According to cyber researchers based in Russia, the United States National Security Agency hid spying software in hard drives made by top data storage manufacturers, including Western Digital, Seagate, and Toshiba. According to a slough of cyber researchers, former operatives and advanced technicians, this secret spying software made it possible for the NSA to snoop on the vast majority of the world’s computers.
This ability was only one of a host of spying programs discovered in 2015 by the Moscow-based security software maker Kaspersky Lab. The Lab has exposed many Western cyberespionage operations, but this one may be the most far-reaching and invasive.
According to Kaspersky Lab, its researchers found personal computers in 30 countries infected with one or more of the NSA’s spying programs; the most infectious programs were found in Iran, Russia, Pakistan, Afghanistan, China, Mali, Syria, Yemen and Algeria. Targets were widespread and included government and military institutions, telecommunication companies, banks, energy companies, nuclear researchers, media, and Islamic activists.
While the firm refused to name the country behind the spying campaign, it did maintain that the malware was linked to Stuxnet, an NSA-led cyberweapon that was used to damage Iran’s uranium enrichment facility and make it look like an accident.
One former NSA employee confirmed Kaspersky’s analysis, stating additionally that people working in the intelligence agency still utilized and valued these spying programs as much as they did Stuxnet. Another former intelligence operative went so far as to confirm that the NSA had developed a technique for concealing spyware in hard drives, though the employee claimed to not know which spying efforts actually utilized the hack.
NSA spokeswoman Vanee Vines declined to comment on the chain of events.
Kaspesky published the technical details of its study in full after outing the attack as a means for infected organizations to detect the spying programs, many of which were implanted as far back as 2001.
The exposure of the NSA’s far-reaching, illegal and invasive surveillance were expected to damage the agency’s ability to continue its behavior, especially when paired with the leaks carried out by former NSA contracter and whistleblower Edward Snowden. Snowden’s leaks damaged the United States’ relationship with many of its allies and even slowed the sales of American-based technology abroad.
Many speculated that these exposures may lead to a backlash against Western technology products, especially in countries like China where regulations were being drafted that would make technology suppliers offer copies of their software code for government inspection.
However, three years later iPhones and the like remain incredibly popular in all markets, particularly that of China.
That said, many government officials made serious recommendations to the NSA to be less totalitarian with its surveillance. Peter Swire, one of five employees on President Barack Obama’s Review Group on Intelligence and Communications Technology, said that the Kaspersky report demonstrated how important it was that the NSA consider how its actions could have a negative impact on diplomatic relations and trade:
“There can be serious negative effects on other U.S. interests,” he warned.