Kaspersky Breaks the Ice: The NSA Owns You
It was just over twelve hours ago now when I reported that the NSA has reportedly got an all-seeing eye within the firmware of hard drives made by the biggest storage giants on the market. Well, this should alarm you, and we should really be asking many more questions than sitting here and doing nothing.
Right now, the entire media is fixated on various issues going on around the world for their 1-2 week attention spans, with most of the stories lasting just a few days. The current 'scandal' of the last few weeks has been about the measles outbreak from Disneyland in California and the entire vaccine discussion is now back to being a massive, massive topic. Well, there's something else we should be talking about - and while President Obama has come out urging parents to vaccinate their children.
Now, you might be thinking, "what the hell does this have to do with backdoors on HDD firmware?" and you'd be right - but this is my point. The media is full of distractions, with the Obama administration feeling the need to have the most powerful man on Earth come out and make a statement regarding the measles, but where is he when the largest storage companies in the world have the National Security Agency installing secret backdoors into their HDDs? This is where the questions begin.
I'm going to expect a huge reaction from the opening paragraphs, but you know what - bring it on. Flame me. Berate me. Insult me. This story from Kaspersky deserves a knee-jerk reaction, and it deserves attention-grabbing headlines and some serious discussion into the future of how we do things, in various markets and subjects.
Of all the countries in the world, the Moscow-based Kaspersky Lab were the ones to break the news of the NSA and its secret backdoors into our private lives. Worse yet, Kaspersky has said that it has found PCs in over 30 countries have been 'infected' with these "spying programs" in countries like Iran, Russia, Pakistan, Afghanistan, China, Yemen and more.
Isn't it funny, that most of these countries that have been digitally infiltrated, are of interest to the United States? And that the NSA, is the United States' spy agency? Here's where you need to grab that tin foil hat, and place it on your head. Most people from here on out are going to be split down the middle. There are going to be those who believe that this isn't as bad as people like me are making it out to be, and then there are going to be those who believe in privacy who are going to be up in arms. Before we go into that, let's clarify what Kaspersky has found here.
The targets of the NSA's all-seeing backdoor included "government and military institutions, telecommunication companies, bank, energy companies, nuclear researchers, media and Islamic activists" according to Reuters. Kaspersky has yet to have named the country behind the spying campaign, but we can all guess which country it would be. The Russian software giant has said that the country responsible has close ties to Stuxnet, which is what the NSA built to attack Iran's uranium enrichment facility.
The NSA Needs to be Held Accountable, and Brought to Justice
Former NSA Employee Admits Kaspersky's Analyst Was Correct
The National Security Agency needed to be reined in when NSA contractor Edward Snowden blew the whistle on its overreaching spying programs two years ago, but instead it seems to have continued plotting along vacuuming up as much data on the people, governments, corporations and companies of the world.
Reuters' report on the story has a former NSA employee saying that Kaspersky's analyst was indeed correct, and that people within the US spy agency value these spying programs as highly as Stuxnet. Another "former intelligence operative" also confirmed with Reuters that the NSA has developed an elaborate technique of baking spyware into hard drives, which is what we're slowing learning about right now.
Reuters then loses me by reporting that "the disclosure could further hurt the NSA's surveillance abilities, already damaged by massive leaks by former contractor Edward Snowden". The article continues, saying that "Snowden's revelations have hurt the United States' relations with some allies and slowed the sales of US technology products abroad".
Now which American company's product sales have been slowed exactly? Apple is making more money than ever, shipping more iPhones than ever. Google is selling more Android-based devices than ever, Microsoft is swinging right back into the game, Facebook has over one billion monthly active users - to the everyday person, American companies are doing just fine.
What needs to be addressed here, is that the NSA is a part of the US government. In a way, the US government has been busted spying on other countries, by providing them with malware in their HDDs. This is worse than an actual hack on their networks and systems, as it's a much more elaborate. In Kaspersky's words, the malware "surpasses anything known in terms of complexity and sophistication of techniques, and that has been active for almost two decades". Scary stuff.
President Obama needs to come out on national TV right now and address this, bringing the NSA and its far-reaching powers to a close. Do we remember how the US reacted to Sony being hacked by North Korea over 'The Interview' movie? Obama was quick to impose sanctions against North Korea in a response by the Obama administration to the hack against Sony, but Obama is nowhere to be seen when his own government is using taxpayers' money to spy on countless countries and possibly hundreds of millions, if not billions of people.
At the time, President Obama signed an executive order that saw the US Treasury taking action against North Korea, with Treasury secretary Jack Lew saying in a statement "Today's actions are driven by our commitment to hold North Korea accountable for its destructive and destabilizing conduct". Now, I would consider having backdoor access to virtually all PCs in the world "destructive" and "destabilizing", wouldn't you?
Storage companies 'Have No Knowledge' of these Spying Programs
Of Course They Don't
Storage companies have all said that they have no knowledge of these spying backdoors from the NSA, but whoever installed the backdoors into these HDDs must have had access to every company's proprietary source code.
Kaspersky research Costin Raiu said in an interview that "there is no chance that someone could rewrite the [hard drive] operating system using public information". This means that the HDD companies were either completely complicit and are lying to save their own skin - as this could go very bad for them, being brought up on severe legal charges, or their companies getting slammed on the stock market.
No one knows how the NSA could've obtained the source code, but this fact alone is worse than anything North Korea did to Sony, but we're not seeing any action from the Obama administration over this. No sanctions on the NSA, no mainstream media blasting its message to the people. Nothing.
Western Digital and Seagate have had spokespeople come out and discuss the matter in a few words, with WD spokesman Steve Shattuck saying that the company "has not provided its source code to government agencies", while Seagate spokesman Clive Over said that it has "secure measures to prevent tampering or reverse engineering of its firmware and other technologies". But guys, it doesn't matter - your products have been infiltrated. The United States government has somehow done the impossible, and you need to come out and change it.
But, you know what? There's no use. Again, this may be an alarming 'opinion editorial' piece - but there is plenty of fact here. Sure, storage companies can come out and say that they didn't provide their willing help in providing source code or other proprietary information, but the United States government did.
These storage giants have worked for decades to build the trust of the people, allowing consumers to store copious amounts of their precious, personal data on their consumer HDDs. Most people encrypt, or password protect their systems and storage - but why bother when there's a backdoor from the United States government on it? You can't erase it. You can't delete it. You can't get around it. It's operating system agnostic. It's in the firmware.
Not only are consumers being hit, but nuclear plants, governments, military installations and many more have these HDDs installed with an all-seeing eye attached.
Vincent Liu, a partner at security consulting firm Bishop Fox and a former NSA analyst has said that the NSA has many different ways of securing source code from these companies. They can either ask them directly, or pose as a software developer. This way, if a company wants to sell its products to the Pentagon, or another US agency, the government can request a security audit to make sure the source code is 'safe'. Ironic, isn't it?
Liu said "they don't admit it, but they do say, "We're going to do an evaluation, we need the source code". He added that "it's usually the NSA doing the evaluation, and it's a pretty small leap to say they're going to keep that source code". This is where it gets kind of ironic, funny, and quite scary as NSA spokeswoman Vinee Vines says that the NSA complies with the law and the White House directives to protect the United States and its allies 'from a wide array of serious threats'. Because infecting the HDDs and breaking countless privacy laws at home, and abroad, is a great idea.
Where to From Here?
The Future is Unsecure, Unknown and Not So United
This story is really only just breaking now, so we don't have the full picture. What I've written here today is a bunch of facts that we already know about, with an injection of personal opinion. We all need to be aware of this, because the US government is getting away with something that is very serious.
Does anyone remember Watergate? What happened to the Nixon administration following that? What gives the Obama administration the idea that this is anywhere near justified? There have been no serious attacks on the United States since 9/11, but plenty of expensive wars that suck up over 50% of taxpayers' money on wars overseas.
Internally, the United States is spying on all of its citizens with its various spying systems, drones, cameras, backdoors into smartphones and now HDDs. Then this spying extends overseas into various governments, military installations, corporations and much more. Using the term "all-seeing eye" is very appropriate for this system, as that's what it effectively is.
The US government has an all-seeing eye that uses its various technologies, companies, and power to spy on virtually anything connected to the Internet. We have drones and satellites that can zoom right down to the newspaper you're reading in your backyard, constantly advancing front-facing cameras and TVs that spy on us, backdoors into our smartphones and tablets - and now HDDs. This is on a consumer level.
At a corporate and government level, the US government spies with much more accuracy and bias than any other country. But when North Korea or China are to have reportedly - as reported by the mainstream media in the United States - hacked or spy on the United States, then it's game on. The US goes on attack, and is throwing sanctions and executive orders all over the place. But when it's found out that the US is using its power to spy on the world, nothing is said.
There needs to be an instant public statement from the Obama administration, and from Barack Obama himself. The NSA needs to be ripped apart, and its powers neutered. Sure, the US still needs a spy agency - but not a spy agency that bakes spying backdoors into HDDs across the world.
The storage companies need to come out and admit that they were complicit in a way - and if you think I'm crossing a line by saying that - really think about it. Do these companies really not know what's going on? Do we really want to sit here and think that storage companies ship ever increasingly larger HDDs on mass scale, without knowing what's going on? Their IP has been breached - they should be taking the NSA to court, right now.
But nothing like that is happening, and that's for a reason. We've just been introduced to NSA Revelations 2.0, but because there's no American behind it like Snowden, there's no boogeyman to have paraded around on the media. Not that the media really want to come out and tell the world that the entire security sector and privacy market has changed overnight, for the worse.
If you thought your data was safe - you were wrong.