector marks with a head stack that came in from the side of the drive (there's a sticker there covering the hole), and that at that time, you could possibly lay down a hidden track or two containing program data, and load the firmware with a special version.

Even if it's not done that way now, the test stand is still a good place to do it, no one pays attention to the QC guy.

originally posted by: mtnshredder
Define military grade wiping. There is no such thing, if you think there is you're delusional. Anyone that thinks their hard drive is sacred has their head buried deep in the sand.

There is such a thing but it's probably overkill with modern hard drives. It might have helped more on older drives where the data tracks were wide enough to leave more remnants, but the data tracks are so small nowadays that three passes probably aren't necessary, if you're not trying to meet some military specification, as described here:

the-undelete.com...

In order to make the recovery even theoretically impossible, a military-certified process of data destruction can be applied. The military standard specifies the use of a cryptographically strong sequence of random numbers that is written over the original contents of the file not once but three times in a row. This military-grade data destruction process guarantees the impossibility of data recovery even if an alien state puts all of its resources to analyze your hard disk!

When performing a final military grade wipe on a drive I no longer require I use one of these.

a reply to: AgentSmith

That's the way, make sure you bend the platters and mix in 10 other bashed drives when you dump it. It's very expensive to get data off a bent platter, throw out 10 at a time and it's not worth it.

However, if it's the NSA we're talking about, they have OTHER ways to get it out of you.

Waterboarding at Guantanimo Bay sounds like fun if you don't know what either of those are....

If this is true (seems likely) then obviously firmware level hacking is a problem, because if you do it right, the code can be executed where it never touches the OS and anti-virus will never see it. (Basically on circuitry and sub-processors on devices rather than the main motherboard.) It would also imply that network cards, graphics cards, and some other hardware which has it's own dedicated memory and processing could be used to spy, disrupt, or manipulate data on the infected machine.

So, no one can suggest any books where i can learn more about this stuff?

there's no books, this stuff changes too quickly. look here:

hddguru forums

lots to read

originally posted by: SolRozenberg
there's no books, this stuff changes too quickly. look here:

hddguru forums

lots to read

There are books because ive come accross them.
I don't mean specifically aboht this i mean about computting in general starting from a beginner level...

originally posted by: mOjOm
Already we are starting to see more and more of "The Internet of Things" happening and not far off just about everything will have some kind of cloud service hooked into it. You're TV, Car, Fridge, Phone, etc. even your wife's favorite vibrator is going to be part of "The Internet of Things".

Ha!! I called it. Vibrator Hack!

Digital Sex Toys Hacked

originally posted by: funkadeliaaaa

I don't mean specifically aboht this i mean about computting in general starting from a beginner level...

Where do you need to start? And what sort of understanding are you looking for?