Where debating everything under the sun is only the beginning

The U.S. National Security Agency has figured out how to hide spying software deep within hard drives made by Western Digital, Seagate, Toshiba and other top manufacturers, giving the agency the means to eavesdrop on the majority of the world's computers, according to cyber researchers and former operatives.

Raiu said the authors of the spying programs must have had access to the proprietary source code that directs the actions of the hard drives.
"There is zero chance that someone could rewrite the [hard drive] operating system using public information," Raiu said.

Western Digital, Seagate and Micron said they had no knowledge of these spying programs. Toshiba and Samsung declined to comment. IBM did not respond to requests for comment.

Reuters) - A sophisticated piece of spyware has been quietly infecting hundreds of government computers across Europe and the United States in one of the most complex cyber espionage programs uncovered to date.

Several security researchers and Western intelligence officers say they believe the malware, widely known as Turla, is the work of the Russian government and linked to the same software used to launch a massive breach on the U.S. military uncovered in 2008.

It was also linked to a previously known, massive global cyber spying operation dubbed Red October targeting diplomatic, military and nuclear research networks.

Those assessments were based on analysis of tactics employed by hackers, along with technical indicators and the victims they targeted.

"It is sophisticated malware that's linked to other Russian exploits, uses encryption and targets western governments. It has Russian paw prints all over it," said Jim Lewis, a former U.S. foreign service officer, now senior fellow at the Center for Strategic and International Studies in Washington.

Kaspersky Lab researcher Kurt Baumgartner said he believes Turla and Agent.BTZ are related to Red October, which suddenly shut down after his firm reported on it in January 2013.

The malware is a "root kit" that hides the presence of the spying operation and also creates a hidden, encrypted file system to store stolen data and tools used by the attackers, he said. Those tools include password stealers, tiny programs for gathering information about the system and document stealers.

The operators can download specialized tools onto an infected system, adding any functionality they want by including it in the encrypted file system, Blasco said.

They have used dozens of different "command and control" servers located in countries around the world to control infected systems, according to Symantec, whose researchers have helped identify and shut down some of those systems.

Researchers say Turla's code is regularly updated, including changes to avoid detection as anti-virus companies detect new strains. BAE said it had two samples created in January 2014.

Take care, your hardware is watching you.