By now, you’ve likely heard about how the U.S. National Security Agency (NSA) has hidden secret spying software in a number of hard drives made by a number of top manufacturers. As revealed and reported by Kapersky Lab from Moscow, this spy software is buried deep inside the hard drives, giving the NSA a “back door” into snooping on computers all around the world. The security agency can then secretly monitor everything that’s happening on those computers.
The good news is that, as far as we can gather, it is unlikely that you as a private individual have been directly impacted by this particular instance of NSA spying. The majority of the personal computers impacted by the NSA spying programs are based in Iran. Kapersky says that computers were also infected in Russia, Pakistan, Afghanistan, China, Mali, Syria, Yemen, and Algeria.
And if you just use your computer to watch YouTube videos and to troll your friends on Facebook, you’re probably okay too, as the NSA was reportedly targeting “government and military institutions, telecommunication companies, banks, energy companies, nuclear researchers, media, and Islamic activists.” Though a political blog could fall into the “media” part of that list. In any case, if you’re not in those countries and you’re not participating in those activities, you’re probably not being watched… at least under this specific NSA initiative.
An unnamed “former intelligence operative” has confirmed that the NSA has developed a technique for concealing spyware in the hard drives made by such companies as Western Digital, Toshiba and Seagate and this NSA spying could be linked to something called Stuxnet. It was with this so-called “cyberweapon” that the NSA was able to attack the uranium enrichment facility in Iran. The hidden spyware may have been collecting data since 2001, but of course the NSA declined to comment on any sort of official basis.
When reached for comment, Western Digital provided the following statement:
On Monday, February 16, Kaspersky Labs published a research report about an advanced cyber-espionage program, in which the products of multiple storage device manufacturers, including from Western Digital and HGST, were identified.
Prior to the report, we had no knowledge of the described cyber-espionage program. We take such threats very seriously. The integrity of our products and the security of our customers’ data are of paramount importance to us.
We are constantly evaluating how we can better protect the integrity of our drives and customer data. We are in the process of reviewing the report from Kaspersky Labs and the technical data set forth within the report.
Seagate Technology provided a similar, albeit shorter, response:
Seagate has no specific knowledge of any allegations regarding third-parties accessing our drives. Seagate is absolutely committed to ensuring the highest levels of security of the data belonging to our users. For over seven years Seagate has been shipping drives offering industry-leading levels of self encryption, while putting in place secure measures to prevent tampering or reverse engineering of its firmware and other technologies.
Given that Seagate and Micron recently formed a “strategic alliance,” the assumption is that Micron is on the same page in regards to this whole NSA fiasco. Of course, these are just official statements. It is certainly possible that the majority of people working at Western Digital, Seagate and other hard drive companies had no knowledge of the situation and the NSA simply snuck their way in there by discovering a back door of its own.
Or maybe it really is one giant conspiracy and the NSA happily paid these companies, presumably under the table, to provide such a back door. I suppose we’ll never know. Or, for those of you who do know, you may be getting an unexpected knock on your door any day now.
More as this story develops…