https://snowdenarchive.cjfe.org/greenstone/collect/snowden1/index/assoc/HASH0183/bea0112a.dir/doc.pdf

diretiva interna da NSA

em uma das diretivas eh pedido o analises dos firmware

nao especificamente

hen someone really needs the information off of a damaged hard drive, they call Persistence. This would be a unique tour learning from a world-class expert how to fix hardware and firmware problems. You would be working on targets, extracting data, troubleshooting hardware, rebuilding SCSI arrays, and using analytical engineering skill to produce real collection. Position requires good hearing for some of the troubleshooting. Intern should know how to solder.

(U) IRATEMONK [edit] (TS//SI//REL) SSD Support (TS//SI//REL) Integrate SSD research into IRATEMONK products. This will involve 4 different parts: • (TS//SI//REL) Leveraging research to create ARM-based SSD implant. This works involves reverse engineering SSD firmware and creating C and ARM assembly code to place inside of a firmware image to implement the IRATEMONK algorithm. • (TS//SI//REL) Create version of the IMBIOS code that supports the SSD implant. This code runs on the x86 host and involves writing both C and

x86 assembly. This work will involve interacting with the firmware implant as well as the code that IMBIQS bootstraps (SIERRAMIST). • (TS//SI//REL) Add support for the SSD to WICKEDVICAR. WICKEDVICAR is the remote tool used to perform remote survey and installation. This code is C + + and will involve interacting with the firmware implant from a Windows OS. • (TS//SI//REL) Add the SSD vendor support to the IRATEMONK firmware and implant database tool. This code is mostly python code that interacts with a drive via a Linux driver.

eles puderam ter accesso aos firmwares das companias pedindo uma revisão

o que eh bastante comum, uma agencia de segurança fazer uma revisão do sistema quando ele eh vendido por uma empresa extrangeira

com accesso eles conseguiram o firmware

hackearam e modificaram o accesso de datos

Create a covert storage product that is enabled from a hard drive firmware modification. The idea would be to modify the firmware of a particular hard drive so that it normally only recognizes say half of its available space. It would report this size back to the operating system and not provide any way to access the additional space. The firmware would have a special hook inside of it that on receipt of some custom ATA command, it would "unlock" the rest of the drive on the next boot of the drive. When covert storage is locked, only 1 partition would be present on the drive. When unlocked, the firmware would fix up the partition table to account for the second hidden partition whose space is now available on the drive. When finished with covert storage, a special command can be sent back to the drive that will lock the drive again. On the next boot, the firmware will hide the extra space and fix up the partition table so only 1 partition exists.

aqui temos as implementações RC6/5

ajuda com a hipotese de que equation group faz parte da NSA

mas parece que ha erro de analises

mas pelos nomes dos implantes equation group fazia parte da NSA ou pelo menos trabalhou para eles

equation group tmb esteve involucrado no stuxnet and flux

ele enviaram o 0day para os criadores de stuxnet

mas eles ja tinham criado antes do stuxnet