SoylentNews is people
SoylentNews
All of you knew that it could only get worse:
Kaspersky malware probers have uncovered a new 'operating system-like' platform that [they claim] was developed and used by the National Security Agency (NSA) in its Equation spying arsenal. The EquationDrug or Equestre platform is used to deploy [an estimated] 116 plug-in modules to target computers that can siphon data and spy on victims. So far, only 30 modules have been identified.
"It's important to note that EquationDrug is not just a trojan, but a full espionage platform, which includes a framework for conducting cyber-espionage activities by deploying specific modules on the machines of selected victims," Kaspersky researchers say in a report.
The article goes on to explain that Kaspersky further believes that the software is part of the "NSA's campaign to infect hard disk firmware". There is considerably more detail in the article.
I think I am going to get my old manual typewriter out of the garage, get a new ribbon, use U.S. Mail instead of e-mail, and buy more ink for my fountain pens.
(Score: 2) by datapharmer on Monday March 16 2015, @02:33PM
It is unlikely this would be helpful as the password on FIPS drives is essentially just used to unlock the real key which is stored on the drive. If you are infecting the hardware you can just wait until after the drive is unlocked to insert your poison pill. I think a better defense would be to use very new technologies that they might not have an infection vector for yet and hope to stay ahead of their development curve but even that is a questionable tactic given their infiltration of manufacturing and trade organizations. Typewriter or punch cards might be the better option.
(Score: 2) by kaszz on Monday March 16 2015, @02:45PM
If the malware inside the harddisk controller inside the drive doesn't have any influence of the data sent to and from the host it will essentially be toast. And of course no key should be stored on the drive. So when the malware alter the data transferred from the platter to the host, decryption will sense bad checksum and alert the operator. Or even correct it on the fly..
The next step is to prevent the computer from accessing the harddrive controller in a malicious way so it can't be infected either.
(Score: 0) by Anonymous Coward on Monday March 16 2015, @02:57PM
For all your encryption needs just use systems that aren't attached to the Internet.
(Score: 2) by kaszz on Monday March 16 2015, @03:26PM
Malware can still find its way through USB-memories, silently enabled WiFi, acoustic link etc..
(Score: 2) by Dunbal on Monday March 16 2015, @05:24PM
If they want to know what you're doing, they can read your keystrokes AND your monitor output through your power cable.
(Score: 2) by Geotti on Tuesday March 17 2015, @03:44AM
Just use a netbook [instructables.com] (the big case should be the battery for weeks of uptime).
(Score: 0) by Anonymous Coward on Monday March 16 2015, @03:02PM
Typewriter or punch cards might be the better option.
Old school, 'ey? This [wikipedia.org] is what I first programmed with.
(Score: 2) by zeigerpuppy on Tuesday March 17 2015, @01:16AM
I was wondering along similar lines, whether using ZFS would help.
ZFS generally tries to get low level (block) access to the drive and it does consistency checks via checksums on blocks read and written.
I think with ZFS it would be hard to inject data unless the software was also faulty.
(Score: 2) by wantkitteh on Tuesday March 17 2015, @05:28AM
Elsewhere in these comments, I've theorised on the infection method having to support the file system (and encryption method) of any drive it infects to make sure it'll maintain integrity after the change in reported drive geometry. ZFS won't make any difference as far as detected the problem goes, but it's advanced features would certainly make it more of an engineering challenge to implement this malware on and it's not exactly the most used FS in the world - certainly as far as desktop systems go - so I'd certainly say a system booting from ZFS would be near the bottom of the list when considering likelihood of infection at a later date. Damnit Apple, why did you have to cancel ZFS support?
(Score: 2) by wantkitteh on Tuesday March 17 2015, @05:22AM
If you consider how a piece of malware like this would actual infect a system, it's pretty obvious that the OS is booted and the encryption key has been entered prior to the HDD firmware being subverted. The malware that annexes this storage area will have to deal with adaptations to the file system to maintain system integrity. Given the level of sophistication in play here, I don't think it's too much to expect full-drive encryption techniques to be subjected to the same kind of integrity preservation techniques - there's a good chance this all would have been discovered earlier if infected systems with encrypted drives started falling over and dying for no reason.