SAN FRANCISCO – Did the National Security Agency plant spyware deep in the hard drives of thousands of computers used by foreign governments, banks and other targets under surveillance abroad?
A new report from Russian cybersecurity firm Kaspersky Lab said its researchers identified malicious programs or worms that infected computers in multiple countries.
Targets appeared to be specifically selected and included military, Islamic activists, energy companies and other businesses, as well as government personnel. Without naming the United States as the source of the malware, the report said one of the programs has elements in common with the so-called Stuxnet computer virus that the New York Times and Washington Post have said were developed by the U.S. and Israeli governments to disrupt Iranian nuclear facilities.
The malware was not designed for financial gain but to collect information through "pure cyberespionage," said Kaspersky's Vitaly Kamluk.
NSA spokeswoman Vanee Vines declined to comment, but cited a 2014 presidential directive instructing U.S. intelligence agencies to respect Americans' privacy while conducting overseas operations necessary to guard against terrorism or other threats.
Kaspersky researchers said some of the spyware was designed to burrow into the essential software that comes pre-installed on a computer's disk drive, known as firmware.
Once there, it could have gained access to vital codes, such as the keys to deciphering encrypted files. Kamluk said compromising firmware is a difficult technical challenge that likely requires knowledge of the manufacturer's source code — normally a closely guarded secret.
The report named several disk-drive manufacturers whose products were compromised, including Seagate Technology, Western Digital Corp., Toshiba and IBM. While some did not immediately respond to requests for comment, two companies said the report came as news to them.
"We take such threats very seriously," Western Digital spokesman Steve Shattuck said Tuesday.