Got Malware? New Threat Can't Be Removed Without Breaking Hard Drive

47_Ronin

New member
Jul 30, 2012
161
0
0
truckspond said:
47_Ronin said:
Destroy the HDD? That's drastic. Haven't they tried to plug off/plug in first?
That doesn't remove the malware as this one actually puts itself into the software built into the HDD that controls what it does and when.
I wasn't being serious...

insanelich said:
47_Ronin said:
Destroy the HDD? That's drastic. Haven't they tried to plug off/plug in first?
On a more serious note: Linux everybody? I know it's stupid, but the psychological effect on my safety since I installed cinnamon on my old laptop has been massive.
This thing will infect Linux with the same - or even more - ease than Windows.
Aaaaaaand there goes that boost of confidence I needed to get through the week.
 

Therumancer

Citation Needed
Nov 28, 2007
9,909
0
0
Michael Tabbut said:
So what I've gotten from this is that this Malware is that it seems to be only deployed on high-profile/government targets and not the average person's computer.

Sorta off topic but how close are we entering the potential cyberpunk future? Seriously I'm starting to think that is happening within the next decade or so.
Not likely, to be honest your typical Cyberpunk scenario from decades to go is positively utopian compared to where we are going. Most Cyberpunk fiction was based on the idea that businesses would become so powerful that they would wind up replacing or otherwise directly subverting all the global governments. A lot of it was based on the "Japanacorp" takeovers of the 1980s, which is why so many of the classic works have a heavy involvement of the Japanese and cultural trappings. That said typically this gets into concepts like how corporations would convince governments to allow citizens to sell their votes, meaning the corporations would wind up buying your vote in exchange for corporate welfare or as a requirement of employment with the corporation. This means the corporations, not political parties, would be what determined who held power, with whatever corporation has the most money and benefits to hand out to serfs being able to cast the most votes and thus control nations. Typically these ideas involve Japan starting the fire by subverting the US government, but US and European companies fighting back and then doing the same thing to Asian countries, and the forced democratization of China and Russia ultimately forcing them into the same basic game. In some Cyberpunk concepts you have a "Corporate Council" that acts as a sort of UN to prevent territorial disputes from getting out of control. The "punk" aspects of this kind of thing usually come about from people caught in the cracks of the system rebelling 1980s style, in some cases there being very big cracks when the powers that be conspire to limit citizenships so they can fix the power structure by not having new votes coming into the system, or risking that increasingly larger generations of people might not sell their votes and could potentially organize and present a threat. Of course this is just one basic type of ideas, there are many.

I think on a lot of levels this kind of speculative fiction made enough people aware of the basic idea (turning corps into stock villains in record time) that most of the pitfalls have been averted. The problem is that this has left us with a regular structure of nations balanced over a powder keg, and a world where very little can be done by anyone. See in a Cyberpunk concept things are actually pretty decent for most of humanity oddly enough, as your average "prole" lives in a corporate enclave and has corporations advancing science while finding new and innovative ways to keep their serfs happy and passive. It mostly sucks if your one of the people rebelling against that system or who fell through the cracks without citizenship or whatever. Your typical protagonist or PC in an RPG being someone who usually jumps into the cracks intentionally to sell their services as a highly paid mercenary and then gets into crap in the various shadow wars people usually don't see. In the current environment governments seem mostly concerned about suppressing technology as much as they can, and generally don't give a crap about anyone, in Cyberpunk the Corporations had to buy your votes to wield power, in reality it doesn't work that directly and you don't generally ever see any benefit from anything you do.

We lack, and will probably never have the way things work now, any kind of consumer neural interface technology for computers. Something like augementive cyberware is something the governments would never even consider allowing on the market. Heck most places won't even let you have a primitive jet pack or personal Gyrocopter. As amusing as hackers might be, at the end of the day the internet is primitive enough where the most they can do is harass people and slow them down when it comes to the big issues. To resolve anything you actually need to put boots on the ground and actually do something, and given the reluctance to do that, it means that no matter what hackers do, nations that are intent on say developing WMD are probably going to succeed.

All sarcasm aside, at the end of the day I think we will neither wind up doomed like "1984" or "Cyberpunk Fiction" but rather wind up in a miserable dystopia far worse than any of them, without even the creativity those visions showed.
 

CrystalShadow

don't upset the insane catgirl
Apr 11, 2009
3,829
0
0
47_Ronin said:
Destroy the HDD? That's drastic. Haven't they tried to plug off/plug in first?
On a more serious note: Linux everybody? I know it's stupid, but the psychological effect on my safety since I installed cinnamon on my old laptop has been massive.
Enjoy your false sense of security. Linux security is basicly security through obscurity which really isn't security at all, just a reflection of the fact that the majority of people writing dubious code can't be bothered to target you.

Anyway, I'm surprised it's possible to get at the firmware of a hard drive. Not unless you have access to the manufacturing facilities.

I've researched data recovery a little (pretty hard to do, because the people that know anything about it are very secretive), and as far as I can tell, you typically can't just access the firmware of a hard drive directly.
With at least some models to mess with it at all you have to connect through a data bus seperate from the primary data bus which doesn't usually have anything connected to it while the drive is in regular use.

That said, this special interface can do very low level alterations to the drive logic, but... Still...

The USB hack scares me more though. That was demonstrated as a working model by 'white hat' hackers, but even so, it's existence is truly terrifying.

Similar to this issue, they demonstrated that's it's possible to infect the USB plug and play firmware. Once a usb device of any kind is infected, it automatically infects the firmware of any computer it's plugged into through the plug and play code that is essential to the core functioning of USB.

An infected computer then rewrites the firmware of every USB device connected to it, and so on...
And you can't do anything about this, because although you could 'fix' the firmware on infected computers, the nature of the exploit means you cannot prevent re-infection. There is no way of rewriting the firmware in a way that would prevent this issue, because it would cripple a basic function of USB...
Leaving all USB devices permanently vulnerable to this exploit...

No examples in the wild, but...

Anyway, security flaws can be pretty scary if you think about them...
 

Trippy Turtle

Elite Member
May 10, 2010
2,119
2
43
How/Why is this a new thing?
If I know anything about IT related stuff, everything is easy but there is just a fuckton of easy stuff you need to know if you want to understand anything. Why has nobody bothered making malware hook into the firmware before? Surely if its possible at all it can't be that hard.

On another note. When is the movie coming out? I expect abandoned buildings, car chases, explosions, attractive 20-25 year old vigilante hackers being endlessly pursued by a pair of attractive male and female cops that have a chemistry not seen since breaking bad all ending in a final showdown of the last remaining hacker about to blow up every bit of networked hardware in existence against a cop with a broken leg crawling to her gun in order to avenge her critically wounded partner.
And it will be called "Gun Code"
 

RanceJustice

New member
Feb 25, 2011
91
0
0
There's a lot of blogspam and midding-level articles about this, but if you'd like one of the better researched ones that don't require an in-depth knowledge of info-sec technology, then check out Ars Technica's: http://arstechnica.com/security/2015/02/how-omnipotent-hackers-tied-to-the-nsa-hid-for-14-years-and-were-found-at-last/

Its pretty much exactly what you think: This is almost certainly the work of the NSA's TAO division, likely acting in concert with Israeli agents on some operations (ie Flame, Stuxnet etc.. ). The Snowden revelations provide confirmation of som codenames for particular tools observed by Kaspersky, such as IRATEMONK which describes the firmware-resident backdoor nearly exactly: https://www.schneier.com/blog/archives/2014/01/iratemonk_nsa_e.html
 

insanelich

Reportable Offender
Sep 3, 2008
443
0
0
Trippy Turtle said:
How/Why is this a new thing?
If I know anything about IT related stuff, everything is easy but there is just a fuckton of easy stuff you need to know if you want to understand anything. Why has nobody bothered making malware hook into the firmware before? Surely if its possible at all it can't be that hard.

On another note. When is the movie coming out? I expect abandoned buildings, car chases, explosions, attractive 20-25 year old vigilante hackers being endlessly pursued by a pair of attractive male and female cops that have a chemistry not seen since breaking bad all ending in a final showdown of the last remaining hacker about to blow up every bit of networked hardware in existence against a cop with a broken leg crawling to her gun in order to avenge her critically wounded partner.
And it will be called "Gun Code"
This is anything but easy.

This is the kind of stuff that requires access to secret source code, which basically requires you to either have actual physical spies infiltrating the manufacturing facilities or secret courts ordering you receive that code and issuing a gag order to the companies who have to hand it over.

Long story short, doing something like this requires a significant chunk of money.
 

blackrave

New member
Mar 7, 2012
2,020
0
0
truckspond said:
47_Ronin said:
Destroy the HDD? That's drastic. Haven't they tried to plug off/plug in first?
That doesn't remove the malware as this one actually puts itself into the software built into the HDD that controls what it does and when.
That is the only way how such thing could work
But wasn't such software supposed to be hard coded?
At least I assumed that basic hardware controlling software was hard coded into said hardware.

Because only other alternative is that it is hardware issue.
And then we have REAL problem.
 

TomWiley

New member
Jul 20, 2012
352
0
0
47_Ronin said:
Destroy the HDD? That's drastic. Haven't they tried to plug off/plug in first?
On a more serious note: Linux everybody? I know it's stupid, but the psychological effect on my safety since I installed cinnamon on my old laptop has been massive.
You cant be serious. The linux kernel has more security holes than a Swiss cheese.

http://www.cvedetails.com/vulnerability-list/vendor_id-33/product_id-47/cvssscoremin-7/cvssscoremax-7.99/Linux-Linux-Kernel.html

Only reason this isnt a bigger consumer problem is because nobody uses linux to begin with.
 

TomWiley

New member
Jul 20, 2012
352
0
0
blackrave said:
truckspond said:
47_Ronin said:
Destroy the HDD? That's drastic. Haven't they tried to plug off/plug in first?
That doesn't remove the malware as this one actually puts itself into the software built into the HDD that controls what it does and when.
That is the only way how such thing could work
But wasn't such software supposed to be hard coded?
At least I assumed that basic hardware controlling software was hard coded into said hardware.

Because only other alternative is that it is hardware issue.
And then we have REAL problem.
What do you mean with hardcoded?
 

The Rogue Wolf

Stealthy Carnivore
Legacy
Nov 25, 2007
16,302
8,779
118
Stalking the Digital Tundra
Gender
✅
TomWiley said:
blackrave said:
truckspond said:
47_Ronin said:
Destroy the HDD? That's drastic. Haven't they tried to plug off/plug in first?
That doesn't remove the malware as this one actually puts itself into the software built into the HDD that controls what it does and when.
That is the only way how such thing could work
But wasn't such software supposed to be hard coded?
At least I assumed that basic hardware controlling software was hard coded into said hardware.

Because only other alternative is that it is hardware issue.
And then we have REAL problem.
What do you mean with hardcoded?
Probably meaning that the firmware for the disk drive should be "read only". But you run into problems with that if the hardware ends up with a problem that can only be solved by a firmware update- which happened to a certain line of Seagate drives in 2009.
 

KyuubiNoKitsune-Hime

Lolita Style, The Best Style!
Jan 12, 2010
2,151
0
0
Well it looks like Steve Gibson will have a new project when he finishes SpinRite 7 (6 is still the best, most effective, and wallet friendly data recovery tool on the planet.) It could be that he might just make the removal of the malware a function of SpinRite in the future, since it works at the most basic levels of the HDD/SSD. But things like this remind me of the need to back on GRC and start listening to the Security Now! podcast on a regular basis.

I'm rather confident that this isn't from a Government, or the Illuminati(a conspiracy theorist favorite.) Independent hacker sources are so much more advanced than Governments tend to be and a lot of hackers like these work in the software industry. The fact that we just discovered these makes me wonder how many more like them there are like these people? How many more malware sources like these have we not discovered?

CrystalShadow said:
Enjoy your false sense of security. Linux security is basicly security through obscurity which really isn't security at all, just a reflection of the fact that the majority of people writing dubious code can't be bothered to target you.
You're only partly correct. The other side is that Linux is constantly worked on by people all over the place, mostly volunteers, who constantly update the security features, and plug back doors.

CrystalShadow said:
Anyway, I'm surprised it's possible to get at the firmware of a hard drive. Not unless you have access to the manufacturing facilities.
The thing is that firmware can be flashed with updates and such. You can go and flash your Bios firmware today if there is an update available for it.

CrystalShadow said:
I've researched data recovery a little (pretty hard to do, because the people that know anything about it are very secretive), and as far as I can tell, you typically can't just access the firmware of a hard drive directly.
With at least some models to mess with it at all you have to connect through a data bus seperate from the primary data bus which doesn't usually have anything connected to it while the drive is in regular use.

That said, this special interface can do very low level alterations to the drive logic, but... Still...
Most of the people who say they know anything about data recovery are generally full of it. Since even a good deal of professional recovery places use SpinRite. That being said you can access firmware generally fairly easily if you know what you're doing.

The low level can actually be surprisingly dangerous, even tiny amounts of code can make surprisingly massive changes.

CrystalShadow said:
The USB hack scares me more though. That was demonstrated as a working model by 'white hat' hackers, but even so, it's existence is truly terrifying.

Similar to this issue, they demonstrated that's it's possible to infect the USB plug and play firmware. Once a usb device of any kind is infected, it automatically infects the firmware of any computer it's plugged into through the plug and play code that is essential to the core functioning of USB.

An infected computer then rewrites the firmware of every USB device connected to it, and so on...
And you can't do anything about this, because although you could 'fix' the firmware on infected computers, the nature of the exploit means you cannot prevent re-infection. There is no way of rewriting the firmware in a way that would prevent this issue, because it would cripple a basic function of USB...
Leaving all USB devices permanently vulnerable to this exploit...

No examples in the wild, but...

Anyway, security flaws can be pretty scary if you think about them...
They can be, but knowing basic ways to keep your self secure can really help. One of which is blocking java script, not trying to incur mod wrath here, just stating a security fact.
 
Jan 27, 2011
3,740
0
0
Considering how good these guys are and the main targets...

I'm going to go out on a limb here and guess "CIA" or "Whoever the Israeli government gives Cyber attack jobs to" is the mastermind.
 

Racecarlock

New member
Jul 10, 2010
2,497
0
0
I know this was supposed to scare me, but I'm pretty sure they won't give a shit about me, so I don't have to worry. If this was a troll group, I might have been scared, but they seem to only target things reported in the news as an international threat.

Now if 4chan somehow figured that shit out, I would be piss scared.