- Agency can access hard-drives made by major U.S. producers
- Computers in over 30 countries, including NATO allies, were hacked
- Iran and Russia were main targets
- Revelations may impact technology sector in the U.S. as institutions around the world seek alternatives
Kaspersky Lab, the Moscow-based cyber security firm whose report into international hacking was previewed by the New York Times Yesterday, has exposed that the NSA has had the capacity to snoop on most U.S.-made computers since 2001.
The report claims that the NSA attained access to “firmware” code from all the major Western computer manufacturers – which runs every time a computer is switched on – and figured out how to lodge malicious software in the code.
The terminology may be foreign to you but imagine if you will what your world would be like if the digital records of your wealth and property titles simply vanished or became corrupted. Imagine the screen just going dark. It sounds alarmist but that is exactly the sum total of the high stakes games now being played out by the world’s superpowers – you and I are the pawns.
The global economy is thoroughly integrated and processes and knowhow are increasingly delivered on distributed architecture made up of lattices of public and private networks. This approach has wonderful benefits and can deliver scale and flexibility and speed in equal measure. But therein lies the risk, the physical spying infrastructure with engineered back doors must remain hidden in order to be effective and useful to the spies who placed them there. What the intelligence community has done has created the mother of all “single point of failures” and the potential for calamity and social disintegration is almost too great to countenance. They assume that with adequate controls these systems can be kept safe and used effectively. They said the same about nuclear procurement and weaponised viruses.
The fact is that in time marketable information will always eventually leak and be traded. Enemy interests would likely, as a priority action, seek to seize control of this infrastructure and either use it to attack American interest and allies or exploit its data collection capabilities – perhaps they already do. Remember, Snowden was a contractor and the access he had was incredible. The sheer arrogance of what they have done is staggering.
Kaspersky’s reconstructions of the spying programs show that they could work in disk drives sold by more than a dozen companies, comprising essentially the entire market. They include Western Digital Corp, Seagate Technology Plc, Toshiba Corp, IBM, Micron Technology Inc and Samsung Electronics Co Ltd.
A Kaspersky spokesman, Costin Raiu said “There is zero chance that someone could rewrite the [hard drive] operating system using public information,” indicating that the NSA was given the sensitive code by manufacturers.
Over 30 countries were targeted, including NATO allies. Britain, France, Belgium and Germany all had systems violated.
The revelations that telecommunications systems were infiltrated in Germany will likely be met with interest in that country, following previous revelations that the NSA had tapped the cell phone of Angela Merkel.
Both Iran and Russia experienced a high level of NSA hacking, along with China, Pakistan, India, Afghanistan, Syria and Mali.
In Iran, a full range of systems were were targeted, including those of the government, diplomatic and energy agencies, finance, telecommunications and research institutions and universities.
Russia’s military was targeted as were the energy sector and research and medical sectors among others.
The NSA declined to comment on the allegations. Reuters was able to get confirmation of the revelations from former NSA employees.
It is too early at this point to speculate on the implications of the report. It may be that the story will simply fade away. Or, as is often the case, it may be the tip of the iceberg with further, more damaging details to follow.
“Kaspersky on Monday published the technical details of its research, a move that could help infected institutions detect the spying programs, some of which trace back as far as 2001,” the Moscow Times reports.
The revelations may have a negative impact on the U.S. technology industry. China has already been drafting regulations, requiring bank technology suppliers to submit their software code for inspection.
Why on earth would a foreign marketplace import American technology if they know that there is a very good chance the technology will be countermanded and the data use against the owner? It is akin to wheeling in a Trojan horse when actually knowing what lays hidden inside.
Ultimately this strategy could serve to severely hobble the American tech industry, the American economy and ultimately American jobs. This is an example of shortsighted leadership, militaristic thinking. The supporters will argue that industrial data can be traded and used to give U.S. companies a leg up on foreign competitors and perhaps this is true, but such help would be very time sensitive and probably slow in propagating given the speed of commercial development.
The case for low tech, old fashioned bullion ownership has never been stronger and if this story does not give you serious pause for thought …well not much else will!
In previous updates we have detailed the threat that cyber-terrorism and cyber-warfare poses to western economies and to the western way of life. The Kaspersky report shows how pervasive the activity is.
The potential of the rivals of the West to collapse the western currency system – and with it savings and pensions – is real. Gold is not subject to to cyber warfare and will protect its owners from cyber warfare-induced currency crises.