News from Kaspersky labs that the NSA has covertly infected the firmware of hard drive manufacturers such as Western Digital, Toshiba, IBM, Seagate, Maxtor, Micron, Maxtor and Samsung is a shock to the tech world.
During the early 1990’s Hard Disk Drives became staple storage mediums in personal computer systems, reflecting their use in the mainframe environment that dominated industrial use of computers prior to the explosion of the use of the Personal Computer in the working environment. Since then the use of computers has become omnipresent in both the work and home life of billions of people around the world reaching the farthest corners of the modern world.
According to the sources at Reuters who formerly worked in connection with the NSA, the NSA confirmed that they had infiltrated the above manufacturers and modified the drive firmware to run spyware for the NSA without indication to the companies or their knowledge. This situation has apparently been in place for at least the last fourteen years. A detailed account of the exact issues can be found here: http://arstechnica.com/security/2015/02/how-omnipotent-hackers-tied-to-the-nsa-hid-for-14-years-and-were-found-at-last/
When you read around the story you find that in fact twelve categories of hard drives are involved. A list of these categories isn’t reported at this time or at least I am unable to find a list. It is also unclear as to whether this is restricted to platter based drives or includes SSD drives, USB media and CDRom/DVD media. It would be very interesting to find this out.
When you look at the diagrams found at http://theregister.co.uk/2015/02/17/kaspersky_labs_equation_group/ it becomes evident that Windows operating systems are the primary target. Maybe they are the only target. This is the worlds favourite operating system so this makes sense.
In the context of privacy on your own computer, it occurred to me that ways around the NSA funded Equation Groups work with hard disk drive firmware might be:
- Continue to use your drives but boot from a Unix or Linux system and use VirtualBox to boot your Windows OS. Maybe this would avoid the Crayfish element of the system?
- Stop using your hard disk drives and take them out of your system. Instead use USB media to store your data and a Live CD to boot your operating system. This assumes that CD drive firmware is not modified.
Just thoughts. If you have a different angle on this topic I’d like to hear it.