Offshore Outsourcing & Scammer

Blog about offshore outsourcing and scammer in the outsourcing industry

NSA Planted Stuxnet-Type Malware Deep Within Hard Drive Firmware

The U.S. National Security Agency (NSA) may be hiding highly-sophisticated hacking payloads in the firmware of consumer hard drives over the last 15 to 20 years in a campaign, giving the agency the means to eavesdrop on thousands of targets’ computers, according to an analysis by Kaspersky labs and subsequent reports.

 

'EQUATION GROUP' BEHIND THE MALWARE

The team of malicious actors is dubbed the the "Equation Group" by researchers from Moscow-based Kaspersky Lab, and describes them as "probably one of the most sophisticated cyber attack groups in the world," and "the most advanced threat actor we have seen."

The security researchers have documented 500 infections by Equation Group and believes that the actual number of victims likely reaches into the tens of thousands because of a self-destruct mechanism built into the malware.

 

TOP MANUFACTURERS' HARD DRIVES ARE INFECTED

Russian security experts reportedly uncovered state-created spyware hidden in the hard drive firmware of more than dozen of the largest manufacturers brands in the industry, including Samsung, Western Digital, Seagate, Maxtor, Toshiba and Hitachi.

These infected hard drives would have given the cyber criminals persistence on victims' computers and allowed them to set up secret data stores on the machines, which is only accessible to the malicious hackers.

 

UNABLE TO REMOVE THE INFECTION

One of the most sophisticated features of these notorious piece of hacking tools is the ability to infect not just the files stored on a hard drive, but also the firmware controlling the hard drive itself. The malware is hidden deep within hard drives in such a way that it is difficult to detect or remove it.

If present, once the victim insert that infected storage (such as a CD or USB drive) into an internet-connected PC, the malicious code allows hackers to snoop victims' data and map their networks that would otherwise be inaccessible.

Because the malware isn't sitting in regular storage, so it is almost impossible for a victim to get rid of it or even detect it. Such an exploit could survive a complete hard drive wipe, or the re-installation of an operating system, and "exceeds anything we have ever seen before," the company's researchers wrote in a report.

 

MORE ADVANCED TECHNIQUES USED BY EQUATION GROUP

The firm recovered two modules belonging to Equation group, dubbed EquationDrug and GrayFish. Both were used to reprogram hard drives to give the malicious hackers ability to persistently control over a target machine.

GrayFish can install itself into computer's boot record — a software code that loads before the operating system itself — and stores all of its data inside a portion of the operating system known as the registry, where configuration data is normally stored.

 GrayFish architecture - Kaspersky Labs

EquationDrug, on the other hand, was designed to be used on older versions of Windows operating systems, and "some of the plugins were designed originally for use on Windows 95/98/ME" - very old versions of Windows OS that they offer a good indication of the Equation Group's age.

 

TARGETED COUNTRIES AND ORGANISATIONS

The campaign infected tens of thousands of personal computers with one or more of the spying programs in more than 30 countries, with most infections seen in Iran, followed by Russia, Pakistan, Afghanistan, China, Mali, Syria, Yemen and Algeria.

The targets included government and military institutions, telecommunication providers, banks and financial institutions, energy companies, nuclear researchers, mass media organisations, and Islamic activists among others.

Equation Group Victims Map - Kaspersky Labs 

'ANCESTOR' OF STUXNET & FLAME

Security researchers are calling the malware as the "ancestor" of Stuxnet and Flame, the most sophisticated and powerful threats that were specially designed to spy and sabotage ICS and SCADA systems.

 

LINKS TO NSA

Kaspersky declined to publicly name the country or agency behind the spying campaign, but said it was closely linked to Stuxnet — the NSA-led cyberweapon that was used to sabotage the Iran's uranium enrichment facility.

Also, the similarities when combined with previously published NSA hard drive exploits have led many to speculate that the campaign may be part of the NSA program. NSA is the agency responsible for global surveillance program uncovered by Whistleblower Edward Snowden.

Another reason is that most of the infections discovered by the Moscow-based security firm have occurred in countries that are frequently US spying targets, such as China, Iran, Pakistan and Russia.

Meanwhile, Reuters reported sources formerly working with the NSA confirmed the agency was responsible for the attacks and developed espionage techniques on this level.

 

NSA INVOLVEMENT COULD BE RISKY

In case, if NSA found to be involved, the malicious program would have given the NSA unprecedented access to the world's computers, even when the computers are disconnected from the outer web. Computer viruses typically get activated as soon as a device is plugged in, with no further action required, and this because the viruses are stored on a hard drive's firmware.

Back in July, independent security researchers discovered a similar exploit targeting USB firmware — dubbed BadUSB — however there was no indication of the bugs being developed and deployed by Equation Group at this scale.

The issue once again raises the questions about the device manufacturers' complicity in the program. They should take extensive and sustained reverse engineering in order to successfully rewrite a hard drive's firmware.

For its part, the NSA declined to comment on the report.

 

A translation of a promoted call center campaign at LinkedIn

Recently I found a call center campaign at LinkedIn, which has been looking good at the first view:

LOOKING FOR CENTERS FROM (INDIA, SOUTH AFRICA AND PHILIPPINES)

5 year old Tech Support Company based in Texas looking for "experienced" call centers to outsource our outbound tech support sales. We have centers in India working for us from more then 4 years and generating good profits.

Pay-out from $50 to $185 for per sale.

 

Analyzing the product:

The product is not really a bad idea. As the company is based in in a small city, with a population of around 40000 people, called Hurst in Texas, the local possibility for offering a computer service has not really a big chance. Remote service and support can be a possible income.

Negative aspects:

  • A remote service works only if the computer is still running and has a connection to the internet

  • It can be only a software service for optimization of the performance, virus removal (as long the virus is not blocking the Internet connection), spyware scan and malware removal.

  • The service is limited to Windows and Office

  • The offered service "Setup a new system" cannot get done from remote. A transport of the computer can result that the computer does not work when it arrives back to the customer. The reason is very simple: From the vibrations during the transport a card or a plug can lose the correct contact. For this is it better for the customer to visit a computer repair center locally.

  • The company exists already nearly 5 years. They are offering 4 different plans for home users and 2 different plans for business use. The monthly rate is with $15.95 the same for all plans. The initial price for home users varies from $195.95 until $349.95 only the contract time is different. At the website is no reason written why someone should make a contract for 3 years for $349.95 initial with additional $15.95 per month instead of a contract for 6 months for $109.95 + $15.95 monthly. The only difference is the initial price. What the benefits of the higher price and the longer contract time are is missing. Maybe they don't know it by themselves. In this case the telemarketer has no arguments to sell a higher priced plan.

  • Compare at Amazon the price of a new computer in the USA with the maintenance plan what the telemarketer should sell: a complete computer set including monitor, keyboard, mouse and Windows 7 is actually at Amazon for $160 (Dell) available. The setup can get done with the help of the Dell Hotline. An argument for the price is in this case really missing.

In sum is the product not really a runner. In the USA is it normally that the monthly price is coming less as longer as the contract is running.

 

I try now to translate this advertisement for you:

You need to know that the average call center agent in the USA gets $27000/year ($2250/month or $15/hour)..I have simple divided the yearly salary by 12 and the monthly salary by 150 hours like it is in Europe usable. This company is located in Texas, There is the average income for a call center agent even lower. It is there $26000/year, which makes a hourly rate of $14.45

The offered pay out from $50 - $150 per sale is looking at the first view good, but only on the first view.

Let's take the lowest offered commission per sale, which is $50. A one is not really realistic, because for this the arguments for selling it are already missing.

The company would be positive in labor costs if she would sell each 3 hours and 33 minutes one product per agent by having own telemarketers. The company itself does not believe in their own sales possibilities at such a rate. For this they try to find a call center from a low wage country, which even takes the risk of the product. Maybe the call center should even provide the data for the sales.

My opinion is that very good and very experienced agents will be able to sell in average one product per day as long as the marketing of the product will not get improved. If the marketing will reduce the sales price, the pay out per sale will go down too or the company will not be able to survive and pay you.

So centers think about how long can you work for $50. Maybe you sell one product per 10 hours per agent in average. Are you able to survive with this income?

The sentence "We have centers in India working for us from more than 4 years and generating good profits" is only promotion and for this I can say only: "Never trust a statistic which you did not fake by yourself"

 

Source offer: LinkedIn offer

Source product: www.fixmycomputerdude.com