The effort, launched on behalf of what Kaspersky is calling the “Equation Group,” was a specialized operation designed to implement surveillance on some of the NSA’s highest profile targets. Unlike the blanket collection methods we saw with the taps of Google’s fiber optic lines or phone call record archives, the NSA kept the secrets of their hard drive intrusion comparatively close to their chest, only bringing out the big guns when it was an absolute necessity.
Kaspersky believes this is due to the highly advanced nature of the code that was used to infiltrate the drives, which could have cost upwards of several million dollars to construct, implement, and maintain over the past decade. The agency wasn’t willing to risk having that technology fall into the wrong hands through overuse, and as far as the Russian threat research group could find, the only targets it’s been used on are computers within specific I.P. ranges, most of them in the Middle East.
The code was capable of infiltrating drives from many of the largest providers including Seagate, Western Digital, and Toshiba, rewriting the firmware on each, and making itself resilient to any method of removal including flash wipes.
This is capability that only a nation-state could cook up, and anonymous sources still working within the agency have been able to confirm the existence of the program used to develop it. Kaspersky’s findings suggest the group behind the exploit has been active for at least 15 years, and the hard-drive infecting malware, called GrayFish by Kaspersky, has been around since 2008.
The news comes just a day after the Lab unveiled details of one of the largest banking trojan operations in history, which yielded the hackers behind the scam upwards of one billion dollars, collected over a span of just under two years.
None of the manufacturers of the drives in question claim to have known about the defects in their devices, and state they have never worked or collaborated with the NSA to install secret backdoors in their hardware.
