Tuesday, February 17, 2015

Beyond the Ultimate Virus: Hacking the Supply Chain

Just about a year ago, I last opined about embedding malware into fresh-out-of-the-box computers, peripherals, and smart phones (see the story here). Today's UK Register story blows the whistle on those whacky guys at the NSA (see the full story here). Dig this, sports fans:
The US National Security Agency (NSA) infected hard disk firmware with spyware in a campaign valued as highly as Stuxnet that dates back at least 14 years and possibly up to two decades – all according to an analysis by Kaspersky Labs. 
The campaign infected possibly tens of thousands of computers in telecommunications providers, governments, militaries, utilities, and mass media organisations among others in more than 30 countries. 
The agency is said to have compromised hard drive firmware for more than a dozen top brands, including Seagate, Western Digital, IBM, Toshiba, Samsung and Maxtor, Kaspersky researchers revealed.
I always figured that the feds had some pretty good reasons for blacklisting certain PC manufacturers from selling to the U.S. goverment (ie; Lenovo Huawai to name just two). Turns out, they justifiably feared a Quid Pro Quo from China. Hey, we're doing it to them, so we'd better make sure they don't do it to…U.S.

The new golden rule of cyber security: Keep the bad guys from doing unto U.S. what we're already doing to unto them.

So, you think the spooks are going to single handedly tank the U.S. tech economy?

No comments:

Post a Comment

Implementation suggestions for THE MORGAN DOCTRINE are most welcome. What are the "Got'chas!"? What questions would some future Cyber Privateering Czar have to answer about this in a Senate confirmation hearing?