Pages

Sunday, March 29, 2015

RUSSIAN FIRM KASPERSKYP: NSA INFECTED HARDRIVES, AND THE IMPLICATIONS

Ms. D.P shared this, and when you read it, you'll see why I'm passing it along to you, with my own cautionary observations. According to this article from Rueters Canada, the American NSA has been doing a whole lot more than just eavesdropping in on your emails of phone conversations. It has, apparently, been able to infect your computer harddrives straight from the factory:
Russian researchers expose breakthrough U.S. spying program
The key points are may be found in these paragraphs, and ponder their implications carefully:
"The U.S. National Security Agency has figured out how to hide spying software deep within hard drives made by Western Digital, Seagate, Toshiba and other top manufacturers, giving the agency the means to eavesdrop on the majority of the world's computers, according to cyber researchers and former operatives.
"That long-sought and closely guarded ability was part of a cluster of spying programs discovered by Kaspersky Lab, the Moscow-based security software maker that has exposed a series of Western cyberespionage operations.
"Kaspersky said it found personal computers in 30 countries infected with one or more of the spying programs, with the most infections seen in Iran, followed by Russia, Pakistan, Afghanistan, China, Mali, Syria, Yemen and Algeria. The targets included government and military institutions, telecommunication companies, banks, energy companies, nuclear researchers, media, and Islamic activists, Kaspersky said. (reut.rs/1L5knm0)
"The firm declined to publicly name the country behind the spying campaign, but said it was closely linked to Stuxnet, the NSA-led cyberweapon that was used to attack Iran's uranium enrichment facility. The NSA is the agency responsible for gathering electronic intelligence on behalf of the United States.
"A former NSA employee told Reuters that Kaspersky's analysis was correct, and that people still in the intelligence agency valued these spying programs as highly as Stuxnet. Another former intelligence operative confirmed that the NSA had developed the prized technique of concealing spyware in hard drives, but said he did not know which spy efforts relied on it."
And this a little further on in the article:
"According to Kaspersky, the spies made a technological breakthrough by figuring out how to lodge malicious software in the obscure code called firmware that launches every time a computer is turned on.
"Disk drive firmware is viewed by spies and cybersecurity experts as the second-most valuable real estate on a PC for a hacker, second only to the BIOS code invoked automatically as a computer boots up.
"'The hardware will be able to infect the computer over and over,' lead Kaspersky researcher Costin Raiu said in an interview."
There is a line from George Lucas' first Star Wars movie that is applicable here, and which shows the implications to which the USA, in its mad scramble to be "secure," seems to be falling prey. It is in a line uttered by the character Princess Leia to the imperial governor (of the Death Star), Tarkin. Leia says something to the effect that the more the Empire tightens its grip, the more inevitably slips through its fingers.
This policy of unrestrained electronic spying has already seen economic consequences hit: Brazil and Europe both began to talk, and Brazil to do something about, the US based internet by launching parallel systems. China has already introduced regulations curtailing the purpose of computer hardware directly from the USA. And don't forget that story that appeared in the aftermath of the Snowden scandal and the failure of the Russian space probe Phobos II, which was blamed on faulty computer chips. Russia, you'll recall, placed a similar ban on chip imports, and even went so far as to announce that it was considering a return to the typewriter in order to avoid the NSA's snooping. More recently we've seen Russian announcements of its own internal domestic financial clearing network, and its insistence that Visa and Mastercard locate their clearing centers for Russia in Russia. And my own hypothesized idea that the BRICSA bloc will have to build their own counterpart to SWIFT is based, in part, on the growing suspicion within the BRICSA bloc about the security and privacy of western mechanisms of clearing.
Now add to this the admission that harddrives are also infected, and we can see another economic consequence looming, one with potentially dire consequences for the American microchip and computer hardware industry (not to mention Toshiba in Japan): if you were Frau Merkel, or Mr. Putin, would you be inclined to place a major order for computers with Toshiba? Or IBM? Or Cray?
Probably not.
But there is yet another "flip side" to all this, and here comes the high octane speculation of the day: suppose you needed, for whatever unstated reason, to build a worldwide redundancy into global communications networks, including those of international financial clearing, and you had to do so in a climate where some nations do not fall into the "trusted partners" part of the ledger. How would you go about inducing them to do their part to build in that redundancy that you have determined - again for whatever reason - to be necessary? One way, of course, would be to convince them that you yourself, and your products and "services" could not be trusted, and that they had to build their own parallel industries and services to mimic your own.
The question, of course, is why one would need such redundancies... but that's high octane speculation for another day...

No comments:

Post a Comment