Our Blog

What Can Businesses Do About NSA Spyware? Stay Calm and Advocate!

  • Image
  • 0

report by Russian security expert Eugene Kaspersky, founder of the popular Kaspersky Labs antivirus software, warns it has found spyware in the hard disk drive firmware of nearly every major manufacturer. A follow-up report from Reuters links the spying software to the U.S. National Security Agency (NSA), based on tips from an anonymous former NSA employee.

Kaspersky calls the group behind the spyware Equation Group, a highly sophisticated threat actor active since 2001. Its spyware has been found to work with HDDs made by Western Digital, Seagate, Toshiba, IBM, Samsung and Micron.

Here is what else is known (or not known) about Equation Group and its spyware found in OEM hard drives:

  • Western Digital, Seagate and Micron denied having knowledge of spying programs. Others named in the report have declined to comment or did not respond to media requests for comments.
  • Kaspersky found several variants of backdoor malware closely linked to Stuxnet, the NSA cyberweapon used to attack Iranian nuclear infrastructure.
  • Variants of the malware were detected in more than 30 countries, including China, Iran, Russia, Pakistan, Afghanistan, and the United States. Targets include foreign government agencies, banks, energy firms, media and Islamic activists.

So what to do? A Kaspersky researcher told Mashable, “The best way to get rid of [the malware] is to physically destroy the hard drive.”


Before you get out your sledge hammer and migrate all your data to the cloud, note that state-sponsored cyberweapons aren’t a new thing.

While this is indeed a groundbreaking development in the way attackers were able to compromise OEM firmware, to some in the security industry, the findings do not come as a surprise. “For years we heard assertions the NSA was behind Stuxnet where it not only exploited zero day Windows problems, but also used USB devices as the transport medium,” says Don Shafer, a cybersecurity executive with the Athens Group, a company providing software services for oil companies around the world. “This is yet another exploitation of hardware firmware invisibility to commercial virus scan tools, more zero-day vulnerabilities and the limitations of corporate cybersecurity methods.”

Hardware-based malware has long been a concern of cybersecurity engineers. In fact, these kinds of attacks are old (black) hat: In 2009, a number of high-profile cyberattacks on Google Inc. were traced back to China, which McAfee characterized as using stolen hardware source code.

Before the news media shone the public spotlight on Stuxnet after it disabled nuclear plants in Iran, cybersecurity experts had been seeing similar attack on offshore oil rigs. “This is stuff we’ve known in the oil and gas industry for decades,” Shafer says.

Related content: Falling Oil Prices May Trigger More Aggressive Cyber Attacks

In many regards, however, hardware hacking is still in its infancy, as are the defenses against it.  There is no real way for mainstream consumers to know whether their drives are infected by Equation Group malware. The best we can do is take a look in the mirror and ask, might my business be of concern to the NSA? If you can honestly answer “no” to this question, you probably need not lose sleep over it.

That is not to say you should feel great about the NSA putting spyware into OEM equipment. Of course this is creepy as hell, and raises all kinds of implications and slippery slopes about what the NSA is doing.

How might businesses address Kaspersky’s findings in a sane and rational manner?

Advocacy for more transparency about manufacturers’ security procedures seems like the most appropriate route to take. “We are not going to stop buying disk drives and USB devices,” Shafer says. “But large companies’ purchasing departments can begin to put requirements into their contracts that the hardware manufacturers certify their products are malware free before they buy them. That’s one step to take.”

For now, it seems like the only choice.

Does the Kaspersky report change the way to save and store data for your business?

Photo by Mike Mozart, taken from Flickr Creative commons
What Can Businesses Do About NSA Spyware? Stay Calm and Advocate!
Article Name
What Can Businesses Do About NSA Spyware? Stay Calm and Advocate!
Reports from Reuters and Kaspersky Lab say the NSA has placed spyware on OEM hard disk drives. What can businesses do about the news?
Adam Lovinus

Adam Lovinus

A tech writer and Raspberry Pi enthusiast from Orange County, California.

More Posts - Website - Twitter - LinkedIn - Google Plus

Tags: , , ,

Show Comments (0)

This is a unique website which will require a more modern browser to work! Please upgrade today!