Close Menu
TechCentralTechCentral

    Subscribe to the newsletter

    Get the best South African technology news and analysis delivered to your e-mail inbox every morning.

    Facebook X (Twitter) YouTube LinkedIn
    WhatsApp Facebook X (Twitter) LinkedIn YouTube
    TechCentralTechCentral
    • News

      Vodacom’s Maziv deal gets makeover ahead of crucial hearing

      18 July 2025

      Cut electricity prices for data centres: Andile Ngcaba

      18 July 2025

      Takealot taps Mr D to deliver toys, pet food and future growth

      18 July 2025

      ‘Oh, Ani!’: Elon’s edgy bot stirs ethical storm

      18 July 2025

      Trump U-turn on Nvidia spurs talk of grand bargain with China

      18 July 2025
    • World

      Grok 4 arrives with bold claims and fresh controversy

      10 July 2025

      Samsung’s bet on folding phones faces major test

      10 July 2025

      Bitcoin pushes higher into record territory

      10 July 2025

      OpenAI to launch web browser in direct challenge to Google Chrome

      10 July 2025

      Cupertino vs Brussels: Apple challenges Big Tech crackdown

      7 July 2025
    • In-depth

      The 1940s visionary who imagined the Information Age

      14 July 2025

      MultiChoice is working on a wholesale overhaul of DStv

      10 July 2025

      Siemens is battling Big Tech for AI supremacy in factories

      24 June 2025

      The algorithm will sing now: why musicians should be worried about AI

      20 June 2025

      Meta bets $72-billion on AI – and investors love it

      17 June 2025
    • TCS

      TCS+ | Samsung unveils significant new safety feature for Galaxy A-series phones

      16 July 2025

      TCS+ | MVNX on the opportunities in South Africa’s booming MVNO market

      11 July 2025

      TCS | Connecting Saffas – Renier Lombard on The Lekker Network

      7 July 2025

      TechCentral Nexus S0E4: Takealot’s big Post Office jobs plan

      4 July 2025

      TCS | Tech, townships and tenacity: Spar’s plan to win with Spar2U

      3 July 2025
    • Opinion

      A smarter approach to digital transformation in ICT distribution

      15 July 2025

      In defence of equity alternatives for BEE

      30 June 2025

      E-commerce in ICT distribution: enabler or disruptor?

      30 June 2025

      South Africa pioneered drone laws a decade ago – now it must catch up

      17 June 2025

      AI and the future of ICT distribution

      16 June 2025
    • Company Hubs
      • Africa Data Centres
      • AfriGIS
      • Altron Digital Business
      • Altron Document Solutions
      • Altron Group
      • Arctic Wolf
      • AvertITD
      • Braintree
      • CallMiner
      • CambriLearn
      • CYBER1 Solutions
      • Digicloud Africa
      • Digimune
      • Domains.co.za
      • ESET
      • Euphoria Telecom
      • Incredible Business
      • iONLINE
      • Iris Network Systems
      • LSD Open
      • NEC XON
      • Network Platforms
      • Next DLP
      • Ovations
      • Paracon
      • Paratus
      • Q-KON
      • SevenC
      • SkyWire
      • Solid8 Technologies
      • Telit Cinterion
      • Tenable
      • Vertiv
      • Videri Digital
      • Wipro
      • Workday
    • Sections
      • AI and machine learning
      • Banking
      • Broadcasting and Media
      • Cloud services
      • Contact centres and CX
      • Cryptocurrencies
      • Education and skills
      • Electronics and hardware
      • Energy and sustainability
      • Enterprise software
      • Fintech
      • Information security
      • Internet and connectivity
      • Internet of Things
      • Investment
      • IT services
      • Lifestyle
      • Motoring
      • Public sector
      • Retail and e-commerce
      • Science
      • SMEs and start-ups
      • Social media
      • Talent and leadership
      • Telecoms
    • Events
    • Advertise
    TechCentralTechCentral
    Home » In-depth » Real whodunnit in hard drive malware case

    Real whodunnit in hard drive malware case

    By The Conversation20 February 2015
    Twitter LinkedIn Facebook WhatsApp Email Telegram Copy Link
    News Alerts
    WhatsApp

    hard-drive-640

    It sometimes seems that whenever security researchers discover some new exploit or malware that allows the monitoring of remote computers, the finger is quickly pointed at the US intelligence agencies.

    Security firm Kaspersky has revealed a complex malware developed by a group called Equation. Although its report made no mention of the US National Security Agency, subsequent news reports held it responsible anyway.

    This seems to follow the logic that, as Equation’s malware uses techniques similar to Stuxnet, if Stuxnet was developed by the NSA then Equation’s must also have been developed by the NSA. But despite everything that’s been written about Stuxnet’s origins, there’s no conclusive proof tying it to the NSA, or anyone else.

    Such breathless headlines unfortunately obscure how interesting this new suite of malware is — not least that it isn’t new, but dates back to 2001. That is eons in technological terms.

    What’s also interesting is the way the attackers hid the malware: by embedding the malicious code into the firmware (hard-coded software) built into hard disk drives found in practically every computer. Not just drives from one manufacturer, but almost all the mainstream brands — perhaps even the one that powers the computer on which you read this now. Why is this important? It means you could wipe the entire drive, reinstall your computer’s software from scratch — and still be infected.

    The only more attractive hiding place for an attacker is the firmware that is required to start the computer, the BIOS, but viruses that attack the BIOS have been around for decades and hardware has been adapted in defence. On the other hand, looking at hard drive firmware and adopting defences against tampering with it just hasn’t been on the agenda, a fact that has allowed this malware to go undetected for so long.

    And it’s not just that the attackers were able to work out how to embed their malware in the drives’ firmware; they appear also to have been able to update it with improved versions. This would require updating (“flashing”) not just the malware but the original firmware code, too, without which the drive wouldn’t function. This is considered technically advanced even today — yet someone seems to have developed the capability to do so more than 10 years ago. This is technically impressive.

    The fact that such an advanced technique was deployed so long ago prompts us to wonder what else is out there that we don’t know about. It’s not as if this is the first such discovery: Stuxnet, Flame, Regin and now Equation, all of which appear to have been active for many years. To paraphrase Oscar Wilde: to miss one piece of malware looks like misfortune, to miss four looks like trend.

    It is easy, as we see from some of the headlines, to attribute blame based upon circumstantial evidence such as those who was attacked. However, this assumes that a state actor is responsible — and that only certain countries have the wherewithal to develop such a capability. Yet one individual with skills and time was able to do much the same.

    One of the extraordinary things about cyber warfare and cyber espionage is how it has levelled the playing field between adversaries who might be hugely unequal in other ways. With a relatively small team and modest budget anyone could potentially develop very clever software. Cyberspace is the ideal platform to wage asymmetric warfare.

    The reports of all these threats — Regin, Stuxnet, Flame and others — carry the assumption that a government is responsible. It’s not an unreasonable assumption considering that the software’s primary function is espionage. But while nation states are the consumers of intelligence gathered in this way, it doesn’t mean that their agencies are responsible –there is an active market for such information, which means there is a commercial motivation for others to collect it.

    Criminal hackers steal personal information to sell on the black market to those who would commit fraud. They might equally gather data of interest to governments and law enforcement and sell it to them. In many ways it is a classic market: with limitless demand there will always be those willing to supply.

    In any event, it’s worth reading the full range of reports available and forming one’s own judgment. Like reading only a single newspaper, the likelihood is that the news is reported with a particular slant — such as blaming the NSA. And while one can be sure of very little when it comes to final attribution of these attacks, one can be sure that individual reports carry their own bias. It is worth concentrating on the technical detail as that is where one is more likely to find the truth.

    And expect to hear more such stories in the future — after all, if malware can be hidden so successfully 10 years ago, imagine what’s possible today.The Conversation

    • Alan Woodward is visiting professor at University of Surrey
    • This article was originally published on The Conversation


    Alan Woodward Kaspersky Kaspersky Lab National Security Agency NSA
    Subscribe to TechCentral Subscribe to TechCentral
    Share. Facebook Twitter LinkedIn WhatsApp Telegram Email Copy Link
    Previous ArticleIllegal online gambling blamed for SA pinch
    Next Article Big upgrade promises much speedier Web

    Related Posts

    Kaspersky to shut its US business under pressure

    16 July 2024

    Biden to ban US sales of Kaspersky antivirus software

    20 June 2024

    NSA chief accuses China of ‘very aggressive’ hacking strategy

    31 May 2024
    Company News

    Vertiv to acquire custom rack solutions manufacturer

    18 July 2025

    SA businesses embrace gen AI – but strategy and skills are lagging

    17 July 2025

    Ransomware in South Africa: the human factor behind the growing crisis

    16 July 2025
    Opinion

    A smarter approach to digital transformation in ICT distribution

    15 July 2025

    In defence of equity alternatives for BEE

    30 June 2025

    E-commerce in ICT distribution: enabler or disruptor?

    30 June 2025

    Subscribe to Updates

    Get the best South African technology news and analysis delivered to your e-mail inbox every morning.

    © 2009 - 2025 NewsCentral Media

    Type above and press Enter to search. Press Esc to cancel.