Catalog of NSA compromised equipments

[Lennart Sorensen]

On Mon, Dec 30, 2013 at 09:20:22PM -0500, James Knott wrote:
> William Muriithi wrote:
> >
> > Another program attacks the firmware in hard drives manufactured by
> > Western Digital, Seagate, Maxtor and Samsung, all of which, with the
> > exception of latter, are American companies. Here, too, it appears the
> > US intelligence agency is compromising the technology and products of
> > American companies.
> >
> 
> One would assume they want to collect info.  How does a hard drive
> communicate anything back to the NSA?  That would require the drive to
> send the data via the SATA port, through the IP stack and then out the
> NIC.  How is that possible?

Seems what they do is have the firmware provide alternate boot code in
the master boot record (sector 0) to the system right after power on,
and then after the system boots, they go back to showing the original
code that the system expects so you can't detect it from a virus scanner.

I guess this is one place secure boot would actually help, except the
NSA probably has access to signing their code with microsoft's key.

Using secureboot with your own signed code and certificates on the other
hand could actually be helpful.

So the harddisk firmware isn't sending data or collecting it, it is
just providing a way to hijack the boot process early on in a hard to
detect manner and nearly impossible to exterminate manner.

-- 
Len Sorensen
--
The Toronto Linux Users Group.      Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists