Spyware reaches new heights - right in the hard drive

[Fragile Bird]

Every time I look at a cell phone, a laptop, a pad or a notebook, or any other kind of computer, I've been paranoid (just a bit, not completely gaga) about it being made in China. Surely, I think, there's been a backdoor built into the machine allowing Chinese hackers easy access into the machine, right?

Silly me.

The NSA has been there for about 14 years already. And they've done it so subtly no one noticed until now. The makers of anti-spyware software Kaspersky Lab published the discovery in a report on Monday. http://www.cbc.ca/news/technology/breakthrough-nsa-spyware-shows-deep-grasp-of-makers-hard-drives-1.2960606

And, btw, speaking of feeling stupid, I always assumed Kaspersky was a US company named after the Eastern European immigrant who founded it, not that it was a Russian company based in Moscow. I wonder if my friends who use Kaspersky know that, speaking of paranoia...

But this presents a new level of sophistication that Kaspersky's principal security researcher Vitaly Kamluk calls "revolutionary."

"Until now, we've never seen malware get to the micro-code, the microsystem running the hard drive itself," Kamluk said from Singapore.

To implant spyware on hard drives would require the device's source code the raw written backbone of software that users would never see and perhaps product blueprints that "only manufacturers would have access to," Kamluk said, suggesting such proprietary information could only be obtained through limited means.

You might have to steal it," he said.

Steal it? Or just go the company and tell them to be patriotic....

You know I've started threads before about hacking and cyber crime, and, um, spying television sets, but I'm happy, almost, to see my years of reading science fiction have helped prepare me emotionally for knowing Big Brother has been here for a long time now.

[The King in Black]

NSA must have the world's most enviable collection of porn

[maarsen]

My brother used to work for Bell Canada installing phone switching equipment. Not the old fashioned relay based stuff but the modern electronic stuff. He was convinced the US and Canadian governments had all kinds of backdoor access then 20 some odd years ago. I can imagine that a lot of small hard drive startup companies, way back in the 80's and 90's could not resist a little bit of pressure and/or contract offers for the chance to look at the source code for the hard drives. BTW, remember what DOS used to stand for? Disk Operating System.

[Shryke]

Every time I look at a cell phone, a laptop, a pad or a notebook, or any other kind of computer, I've been paranoid (just a bit, not completely gaga) about it being made in China. Surely, I think, there's been a backdoor built into the machine allowing Chinese hackers easy access into the machine, right?

Silly me.

The NSA has been there for about 14 years already. And they've done it so subtly no one noticed until now. The makers of anti-spyware software Kaspersky Lab published the discovery in a report on Monday. http://www.cbc.ca/news/technology/breakthrough-nsa-spyware-shows-deep-grasp-of-makers-hard-drives-1.2960606

And, btw, speaking of feeling stupid, I always assumed Kaspersky was a US company named after the Eastern European immigrant who founded it, not that it was a Russian company based in Moscow. I wonder if my friends who use Kaspersky know that, speaking of paranoia...

Steal it? Or just go the company and tell them to be patriotic....

You know I've started threads before about hacking and cyber crime, and, um, spying television sets, but I'm happy, almost, to see my years of reading science fiction have helped prepare me emotionally for knowing Big Brother has been here for a long time now.

It's not Big Brother, it's intelligence gathering.

Like, look at the map or the lists some other articles will give you on the places it's mostly occurring and it's a who's who of other countries you'd expect an intelligence agency to be keeping an eye on.

[Fragile Bird]

Oh, I agree, the interest is in other places. But the capability is everywhere.

[A wilding]

Oh, I agree, the interest is in other places. But the capability is everywhere.

And the capacity is used everywhere as well. Reading the news will show that other targets are inconvenient politicians and people NSA staffers and the like think they might have a romantic interest in.

Anecdotally, the first time mobile phone hacking data was actually used was when an executive of a telecommunications company wanted evidence against his wife to divorce her.

[Fragile Bird]

Kaspersky has been releasing more reports. One assumes it's because they want to raise their profile in the West, since being located in Moscow automatically makes them a company others will not do business with.

They released a story about banks being hacked for millions, including one Russian bank that came to them that lost at least $300 M, and possibly as much as triple that amount.

In many ways, this hack began like any other. The cybercriminals sent their victims infected emails — a news clip or message that appeared to come from a colleague — as bait. When the bank employees clicked on the email, they inadvertently downloaded malicious code. That allowed the hackers to crawl across a bank’s network until they found employees who administered the cash transfer systems or remotely connected A.T.M.s.

Then, Kaspersky’s investigators said, the thieves installed a “RAT”— remote access tool — that could capture video and screenshots of the employees’ computers.

“The goal was to mimic their activities,” said Sergey Golovanov, who conducted the inquiry for Kaspersky Lab. “That way, everything would look like a normal, everyday transaction,” he said in a telephone interview from Russia.

.......

But the largest sums were stolen by hacking into a bank's accounting systems and briefly manipulating account balances. Using the access gained by impersonating the banking officers, the criminals first would inflate a balance — for example, an account with $1,000 would be altered to show $10,000. Then $9,000 would be transferred outside the bank. The actual account holder would not suspect a problem, and it would take the bank some time to figure out what had happened.

"We found that many banks only check the accounts every 10 hours or so," Mr. Golovanov of Kaspersky Lab said. "So in the interim, you could change the numbers and transfer the money."

The hackers' success rate was impressive. One Kaspersky client lost $7.3 million through A.T.M. withdrawals alone, the firm says in its report. Another lost $10 million from the exploitation of its accounting system. In some cases, transfers were run through the system operated by the Society for Worldwide Interbank Financial Telecommunication, or Swift, which banks use to transfer funds across borders. It has long been a target for hackers — and long been monitored by intelligence agencies.

http://www.cnbc.com/id/102426748

[rocksniffer]

i knew there was a reason i shunned technology...but now you have made me question my smart tv...damn the assholes that did this to me - made me addicted to the boobtube and then made it a window into my soul and private smoking room...

thanks for the heads up my dear Fragile Bird...

:smoking:

[Shryke]

And the capacity is used everywhere as well. Reading the news will show that other targets are inconvenient politicians and people NSA staffers and the like think they might have a romantic interest in.

Anecdotally, the first time mobile phone hacking data was actually used was when an executive of a telecommunications company wanted evidence against his wife to divorce her.

That's not actually what went down and also is not actually related to this story.

[awesome possum]

But.. but... if you have nothing to hide then you shouldn't be worried. Right? Wait, what's that smell? Is that bullshit?