U.S. Spying Worldwide Via Embedded Malware, Claims Russian Cybersecurity Firm

The U.S. is spying on a global scale by embedding software inside the hard drives made by major manufacturers.

That’s the claim of Kaspersky Lab, a Moscow-based cybersecurity firm responsible for exposing a number of cyberespionage operations led by the West.

Reuters has reported that the U.S. National Security Agency (NSA) has been hiding spyware within drives made by Western Digital, Seagate, Toshiba and others, enabling the agency to suck in data from most of the world’s computers.

The NSA is an agency dedicated to gathering electronic intelligence on behalf of the United States.

Kaspersky Lab said evidence of spying has been found personal computers across 30 countries infected with one or more of the spying programs. Most instances have been found in Iran, followed by Russia, Pakistan, Afghanistan, China, Mali, Syria, Yemen and Algeria.

Spying targets have been said to include government and military institutions, nuclear researchers, Islamic activists, banks, telecoms firms and energy companies.

Kaspersky published technical details of the research on Monday, which promises to help those infected detect the programs, some of which trace back as far as 2001.

While it stopped short of publicly naming the country behind the spying campaign, Kapersky was closely linked to Stuxnet. This was an NSA-led cyberweapon used to attack Iran’s uranium enrichment facility.

These fresh spying revelations are not good news for the NSA. The agency is still smarting from the leaks of former contractor Edward Snowden, whose actions damaged U.S. relations and slowed overseas sales of American technology products. Sales are likely to be slowed further, if a backlash against Western technology results from Kaspersky’s report.

In China, regulations are being drafted that require most banking technology suppliers to provide copies of software code for inspection. Spying sensitivity of this kind will only increase.

NSA has declined to comment on the report.

Some might speculate that the Kaspersky spying report has been encouraged by Russian authorities, keen to offer the U.S. some form of reprisal in return for their part in trade sanctions imposed over the conflict in Ukraine.

Peter Swire is one of five members of President Barack Obama’s Review Group on Intelligence and Communications Technology. He issued what could be considered a damage limitation statement, and a public slap on the wrist for the NSA. Swire said the Kaspersky report showed it is essential for the country to consider the possible impact on trade and diplomatic relations, before deciding to use its knowledge of software flaws for intelligence gathering.

“There can be serious negative effects on other U.S. interests.”

How far the spyware has reached, and how effective it has been will probably never be known. But it’s a reasonable deduction that U.S. spying certainly exists throughout the cyberworld, with various degrees of malicious intent, and will do so indefinitely.

[Image – Jim Urquhart / Reuters]