Report: US planted spyware in computers

Associated Press

SAN FRANCISCO

Did the National Security Agency plant spyware deep in the hard drives of thousands of computers used by foreign governments, banks and other targets under surveillance abroad?

A new report from Russian cybersecurity firm Kaspersky Lab said its researchers identified malicious programs or worms that infected computers in multiple countries.

Targets appeared to be specifically selected and included military, Islamic activists, energy companies and other businesses, as well as government personnel.

Without naming the United States as the source of the malware, the report said one of the programs has elements in common with the so-called Stuxnet computer virus that the New York Times and Washington Post have said were developed by the U.S. and Israeli governments to disrupt Iranian nuclear facilities.

The malware was not designed for financial gain but to collect information through “pure cyber- espionage,” said Kaspersky’s Vitaly Kamluk.

NSA spokeswoman Vanee Vines declined to comment but cited a 2014 presidential directive that instructed U.S. intelligence agencies to respect Americans’ privacy while continuing to conduct overseas operations necessary to guard against terrorism or other threats.

Kaspersky researchers said some of the spyware was designed to burrow into the essential software that comes pre-installed on a computer’s disk drive, known as firmware. Once there, it could have gained access to vital codes, such as the keys to deciphering encrypted files.

Kamluk said compromising firmware is a difficult technical challenge that likely requires knowledge of the manufacturer’s source code — normally a closely guarded secret.