Report: NSA Hacked Hard Drive Firmware for Spying

John Lister's picture

The US government has been accused of embedding spyware directly onto hard drives using secret manufacturer information. Russian security software manufacturer Kaspersky Lab made the claims, and stem from its efforts to find and eliminate malicious software. Kaspersky says officials appear to have only used the spyware to target specific, foreign-based individuals.

Kaspersky says that the spyware is part of an operation controlled by the National Security Agency (NSA), under the name Equation Group. It claims the NSA figured out how to put spying software in the firmware of hard drives made by the likes of Seagate, Toshiba and Western Digital. (Source:

Device Firmware Among Prime Hacker Prizes

Firmware is software directly embedded into a device which allows it to operate. With hard drives, the firmware is completely separate from the operating system (Windows), or any programs which run under the operating system. Hackers highly prize the ability to access device firmware, as it runs whenever the relevant device is powered on, and is often not seen by antivirus or antimalware programs.

In this case, the compromised hard drive firmware would have run before Windows or any antivirus started up. That would give the spies almost unlimited abilities to access data and activity on the computer without being noticed.

It's not known exactly how many hard drives were compromised, though it's suggested that the Equation Group has been operating for the last 14 years. The operation appears to have been a highly targeted, as the computers Kaspersky discovered to be infected were concentrated in countries known to be of particular interest to US intelligence. The affected countries include Iran, Russia and China, and were mainly based in organizations such as government, military, financial and telecommunications groups.

The move is still likely to be hugely controversial, as it may have created the risk of criminals getting access to the hacked firmware and being able to steal personal data from the wider population. The hacked firmware follows the Stuxnet case, where the US and Israeli government reportedly created and spread malicious software across millions of Windows computers with the specific aim of targeting machines operating Iranian nuclear equipment.

Spies May Have Accessed Source Code

The NSA refuses to comment on the claims, though Reuters says a former NSA employee has confirmed they are broadly correct. (Source:

Technical experts say the only way somebody could hack the firmware would be with access to the hard drive source code, which controls how the hard drive operates on a low level. Such code is considered highly confidential and a major commercial asset.

No hard drive manufacturer has publicly confirmed supplying source code to the NSA. One theory is that officials may have said they wanted to use particular manufacturers as a government supplier, and demanded access to the source code under the guise of carrying out a security audit.

What's Your Opinion?

Do you believe it's likely that the US government is responsible for embedding spyware directly onto hard drives using secret manufacturer information? If so, do you think it is a legitimate cyber security operation, or does it go too far and put ordinary computer users at risk?

Rate this article: 
Average: 5 (11 votes)


edjbaxter_3688's picture

Even if the hdd firmware was 'hacked' you would still need to access the hdd from an OS in order to retrieve data. An HDD does not have the ability by itself to transmit data, just by being powered on. I find this story rather ludicrous.

hybridauth_Google_111273332135951939051's picture

@ edjbaxter 3688,
Even if the firmware was hacked ...
If low rent hacks can hack firmware on USB flash drives, what makes you think a barely held accountable gov. agency with all their resources can't do what they did to the telecommunications industry and search engines (made them give access points to all of their data for monitoring and then gave them Federal shut-up or go to jail orders) can't coerce a hard drive manufacturer into upping the source code under the guise of national security¿
"Need to access the drive from an operating system" WOW, vs what, a dust mop
The content and caliber of your remarks makes you sound like a gov. shill trying to dispel allegations. If you actually believe your rhetoric then, you probably also believe Star Trek was filmed on "remote location"
The biggest thing the NSA is doing wrong is not keeping a better lid on my/yours/their business. There are a lot of idiots out there that want to do harm to the western world and Christians. The NSA needs to step it up. We can't count on Mr. "I will have the most transparent presidency there ever was" Obama to do anything strong willed on our behalf.

georgegrimes's picture

"Need to access the drive from an operating system" WOW, vs what, a dust mop
[End quote]

My degree is a B.S. in Electrical Engineering but these days I write code for a living and I am familiar with the amount of code necessary to communicate via network protocols. The last time I looked at the size of the memories used for the disk firmware, they weren't large enough to hold this code, plus the code required to do their REAL job (controlling the disk).

I do not work for and have never worked for the NSA. I do not approve of their programs to spy on citizens. Nevertheless, when I make charges against them, the charges are at least technologically possible.

georgegrimes's picture

@edjbaxter 3688, until today I had missed the part about the NSA diverting shipments to their facility for modification. Assuming that is true, my objections above go away. Given that opportunity, I could make them do what has been charged, including reporting back data without being accessed by the OS.
Mea culpa.