A report released Monday by Russian software company Kaspersky Lab finds that more than 500 computers in 30 countries have been infected by a new form of malware.
Security researchers say it is the first time hackers have used a method of reverse engineering to hack into the computers’ hard drives, or “firmware,” code that operates beneath the surface of a device. Because of the hack’s scope, sophistication, targeted nature and similarities to the Stuxnet attack on Iranian centrifuges, security researchers suspect it is the work of a state actor such as the National Security Agency.
The hack targeted hard drives made by more than a dozen companies, essentially the entire hard drive market.
Stephen Cobb, senior security researcher at ESET North America, says that hacking firmware can be particularly effective because it is so hard to eliminate.
It’s also particularly challenging to do, says Jean Taggart, security researcher at Malwarebytes. “Doing this on just one brand of hard drive would be an almost Herculean task,” he says. “You have to understand the hardware as well–if not more–than the original manufacturer.”
Vincent Liu, a former NSA analyst and partner at security consultancy Bishop Fox, says the hard-drive makers will now have to pay not only to secure their systems, but to demonstrate that security to foreign customers.
We’re here to help you navigate this changed world and economy.
Our mission at Marketplace is to raise the economic intelligence of the country. It’s a tough task, but it’s never been more important.
In the past year, we’ve seen record unemployment, stimulus bills, and reddit users influencing the stock market. Marketplace helps you understand it all, will fact-based, approachable, and unbiased reporting.
Generous support from listeners and readers is what powers our nonprofit news—and your donation today will help provide this essential service. For just $5/month, you can sustain independent journalism that keeps you and thousands of others informed.