Yes, I was going to post this. Judging by some of the dates listed in
these articles Kaspersky's knowledge of this goes back years, and much
information is redacted, as well as many involved conspirators not named,
even though the articles imply such knowledge. Why would Kaspersky be so
un-transparent with us?
This essentially makes encryption useless. I originally thought the
reason DPR's Full Disk Encryption failed him was due to the fact that his
laptop was seized while still in operation, and suffered a cold boot attack.
In light of this new knowledge perhaps
this was not the case.
Opening op the code to SSDs (and I would hope it wouldn’t just be
SSDs) wouldn't come close to solving the problem. Many other peripherals
exist which use the same flash storage switching back to EPROM would be a
better idea, it never should have been dropped for the sake of BIOS upgrades.
Perhaps a better solution might be to block ALL writes to peripheral storage
with a temporary HARDWARE switch allowing write intervals before resetting.
I warned everyone about this before. The whole idea of "Smart" storage
and peripherals was a disaster waiting to happen, and now it's being
exploited, and has been for years apparently. Having a tiny OS between you
and your data is stupid. Your Fingerprint reader has this ability so does
your USB controller as well as your CD/DVR/BD drive, also your network card,
and GPU; as reported your HD controller does too.
Also Western Digital isn't the only distributer who's HDs have been
compromised, I believe 20 brands were effected. I think as a community we
need to come together to solve this problem. The internet is full of
information "How to prevent TROJANS" (Buzzword) "How to remove VIRUSES"
(Buzzword) but much of this information is useless, and provides no
solutions, yet also fails to mention fixes for implants or backdoors at all.
Search for Greyfish, and you won't find much. So what should we do about
this, go back to using 12345 as a password?
http://securelist.com/blog/research/68750/equation-the-death-star-of-malware-galaxy/
http://www.kaspersky.com/about/news/virus/2015/equation-group-the-crown-creator-of-cyber-espionage
