According to cyber-security experts, disk drive firmware is most susceptible, after the BIOS code, to attacks by hackers.
In what could be a major embarrassment to the National Security Agency, a Moscow-based security software firm, Kaspersky Lab revealed that a group with supposedly close links to Americas cyber-espionage outfit has been deploying spying software deep inside hard drives of computers sold in 30 countries including Russia, Iran, Pakistan, Afghanistan, China and Syria.
Ironically, the damning indictment of the US agency came just days after President Barack Obama signed an executive order to increase information sharing around cyber threats at a White House summit on cyber-security and consumer protection, held at Stanford University, where some Silicon Valley bosses gushed about human rights and human dignity, and the consumers right to privacy and security.
While the Kaspersky Lab probe did not directly name the NSA it preferred to refer to the cyber-espionage agency as the Equation group, it revealed that infections of hard disks began in 2001, but increased dramatically after Obama took over as president in 2008. The infected hard disks had been sold to government departments, the armed forces, telecom firms, banks, nuclear establishments, the media and Islamic activists in many of the countries.
According to cyber-security experts, disk drive firmware is most susceptible, after the BIOS code, to attacks by hackers. The Russian company said the malicious software in the firmware, which launches every time a computer is turned on, is closely linked to Stuxnet, the tool deployed by the NSA to attack Irans uranium enrichment facility.
The new revelations are expected to hurt not just the NSAs surveillance capabilities, but even the American hardware industry, as most countries would be wary of buying US made equipment. While many of the hardware firms mentioned in the Russian report denied that they had collaborated with the NSA, the damage done to their reputation will hurt their business prospects.
Leaks by Edward Snowden, an ex-employee of a contractor of the NSA, had damaged American hardware makers and also embarrassed the US government with many of its allies stunned by the revelations. China, one of the largest markets for American high-tech firms, has unveiled measures that would require technology suppliers, especially for the banking and financial services sector, to provide software code to the authorities.
Even as the credibility of the American technology industry takes a beating with such reports, the US government is pushing for more cooperation and sharing of cyber-security information with the private sector. Last month, Obama introduced a cyber-security bill in Congress, seeking protection for companies who shared information with the government.