I've written before about the folly of running Windows in a world where zero-day exploits are routinely used not just by criminals but also by spy agencies around the world, and there are claims that Microsoft was complicit in allowing them to be used in this way. An astonishing new document [.pdf] from the Kaspersky Lab confirms that you really have to be pretty masochistic to use Windows. It concerns a new group dubbed "Equation" by Kaspersky, which says quite simply:
The Equation group is probably one of the most sophisticated cyber attack groups in the world; and they are the most advanced threat actor we have seen.
It seems likely that it is an NSA operation, or perhaps some other US agency, but that's not what really interests me here. As you will see if you read the whole Kaspersky document, or this detailed story here on Computerworld UK, it is essentially an attack against Windows machines (although there is some evidence that Apple systems may also be affected.) No surprise there, obviously. But what is truly astonishing is the following:
Although the implementation of their malware systems is incredibly complex, surpassing even Regin in sophistication, there is one aspect of the EQUATION group’s attack technologies that exceeds anything we have ever seen before. This is the ability to infect the hard drive firmware.
Most of the well-known hard drive manufacturers are affected, and once the firmware is infected, it is more or less impossible to get rid of it using existing tools. It seems unlikely that this kind of attack could have been written without access to the firmware code, and that's one pointer to US government involvement, since it could easily have requested it as a condition of buying equipment from hard drive manufacturers.
As well as underlining the almost insane lengths that someone - probably the US/NSA - is prepared to go in order to compromise systems, there is another hugely important lesson to be learnt from this new information. Evidently, things are even worse than we feared in the wake of Snowden's leaks - and they were bad enough before.
It seems that running free software programs that will allow (in theory, at least) backdoors to be spotted in code, is not enough. The Kaspersky discovery shows that we must go even further, and demand open source firmware for hard drives (and presumably everything else), so that these too can be audited by independent researchers. It's a salutary reminder that while there is any element of the software and hardware stack that is not open, there is always the danger the system can be compromised and turned against you.