- 注册
- 2012-02-27
- 消息
- 9,440
- 荣誉分数
- 2,120
- 声望点数
- 273
美国安全局NSA被曝在全球硬盘中藏间谍软件
腾讯科技 2015年02月17日07:31
[摘要]西部数据、希捷、东芝纷纷中枪,几大硬盘公司占据世界上超过90%的硬盘市场份额。
BI中文站 2月17日报道
多名网络研究人员与前特工人员曝光称,美国国家安全局(NSA)在美国Western Digital(西部数据)、希捷公司、日本东芝以及其他顶级硬盘制造商的硬盘中暗藏间谍软件,该机构可以借此窃听全世界的大多数电脑。
这个间谍软件计划首先是俄罗斯安全软件制造商卡巴斯基实验室发现的,该机构曾曝光了一系列西方国家网络间谍行动。卡巴斯基实验室称,他们发现全球30个国家的个人电脑被感染一种或多种间谍程序,其中被感染电脑最多的是伊朗,其次为俄罗斯、巴基斯坦、阿富汗、中国、马里、叙利亚、也门以及阿尔及利亚。感染目标包括政府和军事机构、电信公司、银行、能源公司、核研究人员、媒体、伊斯兰活动家的电脑硬盘。
尽管卡巴斯基实验室拒绝公开这起间谍事件的幕后操纵国家,但称其与“震网”病毒密切相关。而“震网”病毒是美国国安局领导研发的网络武器,曾被用于攻击伊朗铀浓缩工厂。国安局是代表美国负责收集电子情报的机构。
一名前国安局雇员透露,卡巴斯基实验室的分析师是对的,国安局人员像对待“震网”病毒那样高度重视这些间谍程序。另一名前特工也证实,国安局已经研发出在硬盘中隐藏间谍软件的技术,但他不知道哪些间谍行动使用了它们。国安局发言人对此拒绝发表评论。
卡巴斯基实验室公布了他们研究所发现的技术细节,这应该有助于硬盘被感染的机构发现这些间谍程序,有些程序甚至可追溯到2001年。卡巴斯基实验室的曝光可能进一步破坏国安局的监控能力,此前承包商爱德华·斯诺登(Edward Snowden)大量泄密已经损害其声誉和能力。斯诺登泄密已经损害美国及其部分盟友关系,导致美国科技产品在国外销量下降。
而新的间谍工具曝光可能掀起更大规模的反对西方科技及产品的高潮,特别是中国等国。这些国家已经起草相关法规,要求大多数银行技术供应商提供复制的软件代码以供检查。
阿巴斯基实验室还曝光称,通过研究明白如何将恶意软件植入晦涩难懂的固件源代码中,间谍技术已经取得重大突破。硬盘固件被间谍和网络安全专家视为PC界价值第二高的“房地产”,仅次于BIOS代码,后者可促使电脑自动开机。卡巴斯基首席研究员克斯汀·莱乌(Costin Raiu)说:“硬件也能够感染电脑。”
尽管依然活跃的间谍行动领导者们可能已经控制成千上万台电脑,并获得窃取文件或窃听他们想要的任何信息的能力,但间谍们依然有选择性地窃取资料,只针对最有价值的外国目标的电脑建立完整的远程操控。卡巴斯基实验室发现,只有少数价值特别高的电脑硬盘被感染。
卡巴斯基实验室重组间谍程序显示,这些程序可在数十家公司出售的硬盘中运行,这些硬盘几乎覆盖整个硬盘市场,包括Western Digital、希捷公司、日本东芝公司、IBM、Micron以及三星等。Western Digital、希捷公司以及Micron公司表示,他们还不知道这些间谍程序。东芝与三星也拒绝发表评论,IBM也未对此作出反应。
莱乌说,间谍程序的编写者肯定侵入了这些硬盘专有的源代码中,这个代码可以成为漏洞路线图,允许那些研究它的人对其更轻松发动攻击。莱乌说:“如果有人想利用公共信息重写硬盘的操作系统,这种机会只有零。”但在谷歌(微博)和其他美国公司2009年遭到高调网络攻击后,侵入源代码的担忧日增。调查人员表示,他们已经发现证据,黑客从多家美国科技和国防公司获得硬盘源代码。
现在还不清楚国安局如何获得硬盘源代码。Western Digital发言人史蒂夫·沙特克(Steve Shattuck)说:“我们没有向政府机构提供源代码。”其他硬盘制造商没有证实他们是否曾与国安局共享源代码。希捷公司发言人克利夫·奥弗(Clive Over)表示:“我们拥有可预防固件和其他技术篡改或逆向工程的防范措施。”
但是一些前特工曝光称,国安局有很多办法获得科技公司的源代码,包括直接要求科技公司提供,或假扮软件开发者骗取。如果一家公司想向五角大楼或其他敏感政府机构出售产品,政府就可以要求进行安全审查,以确保其源代码安全。安全咨询公司Bishop Fox合伙人、前国安局分析员文森特·刘(Vincent Liu)说:“国安局不会承认,但他们会说:‘我们会做评估,我们需要源代码。’国安局进行评估很正常,但索要并要求保存源代码就有些越权。”
卡巴斯基实验室称间谍程序编写者为“Equation group”,因为他们特别擅长复杂的加密公式。这个组织利用各种方式传播其他间谍程序,比如通过圣战网站、感染的USB和CD、开发可自我传播的电脑蠕虫病毒等。(风帆)
【美国Business Insider作品(简称“作品”)的中文翻译权及中文版版权均归腾讯公司独家所有。未经腾讯公司授权许可,任何组织、机构或个人不得对作品进行中文翻译或对作品中文版本实施转载、摘编或其他任何形式的使用行为,违者腾讯公司将追究其法律责任。】
NSA hid spying software in hard drive firmware, report says
Government, military in Iran, Russia, Pakistan, Afghanistan targeted
Thomson Reuters Posted: Feb 16, 2015 3:59 PM ET Last Updated: Feb 16, 2015 4:05 PM ET
The Town of Leamington will become the first community in Canada
The U.S. National Security Agency has figured out how to hide spying software deep within hard drives made by Western Digital, Seagate, Toshiba and other top manufacturers, giving the agency the means to eavesdrop on the majority of the world's computers, according to cyber researchers and former operatives.
That long-sought and closely guarded ability was part of a cluster of spying programs discovered by Kaspersky Lab, the Moscow-based security software maker that has exposed a series of Western cyberespionage operations.
Kaspersky said it found personal computers in 30 countries infected with one or more of the spying programs, with the most infections seen in Iran, followed by Russia, Pakistan, Afghanistan, China, Mali, Syria, Yemen and Algeria. The targets included government and military institutions, telecommunication companies, banks, energy companies, nuclear researchers, media, and Islamic activists, Kaspersky said.
Kaspersky said it found personal computers in 30 countries infected with one or more of the spying programs, with the most infections seen in Iran, followed by Russia, Pakistan, Afghanistan, China, Mali, Syria, Yemen and Algeria. (Kaspersky Lab/Reuters)
The firm declined to publicly name the country behind the spying campaign, but said it was closely linked to Stuxnet, the NSA-led cyberweapon that was used to attack Iran's uranium enrichment facility. The NSA is the agency responsible for gathering electronic intelligence on behalf of the United States.
A former NSA employee told Reuters that Kaspersky's analysis was correct, and that people still in the intelligence agency valued these spying programs as highly as Stuxnet. Another former intelligence operative confirmed that the NSA had developed the prized technique of concealing spyware in hard drives, but said he did not know which spy efforts relied on it.
NSA spokeswoman Vanee Vines declined to comment.
Kaspersky published the technical details of its research on Monday, which should help infected institutions detect the spying programs, some of which trace back as far as 2001.
The disclosure could further hurt the NSA's surveillance abilities, already damaged by massive leaks by former contractor Edward Snowden. Snowden's revelations have hurt the United States' relations with some allies and slowed the sales of U.S. technology products abroad.
The exposure of these new spying tools could lead to greater backlash against Western technology, particularly in countries such as China, which is already drafting regulations that would require most bank technology suppliers to proffer copies of their software code for inspection.
Technological breakthrough
According to Kaspersky, the spies made a technological breakthrough by figuring out how to lodge malicious software in the obscure code called firmware that launches every time a computer is turned on.
Disk drive firmware is viewed by spies and cybersecurity experts as the second-most valuable real estate on a PC for a hacker, second only to the BIOS code invoked automatically as a computer boots up.
"The hardware will be able to infect the computer over and over," lead Kaspersky researcher Costin Raiu said in an interview.
Though the leaders of the still-active espionage campaign could have taken control of thousands of PCs, giving them the ability to steal files or eavesdrop on anything they wanted, the spies were selective and only established full remote control over machines belonging to the most desirable foreign targets, according to Raiu. He said Kaspersky found only a few especially high-value computers with the hard-drive infections.
Kaspersky's reconstructions of the spying programs show that they could work in disk drives sold by more than a dozen companies, comprising essentially the entire market. They include Western Digital Corp, Seagate Technology Plc , Toshiba Corp, IBM, Micron Technology Inc and Samsung Electronics Co Ltd.
Western Digital, Seagate and Micron said they had no knowledge of these spying programs. Toshiba and Samsung declined to comment. IBM did not respond to requests for comment.
Access to proprietary source code
Raiu said the authors of the spying programs must have had access to the proprietary source code that directs the actions of the hard drives. That code can serve as a roadmap to vulnerabilities, allowing those who study it to launch attacks much more easily.
"There is zero chance that someone could rewrite the [hard drive] operating system using public information," Raiu said.
Concerns about access to source code flared after a series of high-profile cyberattacks on Google Inc and other U.S. companies in 2009 that were blamed on China. Investigators have said they found evidence that the hackers gained access to source code from several big U.S. tech and defense companies.
It is not clear how the NSA may have obtained the hard drives' source code. Western Digital spokesman Steve Shattuck said the company "has not provided its source code to government agencies." The other hard drive makers would not say if they had shared their source code with the NSA.
Seagate spokesman Clive Over said it has "secure measures to prevent tampering or reverse engineering of its firmware and other technologies." Micron spokesman Daniel Francisco said the company took the security of its products seriously and "we are not aware of any instances of foreign code."
According to former intelligence operatives, the NSA has multiple ways of obtaining source code from tech companies, including asking directly and posing as a software developer. If a company wants to sell products to the Pentagon or another sensitive U.S. agency, the government can request a security audit to make sure the source code is safe.
"They don't admit it, but they do say, 'We're going to do an evaluation, we need the source code,'" said Vincent Liu, a partner at security consulting firm Bishop Fox and former NSA analyst. "It's usually the NSA doing the evaluation, and it's a pretty small leap to say they're going to keep that source code."
Kaspersky called the authors of the spying program "the Equation group," named after their embrace of complex encryption formulas.
The group used a variety of means to spread other spying programs, such as by compromising jihadist websites, infecting USB sticks and CDs, and developing a self-spreading computer worm called Fanny, Kasperky said.
Fanny was like Stuxnet in that it exploited two of the same undisclosed software flaws, known as "zero days," which strongly suggested collaboration by the authors, Raiu said. He added that it was "quite possible" that the Equation group used Fanny to scout out targets for Stuxnet in Iran and spread the virus.
© Thomson Reuters, 2015
http://www.cbc.ca/news/technology/n...-in-hard-drive-firmware-report-says-1.2959252
腾讯科技 2015年02月17日07:31
[摘要]西部数据、希捷、东芝纷纷中枪,几大硬盘公司占据世界上超过90%的硬盘市场份额。
BI中文站 2月17日报道
多名网络研究人员与前特工人员曝光称,美国国家安全局(NSA)在美国Western Digital(西部数据)、希捷公司、日本东芝以及其他顶级硬盘制造商的硬盘中暗藏间谍软件,该机构可以借此窃听全世界的大多数电脑。
这个间谍软件计划首先是俄罗斯安全软件制造商卡巴斯基实验室发现的,该机构曾曝光了一系列西方国家网络间谍行动。卡巴斯基实验室称,他们发现全球30个国家的个人电脑被感染一种或多种间谍程序,其中被感染电脑最多的是伊朗,其次为俄罗斯、巴基斯坦、阿富汗、中国、马里、叙利亚、也门以及阿尔及利亚。感染目标包括政府和军事机构、电信公司、银行、能源公司、核研究人员、媒体、伊斯兰活动家的电脑硬盘。
尽管卡巴斯基实验室拒绝公开这起间谍事件的幕后操纵国家,但称其与“震网”病毒密切相关。而“震网”病毒是美国国安局领导研发的网络武器,曾被用于攻击伊朗铀浓缩工厂。国安局是代表美国负责收集电子情报的机构。
一名前国安局雇员透露,卡巴斯基实验室的分析师是对的,国安局人员像对待“震网”病毒那样高度重视这些间谍程序。另一名前特工也证实,国安局已经研发出在硬盘中隐藏间谍软件的技术,但他不知道哪些间谍行动使用了它们。国安局发言人对此拒绝发表评论。
卡巴斯基实验室公布了他们研究所发现的技术细节,这应该有助于硬盘被感染的机构发现这些间谍程序,有些程序甚至可追溯到2001年。卡巴斯基实验室的曝光可能进一步破坏国安局的监控能力,此前承包商爱德华·斯诺登(Edward Snowden)大量泄密已经损害其声誉和能力。斯诺登泄密已经损害美国及其部分盟友关系,导致美国科技产品在国外销量下降。
而新的间谍工具曝光可能掀起更大规模的反对西方科技及产品的高潮,特别是中国等国。这些国家已经起草相关法规,要求大多数银行技术供应商提供复制的软件代码以供检查。
阿巴斯基实验室还曝光称,通过研究明白如何将恶意软件植入晦涩难懂的固件源代码中,间谍技术已经取得重大突破。硬盘固件被间谍和网络安全专家视为PC界价值第二高的“房地产”,仅次于BIOS代码,后者可促使电脑自动开机。卡巴斯基首席研究员克斯汀·莱乌(Costin Raiu)说:“硬件也能够感染电脑。”
尽管依然活跃的间谍行动领导者们可能已经控制成千上万台电脑,并获得窃取文件或窃听他们想要的任何信息的能力,但间谍们依然有选择性地窃取资料,只针对最有价值的外国目标的电脑建立完整的远程操控。卡巴斯基实验室发现,只有少数价值特别高的电脑硬盘被感染。
卡巴斯基实验室重组间谍程序显示,这些程序可在数十家公司出售的硬盘中运行,这些硬盘几乎覆盖整个硬盘市场,包括Western Digital、希捷公司、日本东芝公司、IBM、Micron以及三星等。Western Digital、希捷公司以及Micron公司表示,他们还不知道这些间谍程序。东芝与三星也拒绝发表评论,IBM也未对此作出反应。
莱乌说,间谍程序的编写者肯定侵入了这些硬盘专有的源代码中,这个代码可以成为漏洞路线图,允许那些研究它的人对其更轻松发动攻击。莱乌说:“如果有人想利用公共信息重写硬盘的操作系统,这种机会只有零。”但在谷歌(微博)和其他美国公司2009年遭到高调网络攻击后,侵入源代码的担忧日增。调查人员表示,他们已经发现证据,黑客从多家美国科技和国防公司获得硬盘源代码。
现在还不清楚国安局如何获得硬盘源代码。Western Digital发言人史蒂夫·沙特克(Steve Shattuck)说:“我们没有向政府机构提供源代码。”其他硬盘制造商没有证实他们是否曾与国安局共享源代码。希捷公司发言人克利夫·奥弗(Clive Over)表示:“我们拥有可预防固件和其他技术篡改或逆向工程的防范措施。”
但是一些前特工曝光称,国安局有很多办法获得科技公司的源代码,包括直接要求科技公司提供,或假扮软件开发者骗取。如果一家公司想向五角大楼或其他敏感政府机构出售产品,政府就可以要求进行安全审查,以确保其源代码安全。安全咨询公司Bishop Fox合伙人、前国安局分析员文森特·刘(Vincent Liu)说:“国安局不会承认,但他们会说:‘我们会做评估,我们需要源代码。’国安局进行评估很正常,但索要并要求保存源代码就有些越权。”
卡巴斯基实验室称间谍程序编写者为“Equation group”,因为他们特别擅长复杂的加密公式。这个组织利用各种方式传播其他间谍程序,比如通过圣战网站、感染的USB和CD、开发可自我传播的电脑蠕虫病毒等。(风帆)
【美国Business Insider作品(简称“作品”)的中文翻译权及中文版版权均归腾讯公司独家所有。未经腾讯公司授权许可,任何组织、机构或个人不得对作品进行中文翻译或对作品中文版本实施转载、摘编或其他任何形式的使用行为,违者腾讯公司将追究其法律责任。】
NSA hid spying software in hard drive firmware, report says
Government, military in Iran, Russia, Pakistan, Afghanistan targeted
Thomson Reuters Posted: Feb 16, 2015 3:59 PM ET Last Updated: Feb 16, 2015 4:05 PM ET
The Town of Leamington will become the first community in Canada
The U.S. National Security Agency has figured out how to hide spying software deep within hard drives made by Western Digital, Seagate, Toshiba and other top manufacturers, giving the agency the means to eavesdrop on the majority of the world's computers, according to cyber researchers and former operatives.
That long-sought and closely guarded ability was part of a cluster of spying programs discovered by Kaspersky Lab, the Moscow-based security software maker that has exposed a series of Western cyberespionage operations.
Kaspersky said it found personal computers in 30 countries infected with one or more of the spying programs, with the most infections seen in Iran, followed by Russia, Pakistan, Afghanistan, China, Mali, Syria, Yemen and Algeria. The targets included government and military institutions, telecommunication companies, banks, energy companies, nuclear researchers, media, and Islamic activists, Kaspersky said.
Kaspersky said it found personal computers in 30 countries infected with one or more of the spying programs, with the most infections seen in Iran, followed by Russia, Pakistan, Afghanistan, China, Mali, Syria, Yemen and Algeria. (Kaspersky Lab/Reuters)
The firm declined to publicly name the country behind the spying campaign, but said it was closely linked to Stuxnet, the NSA-led cyberweapon that was used to attack Iran's uranium enrichment facility. The NSA is the agency responsible for gathering electronic intelligence on behalf of the United States.
A former NSA employee told Reuters that Kaspersky's analysis was correct, and that people still in the intelligence agency valued these spying programs as highly as Stuxnet. Another former intelligence operative confirmed that the NSA had developed the prized technique of concealing spyware in hard drives, but said he did not know which spy efforts relied on it.
NSA spokeswoman Vanee Vines declined to comment.
Kaspersky published the technical details of its research on Monday, which should help infected institutions detect the spying programs, some of which trace back as far as 2001.
The disclosure could further hurt the NSA's surveillance abilities, already damaged by massive leaks by former contractor Edward Snowden. Snowden's revelations have hurt the United States' relations with some allies and slowed the sales of U.S. technology products abroad.
The exposure of these new spying tools could lead to greater backlash against Western technology, particularly in countries such as China, which is already drafting regulations that would require most bank technology suppliers to proffer copies of their software code for inspection.
Technological breakthrough
According to Kaspersky, the spies made a technological breakthrough by figuring out how to lodge malicious software in the obscure code called firmware that launches every time a computer is turned on.
Disk drive firmware is viewed by spies and cybersecurity experts as the second-most valuable real estate on a PC for a hacker, second only to the BIOS code invoked automatically as a computer boots up.
"The hardware will be able to infect the computer over and over," lead Kaspersky researcher Costin Raiu said in an interview.
Though the leaders of the still-active espionage campaign could have taken control of thousands of PCs, giving them the ability to steal files or eavesdrop on anything they wanted, the spies were selective and only established full remote control over machines belonging to the most desirable foreign targets, according to Raiu. He said Kaspersky found only a few especially high-value computers with the hard-drive infections.
Kaspersky's reconstructions of the spying programs show that they could work in disk drives sold by more than a dozen companies, comprising essentially the entire market. They include Western Digital Corp, Seagate Technology Plc , Toshiba Corp, IBM, Micron Technology Inc and Samsung Electronics Co Ltd.
Western Digital, Seagate and Micron said they had no knowledge of these spying programs. Toshiba and Samsung declined to comment. IBM did not respond to requests for comment.
Access to proprietary source code
Raiu said the authors of the spying programs must have had access to the proprietary source code that directs the actions of the hard drives. That code can serve as a roadmap to vulnerabilities, allowing those who study it to launch attacks much more easily.
"There is zero chance that someone could rewrite the [hard drive] operating system using public information," Raiu said.
Concerns about access to source code flared after a series of high-profile cyberattacks on Google Inc and other U.S. companies in 2009 that were blamed on China. Investigators have said they found evidence that the hackers gained access to source code from several big U.S. tech and defense companies.
It is not clear how the NSA may have obtained the hard drives' source code. Western Digital spokesman Steve Shattuck said the company "has not provided its source code to government agencies." The other hard drive makers would not say if they had shared their source code with the NSA.
Seagate spokesman Clive Over said it has "secure measures to prevent tampering or reverse engineering of its firmware and other technologies." Micron spokesman Daniel Francisco said the company took the security of its products seriously and "we are not aware of any instances of foreign code."
According to former intelligence operatives, the NSA has multiple ways of obtaining source code from tech companies, including asking directly and posing as a software developer. If a company wants to sell products to the Pentagon or another sensitive U.S. agency, the government can request a security audit to make sure the source code is safe.
"They don't admit it, but they do say, 'We're going to do an evaluation, we need the source code,'" said Vincent Liu, a partner at security consulting firm Bishop Fox and former NSA analyst. "It's usually the NSA doing the evaluation, and it's a pretty small leap to say they're going to keep that source code."
Kaspersky called the authors of the spying program "the Equation group," named after their embrace of complex encryption formulas.
The group used a variety of means to spread other spying programs, such as by compromising jihadist websites, infecting USB sticks and CDs, and developing a self-spreading computer worm called Fanny, Kasperky said.
Fanny was like Stuxnet in that it exploited two of the same undisclosed software flaws, known as "zero days," which strongly suggested collaboration by the authors, Raiu said. He added that it was "quite possible" that the Equation group used Fanny to scout out targets for Stuxnet in Iran and spread the virus.
© Thomson Reuters, 2015
http://www.cbc.ca/news/technology/n...-in-hard-drive-firmware-report-says-1.2959252
