But beyond this is a realm of other locations, often completely uncheckable at the moment. Most viruses are stored in normal disk spaces that antivirus programs routinely check. The current answer to that is, in any device or component that has firmware (or has circuitry that facilitates secret firmware or code) - and unfortunately that's almost all of them. The issue underlying the question is, where can code that runs automatically, exist on a computer. But notice the qualifiers malware authors are often quite clever and adapt quickly to new ideas. If you are able, it is worth concentrating on the technical detail as that is where you’re more likely to find the truth.Īnd expect to hear more such stories in the future – after all, if malware can be hidden so succesfully 10 years ago imagine what’s possible today.In general and at the moment (2016), wipe and reinstall is usually enough for an ordinary user. And while you can be sure of very little when it comes to final attribution of these attacks, you can be sure that individual reports carry their own bias. Like reading only a single newspaper, the likelihood is that the news is reported with a particular slant – such as blaming the NSA. In any event, it’s worth reading the full range of reports available and forming your own judgement. In many ways it is a classic market: with limitless demand there will always be those willing to supply. They might equally gather data of interest to governments and law enforcement and sell it to them. But while nation states are the consumers of intelligence gathered in this way, it doesn’t mean that their agencies are responsible – there is an active market for such information, which means there is a commercial motivation for others to collect it.Ĭriminal hackers steal personal information to sell on the black market to those who would commit fraud. It’s not an unreasonable assumption considering that the software’s primary function is espionage. The reports of all these threats – Regin, Stuxnet, Flame, and others – carry the assumption that a government is responsible. Pointing the finger of blame based on who was targeted is not conclusive. Cyberspace is the ideal platform to wage asymmetric warfare. With a relatively small team and modest budget anyone could potentially develop very clever software. One of the extraordinary things about cyber warfare and cyber espionage is how it has levelled the playing field between adversaries who might be hugely unequal in other ways. Yet, as the video above demonstrates, one individual with skills and time was able to do much the same. However, this assumes that a state actor is responsible – and that only certain countries have the wherewithal to develop such a capability. It is easy, as we see from some of the headlines, to attribute blame based upon circumstantial evidence such as those who was attacked. To paraphrase Oscar Wilde: to miss one piece of malware looks like misfortune, to miss four looks like trend. So the fact that such an advanced technique was deployed so long ago prompts us to wonder what else is out there that we don’t know about? It’s not as if this is the first such discovery: Stuxnet, Flame, Regin and now Equation, all of which appear to have been active for many years. This is technically impressive.Ī new meaning to installing ‘on’ my hard drive. This is considered technically advanced even today – yet someone seems to have developed the capability to do so more than 10 years ago. This would require updating (“flashing”) not just the malware but the original firmware code too, without which the drive wouldn’t function. An updated, evolving threatĪnd it’s not just that the attackers were able to work out how to embed their malware in the drives’ firmware they appear also to have been able to update it with improved versions. On the other hand, looking at hard drive firmware and adopting defences against tampering with it just hasn’t been on the agenda, a fact that has allowed this malware to go undetected for so long. The only more attractive hiding place for an attacker is the firmware that is required to start the computer, the BIOS, but viruses that attack the BIOS have been around for decades and hardware has been adapted in defence. Why is this important? It means you could wipe the entire drive, reinstall your computer’s software from scratch – and still be infected. Not just drives from one manufacturer, but almost all the mainstream brands – perhaps even the one that powers the computer on which you read this now. What’s also interesting is the way the attackers hid the malware: by embedding the malicious code into the firmware (hard-coded software) built into hard disk drives found in practically every computer. A family of malware evolving over more than a decade.
0 Comments
Leave a Reply. |