Kaspersky Labs, a Moscow-based cyber security company, claim they have found sophisticated spying software in the hard drives of personal computers manufactured by the world’s biggest companies and sold to 30 countries, the Financial Times reported.
These countries include Iran, Pakistan, Russia and China, long targeted by US intelligence services.
The targets in those countries include banks, government offices, nuclear researchers, military facilities and Islamic activists.
Te computer makers include Toshiba, Western Digital, Seagate and IBM.
Kaspersky is yet to publicly accuse the U.S. National Security Agency of direct responsibility for creating the malware, but researchers have been saying just that, off the record.
Kaspersky published the spyware’s technical details on Monday, suggesting they had been launched by an entity “that surpasses anything known in terms of complexity and sophistication of techniques.”
Your tax dollars in action.
Kaspersky called the entity Equation Group, estimating that it had been operating for 20 years.
Kaspersky claims this Equation Group had “solid links” to the creators of Stuxnet — the U.S.-Israel made virus that attacked an Iranian nuclear facility.
According to Kaspersky, one of the spy tools is embedded in the computer “firmware” code, which informs the rest of a computer when it is switched on, “an astonishing technical accomplishment, ” according to the Russian virus protection outfit.
“To put it simply: for most hard drives there are functions to write into the hardware firmware area, but there are no functions to read it back, ” said Costin Raiu, director of the global research and analysis team at Kaspersky Lab. “It means that we are practically blind, and cannot detect hard drives that have been infected by this malware.”
The Kaspersky report also covers the Equation Group’s efforts to map “air-gapped” networks that are not connected to the internet — as in the case of Iran’s nuclear facilities. The report speaks of a “unique USB-based command and control mechanism which allowed the attackers to pass data back and forth from air-gapped networks.”