Revelations that the National Security Agency implanted spyware into hard drives sold by top American tech manufacturers stand to further damage the international sales of those vendors and further degrade the U.S. government's diplomatic relations with countries, many already stinging from previous NSA spying programs, abroad.
“This is yet another instance that has led to building this viewpoint that the U.S. government and U.S. companies cannot be trusted, and whether that is correct or not, it’s harder and harder to combat that idea,” said Jake Laperruque, the Center for Democracy & Technology’s fellow on Privacy, Surveillance and Security. “That’s going to cause problems for U.S. businesses.”
The spyware, which has been dubbed “Equation,” was discovered by Kaspersky Lab, a Russian security software maker that over the past few years has built a reputation for uncovering American cyberespionage operations. Kaspersky Lab revealed the operation late Monday evening.
It is strongly believed that the NSA is behind Equation and has been building spyware directly into the firmware of hard drives sold by companies like Western Digital, Seagate Technology, Micron Technology and many others since 2001. That spyware was then used to monitor the computer activities of top foreign targets in countries like Iran, Russia, Pakistan, Afghanistan, China and others, according to Reuters.
“Short of something major like Congressional action, it’s going to be hard to break that narrative that we can’t be trusted,” said Laperruque. “The trust has been withered away so significantly.”
Since the revelation of PRISM in 2013, countless cyberespionage operations have been tied to the NSA, damaging the U.S. government’s relationships around the globe. Equation is the latest example of that and the "icing on Snowden's cake," said Igor Baikalov, chief scientist at Securonix, a security analytics and intelligence firm.
"While Kaspersky stopped short of attributing 'Equation Group' activities to any specific entity, the list of clues discovered and especially the list of targets leaves little doubt that eventually it will be tied to NSA," Baikalov said. "The question is: does the U.S. government care anymore?"
Since whistleblower Edward Snowden came out two years ago with revelations of widespread cyberespionage by the NSA, American businesses have been negatively impacted as countries around the globe lose their trust U.S.-made tech. Qualcomm, IBM, Microsoft and Hewlett-Packard have been among companies who’ve reported diminished sales in China as a result. In Brazil, Boeing missed out on a $4.5 billion jet contract due to the NSA’s activities. The total damage to American tech businesses could amount to as much as $180 billion, according to an estimate by Forrester Research's James Staten.
“This will most certainly have a long-term impact on the brands of the companies involved -- Seagate, Toshiba, and Western Digital -- at the very least tainting their products as suspicious,” said Jim Gregory, chairman of Tenet, a brand innovation and marketing firm. “Their corporate brand will be impacted and the damage will last from three to five years depending on how actively they manage the crisis.”
As for companies that are concerned with what Equation could mean for their own computer systems, there really isn’t much that can be done other than having an expert go through their computer system code and manually ensure there is no spyware installed. "One cannot simply install any antivirus product off the shelf and expect to be fully protected, even if you have Kaspersky," said Brett Fernicola, chief information security officer for STEALTHbits Technologies, a provider of data security solutions.
"Hackers today are writing new viruses and malware that are extremely complex that go months without detection," said Fernicola. That, apparently, may include the National Security Agency.