A protestor holds up a sign at a rally against the NSA’s spying program.
By Yaël Ossowski | Watchdog.org | February 18, 2015
A Russian security firm claims to have uncovered a major tool used to
rewrite hard drives and collect all stored information in potentially
millions of computers and hard drives around the world.
In a very technical post on its website,
the Moscow-based Internet security firm Kaspersky Lab revealed the
complex viruses programmed into computers and hard drives by the
Equation Group, purported to be the National Security Agency, according
to an unnamed former NSA employee who spoke to Reuters.
use tools that are very complicated and expensive to develop, in order
to infect victims, retrieve data and hide activity in an outstandingly
professional way, and utilize classic spying techniques to deliver
malicious payloads to the victims,” stated Kaspersky Lab’s Global Research and Analysis Team on its website.
A more detailed PDF
put together by Kaspersky Lab describes in detail a computer worm
called “Fanny,” compiled in July 2008. It was originally created to
infect the computers of certain targets in the Middle East and Asia,
using USB sticks that would grab data and upload once the computer
connected to the Internet.
Parts of this code were later used in Stuxnet, the computer virus aimed at Iran’s nuclear facilities most likely released by the NSA.
Former CIA agent Jeffrey Sterling was convicted for espionage last month as a result of revealing the federal government’s role in developing the Stuxnet virus to New York Times journalist
James Risen in 2006. It has so far been the largest ever cyber-weapon
deployed against a government, though he U.S. government continues to
According to Kaspersky Labs, the most
astounding part of its research is the Equation Group’s “ability to
infect the hard drive firmware,” at a level never seen before. By
completely rewriting the source code for hard drives, using the file
“nls_933w.dll,” the NSA conceivably has the mechanisms necessary to
collect every piece of information and data stored.
Most of the
implanted Trojan horses, or programs meant to capture information, were
found in computers from China, Russia, Iran, and even some in Europe and
the United States, according to the firm, affecting entities with ties
to finance, government, media, military, universities, embassies and
A look at the countries and industries targeted by the program
infecting hard drives, purported to be run by the National Security
Hard drive manufacturers have been quick to deny any acknowledgement of such a program on their products.
to the report, we had no knowledge of the described cyber-espionage
program. We take such threats very seriously. The integrity of our
products and the security of our customers’ data are of paramount
importance to us,” Steve Shattuck, Western Digital’s media relations
director, told Sputnik News.
portion of the research reveals Internet users in Jordan, Turkey and
Egypt were specifically not targeted for attacks, countries considered
to be U.S. allies.
The NSA has yet to comment on whether the program is a part of its intelligence gathering activities.