Troubleshoot Harddisks unaffected by EG

[Takashi94]

Kaspersky[/url] This mechanism got abused by the Equation group, which was able to download its own firmware to the hard drive of 12 different “categories” (vendors/variations).

Can someone list the HDD vendors affected by EG/flame/stuxnet/NSA?
Also can someone tell me which vendors frequently release signed encrypted firmware for their HDD's

 

[Digerati]

Did you actually read that article? (correct link here)

First, the article was from over 3 years ago - ancient history in the computer and computer security industries. And second, did you see where the author noted the threat was, "as rare as pandas walking across the street."

Bad guys are lazy opportunists. As that article noted, it would take extensive engineering, months of development, and millions in investments to develop such code and that has to be done for each and every hard drive model and firmware version out there - and there are probably 1000s of those. Note drive makers frequently update and revise the firmware for existing models and new drive models come out all the time. Not to mention SSDs are becoming more prevalent, especially as boot drives and SSDs are not subject to this type malware.

So there are no lists of vendors affected because this is not happening. There is no chance the bad guys will get their investment money back so they are not going to do it. So such malware is limited to "State" funded spy agencies used for cyberwarfare purposes on enemy countries or terrorist organizations.

But even in those cases, it is important to note the payload (information the spies are looking for) can only be retrieved through physical possession and analysis of the affected drive. That is, the spies would have to break into your home or place of work, install the malware in your drive without you knowing they were ever there, then come back some time later (perhaps weeks, months or even years later), and steal the computer to retrieve the data.

Bottom line is this: If you were a target (or perpetrator!) of such an attack, you would not need to be asking such questions here, on a public forum like this!

Drive makers don't encrypt their firmware. There's no need to. And it would not stop this type malware anyway.

 

[Takashi94]

Did you actually read that article? (correct link here)
Bad guys are lazy opportunists. As that article noted, it would take extensive engineering, months of development, and millions in investments to develop such code and that has to be done for each and every hard drive model and firmware version out there - and there are probably 1000s of those. Note drive makers frequently update and revise the firmware for existing models and new drive models come out all the time. Not to mention SSDs are becoming more prevalent, especially as boo
But even in those cases, it is important to note the payload (information the spies are looking for) can only be retrieved through physical possession and analysis of the affected drive. That is, the spies would have to break into your home or place of work, install the malware in your drive without you knowing they were ever there, then come back some time later (perhaps weeks, months or even years later), and steal the computer to retrieve the data.

Bottom line is this: If you were a target (or perpetrator!) of such an attack, you would not need to be asking such questions here, on a public forum like this!

Drive makers don't encrypt their firmware. There's no need to. And it would not stop this type malware anyway.

But sadly very umfortunately I was a RAT victim that might have this capability when I was very naive, didn't know about Cybersecurity which secretly caused my life permanent lifetime damage.
Would evil repair shop con technicians would have access to these kind of malware by government or bought/free downloaded from darkweb forums? Anyway I don't know if governments give access to those just like that without taking responsibilties, to those who can exploit, crookedly abused exploited to commit data, identity theft, fraud in my name, accounts, devices by them.

 

[Digerati]

As a PC technician with a repair shop, I would like to say there are no crooked shops, but sadly, I can't. Not all techs are honest. But they don't normally last long.

And in the case of this malware, it really serves him no purpose. Again, it depends on him having physical access to your computer, twice. It would be much easier to him to install other malware that "phones home" with your data.

You just need to keep Windows current, use a decent anti-malware solution (and Windows own Windows Defender is just fine for that). Then, regardless your primary scanner of choice, do supplemental scans with a secondary scanner just to make sure you, the user and always weakest link in security, didn't let something slip by.

And if you have such valuable personal data on your computer that a technician would go to such extremes to get, never take your computer to the same repair shop twice. Better yet, learn to repair your own computers. Otherwise, it really sounds like you are being overly paranoid.