Report Uncovers Decades-Long US Hacking Effort

Security researchers at Kaspersky Lab in Russia report that they have discovered how American intelligence agencies have subverted computer hardware, software and networks in an effort to spy on other countries. The surveillance and sabotage technologies have been discovered in systems in China, Iran, Pakistan, Russia, and elsewhere.

Kaspersky has a policy of not naming countries it believes are behind hacking attacks. But it says that unnamed intelligence agencies—clearly the National Security Agency (NSA) and the United States Cyber Command—from an unnamed country—the United States—have figured out how to hack virtually anything—computers, hard drives, software and networks—in ways that have thus far eluded detection and then cannot be removed.

And they’ve been doing so for decades, at least as far back as 2001.

This hacking “surpasses anything known in terms of complexity and sophistication of techniques, and that has been active for almost two decades,” the firm claimed. And Kaspersky has been able to identify key similarities from famous electronic attacks such as 2010’s Stuxnet—a successful effort to set back Iran’s nuclear program—with other attacks, some older and some more recent.

Sponsored Content

Maximize Value from Microsoft Defender

In this ebook, you’ll learn why Red Canary’s platform and expertise bring you the highest possible value from your Microsoft Defender for Endpoint investment, deployment, or migration.

Kaspersky specifically called out one example of the hacking: it found very similar malware in the controller code for hard drives manufactured by Micron, Samsung, Seagate and Western Digital. This malware can survive even the drive makers’ own recovery tools, and of course can survive OS reinstalls should an antimalware solution flag suspicious behavior. The hard drive makers say they are unaware of this activity and in some cases claim outright that they have never worked with any government agency.

The firm also said it discovered PC firmware hacks that are beyond the reach of traditional anti-malware software, including Kaspersky’s. This type of malware provides access to a PC’s encryption keys, letting the US agencies access encrypted data.

“If the malware gets into the firmware, it is able to resurrect itself forever,” the Kaspersky report claims. “It means that we are practically blind and cannot detect hard drives that have been infected with this malware.”

Kaspersky also addressed the issue of offline and so-called “air gapped” PCs that are never connected to the Internet. In the case of Stuxnet, Iran’s offline PCs were infected on-site using a USB key, while in other cases, US intelligence agencies have simply “intercepted” PCs in transit, infecting them and then sending them on their way: since the malware can survive OS reinstalls, it doesn’t matter what the recipient does to protect them after the fact.

Eugene Kaspersky founded Kaspersky Labs in Russia with the backing of the KGB and the Russian military. Its software is not used by US intelligence agencies—irony alert—because of surveillance fears. But it is quite popular with the governments of the countries—China, Iran, Pakistan, Russia—that are hacked most often by the US government, in part because the US is so distrustful of the software. For this reason, Kaspersky has an unusually broad view of the US spying efforts.

The NSA, of course, refuses to acknowledge or deny the Kaspersky report.

“We are not going to comment publicly on any allegations that the report raises, or discuss any details,” an NSA statement notes.

Related Topics:


Don't have a login but want to join the conversation? Sign up for a Petri Account

Comments (0)

Leave a Reply

Paul Thurrott is an award-winning technology journalist and blogger with over 20 years of industry experience and the author of over 25 books. He is the News Director for the Petri IT Knowledgebase, the major domo at, and the co-host of three tech podcasts: Windows Weekly with Leo Laporte and Mary Jo Foley, What the Tech with Andrew Zarian, and First Ring Daily with Brad Sams. He was formerly the senior technology analyst at Windows IT Pro and the creator of the SuperSite for Windows.
External Sharing and Guest User Access in Microsoft 365 and Teams

This eBook will dive into policy considerations you need to make when creating and managing guest user access to your Teams network, as well as the different layers of guest access and the common challenges that accompany a more complicated Microsoft 365 infrastructure.

You will learn:

  • Who should be allowed to be invited as a guest?
  • What type of guests should be able to access files in SharePoint and OneDrive?
  • How should guests be offboarded?
  • How should you determine who has access to sensitive information in your environment?

Sponsored by: