The NSA may be implanting spying software in hard drives from a dozen major manufacturers including Toshiba, Western Digital, IBM, Samsung and Seagate, a report from cybersecurity firm Kaspersky Lab revealed Monday.
Though Kaspersky did not come out and point the finger directly at the National Security Agency -- instead calling out the Equation group, who have been perpetrating high-level attacks for almost 20 years -- but they said that there are "solid links indicating that the Equation group has interacted with" the actors behind Stuxnet, a virus the NSA used to attack Iranian nuclear weapons development in 2012.
A former NSA employee told Reuters that Kaspersky's analysis was correct, and "another former intelligence operative confirmed that the NSA had developed the prized technique of concealing spyware in hard drives."
The Kaspersky paper calls the software "perhaps the most powerful tool" in the Equation group's impressive arsenal, and "the first known malware capable of infecting the hard drives." It reprograms the drives and creates a hidden space where it can save stolen information to be retrieved later.
As CNET's Bridget Carey told CBS News, getting that deep into a piece of firmware (the core software of the drives), is very hard to do and requires the source code from the manufacturer.
One of the companies whose hard drives were infected with the spyware, Western Digital, said that it did not give its source code to the government. "But other sources in cybersecurity say that the government can get this because all it takes is for you to sell a computer to the Pentagon or another agency and they have to say, 'You know what, for security reasons we need that source code,'" Carey explained.
In other words, the government may have only had to ask for what it wanted in order to send spying-capable hard drives all over the world.