Storage vendors stay quiet on hard drive malware

By on
Storage vendors stay quiet on hard drive malware
Page 1 of 3  |  Single page

Storage vendors are refusing to acknowledge what steps they will take in the wake of the blockbuster revelation that a secretive organisation with alleged ties to the US National Security Agency is behind a move to secretly install malware in the firmware of hard drives from major vendors.

An organisation called the Equation Group has hidden software in the firmware of an untold number of hard drives that can retrieve data on the drive and possibly deliver malicious payloads, according to Kaspersky Lab.

With the malware hidden in the hard drive firmware, there are no known tools - except maybe a hammer - that can prevent it from carrying out its task.

Kaspersky released its report revealing the threat on 16 February, and called the Equation Group a "threat actor that surpasses anything known in terms of complexity and sophistication of techniques."

Given the complexity of the malware, Kaspersky said there is no certainty that what the Equation Group has done will lead to a widespread attack on customers' storage systems or data. Even so, the news has huge implications for the storage industry, the biggest consumer of hard drives, as it points the way for other organisations - or governments - who may be interested in just such an attack.

No one has accused storage system vendors of working with the Equation Group. However, none of the vendors addressed CRN USA inquiries regarding how they could make sure such malware is not included in future shipments, whether it is possible to remove the malware from units installed in the field, or how they would communicate with customers regarding the potential threat.

None of the five top storage vendors, including EMC, Hewlett-Packard, Hitachi Data Systems, NetApp and Dell, would comment on any of the report's implications.

The sounds of silence are in sharp contrast to the protests from Dell and Cisco Systems when news broke last year that a special unit within the NSA had been planting backdoors in computing and networking hardware from major US vendors, including those two companies.

At the time, Cisco CEO John Chambers wrote a strongly worded letter to President Barack Obama urging him to issue new rules that protect customers from the NSA putting spyware into computer equipment.

Kaspersky did not say who was behind the Equation Group but said the organisation appears to have interacted with "other powerful groups" including the designers of the Stuxnet malware, a connection that implies a tie with the NSA, according to numerous media reports including Reuters.

Kaspersky was unable to respond to a CRN USA request for more information.

In a move Kaspersky described as "ultimate persistence and invisibility," the company's Global Research and Analysis Team (GReAT) recovered two modules of codes that allowed the reprogramming of hard drive firmware in most popular hard disk drives, making it the "first known malware capable of infecting the hard drives".

Those modules allow data to be "exfiltrated" from a user's storage system to space secretly carved out on the drive, where it can sit until retrieved by the hackers. The malware also appears to be able to crack encryption technology around the data. 

Next: storage vendors' responses

This article originally appeared at

Next Page
1 2 3 Single page
Got a news tip for our journalists? Share it with us anonymously here.
Copyright © 2018 The Channel Company, LLC. All rights reserved.

Most Read Articles

You must be a registered member of CRN to post a comment.
| Register


You have to spend $10k on new business hardware. What do you buy?
Collaboration hardware
Enormous monitors
New smartphones
New PCs
Minimum spec Mac Pro for $9,990.
We'd fake some paperwork and have a party instead
View poll archive

Log In

Username / Email:
  |  Forgot your password?