> What the article doesn't reveal is the attack vector, how did the firmware in these drives come to be infected?
If criminals can target a bank to steal $300M from clients, the NSA can target a HD company to steal the source code.
It's really not that difficult.
Remember, the best attack isn't a direct assault. It's a sneak assault.
The story is that during WWII, Ian Fleming was part of a group of spies in training, who were asked to get into a secure nuclear research facility. Everyone else got caught. Sneaking in under the wire, etc.
Ian called a professor friend to vouch for him. Then, call the facility, and asked for a tour, as a visiting "researcher". After the tour was over, he called his boss, and told them his briefcase was hidden next to a critical part of the facility.
Bugging HD firmware is a brilliant ploy. Who looks there?
There is no need to steal the source code. As mentioned in the article (or a different article?), they can just demand the manufacturer send the source code for NSA review before the government buys any drives.
If criminals can target a bank to steal $300M from clients, the NSA can target a HD company to steal the source code.
It's really not that difficult.
Remember, the best attack isn't a direct assault. It's a sneak assault.
The story is that during WWII, Ian Fleming was part of a group of spies in training, who were asked to get into a secure nuclear research facility. Everyone else got caught. Sneaking in under the wire, etc.
Ian called a professor friend to vouch for him. Then, call the facility, and asked for a tour, as a visiting "researcher". After the tour was over, he called his boss, and told them his briefcase was hidden next to a critical part of the facility.
Bugging HD firmware is a brilliant ploy. Who looks there?