Does the NSA have a spy in your hard drive?

This article originally appeared on

A Russian security firm claims to have uncovered a major tool used to rewrite hard drives and collect all stored information in potentially millions of computers and hard drives around the world.

In a very technical post on its website, the Moscow-based Internet security firm Kaspersky Lab revealed the complex viruses programmed into computers and hard drives by the Equation Group, purported to be the National Security Agency, according to an unnamed former NSA employee who spoke to Reuters.

???They use tools that are very complicated and expensive to develop, in order to infect victims, retrieve data and hide activity in an outstandingly professional way, and utilize classic spying techniques to deliver malicious payloads to the victims,??? statedKaspersky Lab???s Global Research and Analysis Team on its website.

more detailed PDF put together by Kaspersky Lab describes in detail a computer worm called ???Fanny,??? compiled in July 2008. It was originally created to infect the computers of certain targets in the Middle East and Asia, using USB sticks that would grab data and upload once the computer connected to the Internet.

Parts of this code were later used in Stuxnet, the computer virus aimed at Iran???s nuclear facilities most likely released by the NSA.

Former CIA agent Jeffrey Sterling was convicted for espionage last month as a result of revealing the federal government???s role in developing the Stuxnet virus to New York Times journalist James Risen in 2006. It has so far been the largest ever cyber-weapon deployed against a government, though he U.S. government continues to deny responsibility.

According to Kaspersky Labs, the most astounding part of its research is the Equation Group???s ???ability to infect the hard drive firmware,??? at a level never seen before. By completely rewriting the source code for hard drives, using the file ???nls_933w.dll,??? the NSA conceivably has the mechanisms necessary to collect every piece of information and data stored.

Most of the implanted Trojan horses, or programs meant to capture information, were found in computers from China, Russia, Iran, and even some in Europe and the United States, according to the firm, affecting entities with ties to finance, government, media, military, universities, embassies and many more.

Hard drive manufacturers have been quick to deny any acknowledgement of such a program on their products.

???Prior to the report, we had no knowledge of the described cyber-espionage program. We take such threats very seriously. The integrity of our products and the security of our customers??? data are of paramount importance to us,??? Steve Shattuck, Western Digital???s media relations director, told Sputnik News.

Another portion of the research reveals Internet users in Jordan, Turkey and Egypt were specifically not targeted for attacks, countries considered to be U.S. allies.

The NSA has yet to comment on whether the program is a part of its intelligence gathering activities.