Wochit
The NSA Hides Surveillance Software in Hard Drives

By Joseph Menn

SAN FRANCISCO (Reuters) - The U.S. National Security Agency has figured out how to hide spying software deep within hard drives made by Western Digital, Seagate, Toshiba and other top manufacturers, giving the agency the means to eavesdrop on the majority of the world's computers, according to cyber researchers and former operatives.

That long-sought and closely guarded ability was part of a cluster of spying programs discovered by Kaspersky Lab, the Moscow-based security software maker that has exposed a series of Western cyberespionage operations.

Kaspersky said it found personal computers in 30 countries infected with one or more of the spying programs, with the most infections seen in Iran, followed by Russia, Pakistan, Afghanistan, China, Mali, Syria, Yemen and Algeria. The targets included government and military institutions, telecommunication companies, banks, energy companies, nuclear researchers, media, and Islamic activists, Kaspersky said. (http://reut.rs/1L5knm0)

The firm declined to publicly name the country behind the spying campaign, but said it was closely linked to Stuxnet, the NSA-led cyberweapon that was used to attack Iran's uranium enrichment facility. The NSA is the agency responsible for gathering electronic intelligence on behalf of the United States.

A former NSA employee told Reuters that Kaspersky's analysis was correct, and that people still in the intelligence agency valued these spying programs as highly as Stuxnet. Another former intelligence operative confirmed that the NSA had developed the prized technique of concealing spyware in hard drives, but said he did not know which spy efforts relied on it.

NSA spokeswoman Vanee Vines declined to comment.

Kaspersky published the technical details of its research on Monday, which should help infected institutions detect the spying programs, some of which trace back as far as 2001.

The disclosure could further hurt the NSA's surveillance abilities, already damaged by massive leaks by former contractor Edward Snowden. Snowden's revelations have hurt the United States' relations with some allies and slowed the sales of U.S. technology products abroad.

The exposure of these new spying tools could lead to greater backlash against Western technology, particularly in countries such as China, which is already drafting regulations that would require most bank technology suppliers to proffer copies of their software code for inspection.

Peter Swire, one of five members of U.S. President Barack Obama's Review Group on Intelligence and Communications Technology, said the Kaspersky report showed that it is essential for the country to consider the possible impact on trade and diplomatic relations before deciding to use its knowledge of software flaws for intelligence gathering.

View gallery

In this June 6, 2013, file photo, the National Security Agency's Utah Data Center in Bluffdale, Utah …

"There can be serious negative effects on other U.S. interests," Swire said.

TECHNOLOGICAL BREAKTHROUGH

According to Kaspersky, the spies made a technological breakthrough by figuring out how to lodge malicious software in the obscure code called firmware that launches every time a computer is turned on.

Disk drive firmware is viewed by spies and cybersecurity experts as the second-most valuable real estate on a PC for a hacker, second only to the BIOS code invoked automatically as a computer boots up.

"The hardware will be able to infect the computer over and over," lead Kaspersky researcher Costin Raiu said in an interview.

Though the leaders of the still-active espionage campaign could have taken control of thousands of PCs, giving them the ability to steal files or eavesdrop on anything they wanted, the spies were selective and only established full remote control over machines belonging to the most desirable foreign targets, according to Raiu. He said Kaspersky found only a few especially high-value computers with the hard-drive infections.

Kaspersky's reconstructions of the spying programs show that they could work in disk drives sold by more than a dozen companies, comprising essentially the entire market. They include Western Digital Corp, Seagate Technology Plc, Toshiba Corp, IBM, Micron Technology Inc and Samsung Electronics Co Ltd.

Western Digital, Seagate and Micron said they had no knowledge of these spying programs. Toshiba and Samsung declined to comment. IBM did not respond to requests for comment.

GETTING THE SOURCE CODE

Raiu said the authors of the spying programs must have had access to the proprietary source code that directs the actions of the hard drives. That code can serve as a roadmap to vulnerabilities, allowing those who study it to launch attacks much more easily.

"There is zero chance that someone could rewrite the [hard drive] operating system using public information," Raiu said.

Concerns about access to source code flared after a series of high-profile cyberattacks on Google Inc and other U.S. companies in 2009 that were blamed on China. Investigators have said they found evidence that the hackers gained access to source code from several big U.S. tech and defense companies.

It is not clear how the NSA may have obtained the hard drives' source code. Western Digital spokesman Steve Shattuck said the company "has not provided its source code to government agencies." The other hard drive makers would not say if they had shared their source code with the NSA.

Seagate spokesman Clive Over said it has "secure measures to prevent tampering or reverse engineering of its firmware and other technologies." Micron spokesman Daniel Francisco said the company took the security of its products seriously and "we are not aware of any instances of foreign code."

According to former intelligence operatives, the NSA has multiple ways of obtaining source code from tech companies, including asking directly and posing as a software developer. If a company wants to sell products to the Pentagon or another sensitive U.S. agency, the government can request a security audit to make sure the source code is safe.

"They don't admit it, but they do say, 'We're going to do an evaluation, we need the source code,'" said Vincent Liu, a partner at security consulting firm Bishop Fox and former NSA analyst. "It's usually the NSA doing the evaluation, and it's a pretty small leap to say they're going to keep that source code."

Kaspersky called the authors of the spying program "the Equation group," named after their embrace of complex encryption formulas.

The group used a variety of means to spread other spying programs, such as by compromising jihadist websites, infecting USB sticks and CDs, and developing a self-spreading computer worm called Fanny, Kasperky said.

Fanny was like Stuxnet in that it exploited two of the same undisclosed software flaws, known as "zero days," which strongly suggested collaboration by the authors, Raiu said. He added that it was "quite possible" that the Equation group used Fanny to scout out targets for Stuxnet in Iran and spread the virus.

(Reporting by Joseph Menn; Editing by Tiffany Wu)

Related Video:

Billion dollar bank fraud: How cyber thieves target world financial houses

Ukraine Crisis in Maps

Already battered and giving ground after the conflict flared up a month ago, and fighting against forces they and Western governments say include the Russians, Ukrainian soldiers had been trying at least to hold onto their supply line until the cease-fire took effect, at midnight Saturday. It seems increasingly evident that they failed, putting the agreement in doubt.

Previously, this section of road was known to be mined and within range of rebel artillery, though not occupied by rebel soldiers. The video, with a backdrop of blown-up tanks and dead Ukrainian soldiers, appeared to show Russian-backed militants on the road near Logvinovo, about five miles from Debaltseve.

Paris (AFP) - Environmental scientists raised concern Monday at rising levels of gases that attack Earth's protective ozone layer, including manmade chemicals not covered by a key UN treaty.

Researchers at Leeds University in northern England said two computer models highlighted the impact of so-called "very short-lived substances" -- VSLS -- that deplete the stratospheric shield.

The damage they do to the ozone layer is significant and likely to increase, they said, as emissions of man-made chlorine gases rise.

Ironically, one of the chemicals named in the report, dichloromethane, is used in the manufacture of substitutes for ozone-depleting gases outlawed by the UN's 1987 Montreal Protocol.

VSLS are gases that have a short lifetime, usually breaking down in less than six months.

They are not covered by the landmark Montreal Protocol that requires the phaseout of longer-lasting chlorofluorocarbon (CFCs) and halon gases.

"Our model simulations indicate that VSLS account for a significant portion of ozone loss in the stratosphere," lead investigator Ryan Hossaini told AFP by email.

"In the Antarctic region, where the ozone hole forms each year and where ozone decreases are the most dramatic, we estimate that VSLS account for about 12.5 percent of the total ozone loss.

"Globally averaged, the ozone loss due to VSLS in the lower stratosphere could be as much as 25 percent, though it is much smaller at higher altitude."

Around 90 percent of VSLS are natural -- they are bromine compounds produced by seaweed and the ocean's phytoplankton.

View gallery

Ozone is a three-atom molecule of oxygen which at ground level, as a byproduct of traffic pollution, …

The rest is man-made chlorine gases, and their contribution to the VSLS total is rising fast.

"Dichloromethane appears to be one of the most abundant man-made VSLS that we know of," said Hossaini.

Compared with the notorious CFCs, dichloromethane's impact today is small. The computer models suggest it reduces the ozone layer by less than one percent, he said.

"However, our study also shows that the atmospheric concentration of dichloromethane has increased dramatically in recent years," said Hossaini.

"At some locations its atmospheric concentration has doubled since the late 1990s."

The study, published in the journal Nature Geoscience, looked at two decades of raw data provided by the US National Oceanic and Atmospheric Administration (NOAA).

Ozone is a three-atom molecule of oxygen. At ground level, as a byproduct of traffic pollution, it can be a dangerous respiratory irritant.

- Ozone defence -

But in the stratosphere, a layer that lies between 10 and 50 kilometres (six to 52 miles) in altitude, it is a life-saver: it filters out harmful ultraviolet light that can cause skin cancer and cataracts and damage crops.

The ozone "hole" -- in reality, a thinning -- occurs naturally because of extreme cold.

But it is also eroded by man-made chlorine compounds such as coolants in air conditioners and refrigerators, insulation foams and propellants in hair sprays.

Most of these are being phased out under the Montreal treaty, which has been ratified by all 197 UN members.

Last September, UN agencies said the ozone was "well on track" for recovery by mid-century, although fixing it over Antarctica would take longer.

Some of the progress, though, would be offset if VSLS continue to increase, the paper said.

It was unclear whether global warming would hasten VSLS emissions by unlocking ocean sources, Hossaini said.

The gases were, however, not contributors to the greenhouse gas effect, which is separate from the ozone hole as an environmental problem.

Instead, VSLS exert an indirect cooling impact through the ozone loss.

ABC News Videos
Icy Roads Make for Dangerous Driving Conditions

By Elizabeth Barber

BOSTON (Reuters) - Record-breaking cold gripped the eastern United States while an icy winter storm crippled the nation's central states and then plowed into the mid-Atlantic, dumping snow and forcing federal offices in Washington, D.C. to close on Tuesday.

Heavy snowfall and ice moving eastward from the Southern Plains pounded Missouri, Arkansas, southern Illinois, Tennessee, Kentucky, Indiana and Ohio, the National Weather Service said.

With the storm headed east and sleet and freezing rain expected to also take a swipe at the South, states of emergency were declared in North Carolina, Virginia, Mississippi, Georgia, Kentucky, as well as in Washington, D.C.

The U.S. Office of Personnel Management announced on its web site that federal offices are closed in D.C. Fort Knox, a U.S. Army post south of Louisville, Kentucky, also will be closed on Tuesday due to weather and road conditions, it said on its website.

Airlines canceled nearly 2,600 U.S. flights, with the hardest hit airports in North Carolina and Tennessee.

View gallery

Pedestrians walk along snow covered, MBTA subway rails on Commonwealth Avenue in Boston, Massachuset …

Freezing rain encased Tennessee in ice, closing roads, schools and tourist attractions, including the home of the king of rock 'n' roll, Elvis Presley's Graceland mansion in Memphis.

Sleet in Arkansas shut schools and Governor Asa Hutchinson told nearly all government workers to stay home.

Cars skidded off roads near Louisville, Kentucky, where there were six times the usual number of accidents and a fleet of more than 1,000 snow plows tried to clear slick roads, officials said.

"It's been all hands on deck," said Chuck Wolfe, spokesman for the Kentucky Transportation Cabinet.

Citing nasty weather, Kentucky's state legislature said it would not reconvene until Wednesday at the earliest.

View gallery

A woman stands in severe cold as steam from a street vent blows over her on West 33rd Street in midt …

The storm dumped 10 inches (25 cm) of snow on Cincinnati and then headed east to Washington, D.C., slamming the nation's capital with heavy snow that could pile as high as 12 inches, said NWS meteorologist Brian Hurley.

"Washington and Baltimore, that's where the bull's-eye's going to be," Hurley said.

Slippery roads in western Pennsylvania on Monday were blamed for a collision between a van and a school bus carrying 13 students about 60 miles (95 km) southeast of Pittsburgh, state police said. Several people were hurt, although the extent of the injuries was unknown.

About 50 million Americans were under wind chill advisories as the mercury plunged to new depths, breaking records in New York City, where it was 5 degrees Fahrenheit (minus 15 Celsius), breaking the previous record for Feb. 16 of 9 degrees Fahrenheit in 2003, and Washington, D.C., where it was 6 degrees Fahrenheit, compared with 11 degrees Fahrenheit recorded in 1987, said Hurley.

The weather front, expected to reach Boston by Wednesday, follows a weekend storm that dumped 16 inches, making it the snowiest February in the city's history. In the scramble to clear snow on Monday before the next round arrives, one person died while shoveling in Brighton and prison inmates from the Massachusetts Department of Corrections were put to work clearing mass transit rail lines.

"The heaviest stuff will be close to the coast in eastern Massachusetts," Hurley said.

The new storm will be followed by another arctic front, bringing frigid cold to the eastern United States by Thursday or Friday, Hurley said.

(Writing by Barbara Goldberg in New York; Additional reporting by Timothy Ghianni in Nashville, Steve Bittenbender in Louisville, Steve Barnes in Little Rock, Kim Painter in Cleveland, Colleen Jenkins in Winston-Salem, N.C., Elizabeth Daley in Pittsburgh and Mary Wisniewski in Chicago; Editing by Marguerita Choy, Steve Orlofsky and Clarence Fernandez)

Wochit
North Korea Threatens Strong Response to Rights Meeting, Says US Ignored Its Request to Attend

UNITED NATIONS (AP) — North Korea says it will respond "very strongly" to a conference in Washington on Tuesday about its widespread human rights abuses and says the United States ignored Pyongyang's offer to attend and defend itself. Puzzled conference organizers said the event was open to the public.

North Korea's U.N. Ambassador Jang Il Hun told reporters Monday his country has asked the U.S. government to "immediately scrap the so-called conference" hosted by the nonprofit Center for Strategic & International Studies. Speakers include Robert King, the U.S. special envoy for North Korean human rights issues.

Victor Cha, Korea chair at CSIS, said he was not sure what Jang was referring to. "We issued no specific invitations to anyone," he said.

Nuclear-armed North Korea has been on the defensive ever since a groundbreaking U.N. commission of inquiry detailed vast rights abuses there. International pressure behind last year's report led the U.N. Security Council to place the issue on its agenda of matters of international peace and security.

Jang said he sent a formal request to his counterpart in the State Department and that the counterpart responded that the conference was not a government one. "That means our request was denied," Jang said.

North Korea and the United States do not have formal diplomatic relations, but Jang is tasked with communicating through the so-called "New York channel" that the country's U.N. mission uses to reach out to U.S. officials. Jang said his communication to the U.S. was only about the conference.

View gallery

North Korea's U.N. Ambassador Jang II Hun, left, is seated between North Korea's mission con …

The U.S. restricts North Korean diplomats to traveling within a 25-mile (40-kilometer) radius of midtown Manhattan, and they must request permission to go farther.

The State Department said the conference was a privately organized event.

North Korea has repeatedly said the U.S. uses the human rights issue as a pretext to overthrow it, and it has started demanding that the U.S. should instead look into the CIA's "torture crimes."

The U.N. General Assembly in December approved a resolution that urged the council to refer North Korea's human rights situation to the International Criminal Court, and the head of the commission of inquiry has written to North Korean leader Kim Jong Un warning that he could be held accountable for crimes against humanity.

"We are not guilty of any crime," Jang said Monday, smiling.

But alarmed by anything targeting their young leader, North Korean diplomats briefly proposed last year that the U.N. high commissioner for human rights could visit their country if the U.N. resolution would drop the language about Kim and the ICC.

Jang on Monday told reporters that the opportunity had passed. "Once it's gone, we have to start all over again," he said.

Jang also has said his foreign minister was not allowed to attend a meeting with Secretary of State John Kerry and other diplomats about North Korea's human rights during the U.N. General Assembly of world leaders last fall.

Another organizer of Tuesday's conference, Greg Scarlatoiu with the Washington-based Committee for Human Rights in North Korea, said he had not heard from North Korea about it. "I find it encouraging that North Korea is paying attention to a conference commemorating one year since the release of the report, since they've been unwilling to accept the commission of inquiry," he said.

Festivities to mark birthday of North Korea's late leader Kim Jong Il (video)