NSA, Not China, the Global BIOS Suicide Cyber-Bomber

Remember when, to fearmonger as part of 60 Minutes NSA propaganda, they warned of a Chinese attack on the US economy that, if launched, would have amounted to China acting as a suicide cyber-bomber?

The attack would have targeted computers’ BIOS.

Then there’s the scary BIOS plot.

I’ll need to go back and review this, but the jist of the scary claim at the heart of the report is that the NSA caught China planning a BIOS plot to shut down the global economy.







Of course, if that happened, it’d mean a goodly percentage of China’s 1.3 billion people would go hungry, which would lead to unbelievable chaos in China, which would mean the collapse of the state in China, the one thing the Chinese elite want to prevent more than anything.

But the NSA wants us to believe that this was actually going to happen.

That China was effectively going to set off a global suicide bomb. Strap on the economy in a cyber-suicide vest and … KABOOOOOOOM!

And the NSA heroically thwarted that attack.

The invocation of a BIOS attack was meant to provide authenticity and (for those who didn’t realize how obvious this is, mystery), I think.

But I find it particularly ironic that inserting backdoors into BIOS is (or was, back in 2008) the preferred method of NSA’s Access Network Technology group, which provides tools to access hardware and software.

It also develops software for special tasks. The ANT developers have a clear preference for planting their malicious code in so-called BIOS, software located on a computer’s motherboard that is the first thing to load when a computer is turned on.

This has a number of valuable advantages: an infected PC or server appears to be functioning normally, so the infection remains invisible to virus protection and other security programs. And even if the hard drive of an infected computer has been completely erased and a new operating system is installed, the ANT malware can continue to function and ensures that new spyware can once again be loaded onto what is presumed to be a clean computer. The ANT developers call this “Persistence” and believe this approach has provided them with the possibility of permanent access.

Again, this is not surprising. It’s just a means of doing what the NSA wants to acquire.

Still, it highlights the degree to which most fearmongering claims the NSA makes may well be projection about its own activities.

That said, given the list of companies whose products they’ve compromised, it may serve as a kind of suicide bomb against the tech industry:

  • Juniper Networks
  • Cisco
  • Huawei
  • Western Digital
  • Seagate
  • Maxtor
  • Samsung

Again, that ANT tampers with Huawei products is not surprising, but it is ironic, given that we not only won’t let Huawei do business in the US, but increasingly want to keep them out of our close allies’ networks, all because of concerns China would require the company to insert back doors into Huawei equipment.

Maybe those back doors are really NSA’s?

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

24 replies
  1. Jim White says:

    But, but, but. NSA only wants to put spyware in your BIOS so that they can keep you safe.

    From Chinese doomsday BIOS hackers, among others.

    Or is it, “We must destroy the BIOS in order to save it”?

    They could go either way here.

  2. milkshaken says:

    I think it is really good that Snowden did not get his hands on those Sensitive Compartmented Information from Special Access Programs. Because, only Clapper knows what would have happen then…

  3. orionATL says:

    the last four of those listed are very well known manufacturers of hard drives for personal computers. this implies that nsa has gained permanent access to the content of hard rives on a computer?

    i don’t know the proportion of, e.g., western digital’s, sales that are harddrives- internal and external – but i would guess it is very large.

    corporate suicide?

    or corporate murder carried out by nationalsecurityassholes, inc.?

    individual computers, those devices we call desktops, laptops, etc also have a bios that boots up the entire computer, or more precisely, boots up the operating system, which in turn controls any peripherals like a hard drives, printers, scanners, etc.

    i feel so grateful and so much safer knowing this, nonetheless, come monday i’m putting in a call to my broker.

  4. P J Evans says:

    NSA: leading by projection.
    Just like the GOP-T, they attribute to others the wish to do what they do themselves.

  5. milkshaken says:

    I imagine the TAO elves getting themselves terribly busy in their workshops just before the Christmas – so many mail packages with laptops to open and to update… Because, in post-9/11 US, the BIOS boots You!

  6. orionATL says:

    a tiny bit of historical background:




    “… Western Digital:

    Western Digital Corporation (WDC) is the second largest computer hard disk drive manufacturer in the world. They have a long history as an integrated circuit maker and a storage products company. Founded as General Digital in April 1970 by Motorola employee Alvin B. Phillips, the company initially manufactured MOS test equipment. Then, with start-up capital provided by several individual investors and industrial giant Emerson Electric Company, the company specialized in making semiconductors. It became Western Digital in 1971 and soon after launched its first product, the WD1402A UART. The WD1771 and its kin were WDC’s first entries into the data storage industry.

    In 1988, WDC bought the hard drive production assets of computer hardware maker Tandon. The “Centaur” series of ATA and XT attachment drives resulted.

    In 2001, WDC became the first manufacturer to offer mainstream ATA hard disk drives with 8 MB of cache buffer (instead of the 2 MB of buffer commonly found in desktop drives at the time). The first drive with 8 MB cache was the 100 GB WD1000JB; other models with capacities from 40 GB to 250 GB soon followed.

    In 2003, WDC offered the first 10,000 rpm Serial ATA HDD: the WD360GD “Raptor”. It has a capacity of 36 GB and an average access time of less than 6 ms.

    In 2006, WDC introduced its My Book line of mass market external hard drives that feature a compact book-like design.

    In 2007, WDC released several editions of a single 1 TB hard drive.

    In 2008, WDC announced the next generation of its 10,000 rpm SATA WD Raptor series of hard drives.

    In 2009, WDC shipped the first 2 TB internal hard drive and announced the first 1 TB mobile hard disk drive, which shipped as both a Passport series portable USB drive as well as a Scorpio Blue series notebook drive. Also in this year, the acquisition of Siliconsystems, Inc. permitted WDC to enter the solid-state drive market.

    In 2010, WDC announced the first 3 TB internal hard disk drive…”

    “… Seagate:

    Seagate Technology is a hard drive and storage solution manufacturer that was founded in 1979 by Alan Shugart and Finis Conner. Based in Scotts Valley, California and registered in the Cayman Islands, the company was initially founded under the name “Shugart Technology.” As one of the world’s biggest computer hard disk drive manufacturers, Seagate’s products can be found in many types of computers (i.e. servers, desktops, laptops) and consumer devices (i.e. digital video recorders, Sony PlayStation 3, Microsoft Xbox, Creative Zen Micro). Seagate is also the world’s oldest independent hard disk drive manufacturer. Their first product released in 1980 was the ST-506, the first hard disk that fit into the 5.25″ form factor of the Shugart “mini-floppy” drive. In the early 1980s, Seagate became a major OEM supplier for IBM’s first personal computer (PC) to contain a hard disk drive, the XT, which resulted in large volumes of sales (as IBM was the dominant supplier of PCs at the time). Throughout the 1980s, Seagate mainly sold ‘simple’ hard disks which were derivatives of the original ST-506 design. These included the popular ST-225 20 MB disks and ST-251 40 MB disks but Seagate also sold other disks equipped with the faster voice coil technology. After co-founder Finis Conner left Seagate in early 1985 and following an unsuccessful attempt at starting his own company, he was employed briefly as CEO at Computer Memories Inc. (CMI). Connor then founded Conner Peripherals in 1986, which originally offered small-form-factor drives for laptops, but later also offered tape drives after the purchase of Archive Corporation. In 1996, after ten years as an independent company, Conner Peripherals merged with Seagate.

    In 1989, Seagate acquired Control Data Corporation’s (CDC) MPI/Imprimis disk storage division to gain access to their competitive advanced head development capabilities as well as their voice coil and disk-manufacturing patents. The purchase also gave access to a high end server customer base and the first 5400 RPM drives on the market, the CDC Elite series.

    Notable Seagate products included the Barracuda in 1992, the industry’s first hard disk with a 7200 RPM spindle speed; the Cheetah in 1996, the first 10,000 RPM disk; the Medalist Pro 7200 range in 1997, the first ATA disk with a 7200 RPM spindle; the X15 in 2000, with a speed of 15,000 RPM; and the innovative “pocket hard drive” in 2005.

    In the 1990s, Seagate was mostly traded as a public company under the symbol “SGAT” on the NASDAQ system, later changing to the “SEG” symbol after moving to the NYSE system. In the mid-to-late 1990s, Seagate began to acquire storage software companies. It sold its software division to Veritas resulting in them becoming one of Veritas’ largest shareholders.

    In 2000, Seagate was made private by an investment group consisting of Seagate management, Silver Lake Partners and Texas Pacific Group. There was a 3-way merger-spinoff with Veritas Software  Veritas merged with Seagate, which was bought by the investment group. Immediately following, Veritas was spun off to shareholders, gaining rights to Seagate Software Network and Storage Management Group, as well as Seagate’s shares in SanDisk and Dragon Systems. In May 2001, Seagate Software Information Management Group was renamed Crystal Decisions. In December 2002, Seagate re-entered the public market under the symbol “STX” on the NYSE. In December 2005, Seagate acquired rival hard disk drive manufacturer Maxtor in an all-stock deal that totaled $1.9 billion. The firms said the combination would be 10-20% accretive on a cash EPS basis after the first year of combined operations, resulting in a savings of $300 million in operating expenses. The transaction was completed in May 2001…”

  7. lefty665 says:

    “most fearmongering claims the NSA makes may well be projection about its own activities.” It is reasonable to figure that if we can do it, they may be able to too.

    A suicide bios sounds a lot like the “Dr. Strangelove” plot with the doomsday machine. Not hard to see Alexander as Gen. Jack D Ripper and Clapper as Gen. “Buck” Turgidson. Any nominations for ol’ Strangelove hisself?

  8. pdaly says:

    Of those company names on the list, most are also associated with computer routers so who needs splitters if you can just program the router to redirect traffic to the NSA first?

  9. lefty665 says:

    @bloodypitchfork: Heil yes. DiFi is inspired. The vision of Peter Sellers doing Feinstein-Strangelove in drag brightened up this dreary afternoon. Thank you.

    Hayden or John “Total Information Awareness” Poindexter would work too.

    President Muffley has already been cast. How about Major “Bat” Guano?

  10. earlofhuntingdon says:

    How silly. The Chinese needn’t use a cyber attack if they wanted to impress on the US its dependence on the Chinese economy. They have a dozen simpler ways to do it in the macroeconomy of debts, trade balances and the like. So while the Chinese could do this, and they are indeed economically powerful competitors, they look in this scenario far more like a Booze Allen or CIA contrived boogie man.

  11. milkshaken says:

    the problem with the infected BIOS is far, far worse than the “NSA-NIST Dual EC DRBG random murder generator”. Recovering hidden math that can crack RSA encryption via predicting random generator output is rather hard to do, for a non-government entity. But a BIOS-based backdoor that’s already in place can be scanned for, and utilized by any motivated criminal once the BIOS-based exploits become known…

  12. lefty665 says:

    @milkshaken: All Intel based machines for more than a decade have had back doors built in. In the newer cpus it is on die and permits out of band remote access (OOB – when the computer is “turned off”).

    BIOS based back doors are just another way to be had on those machines, but not as convenient as baked in at the hardware level.

    Hardware, firmware (bios), OS, software and liveware (c’mon click this link). On individual machines, just as we’ve seen on mass collection, NSA is exploiting every opportunity that national technical means provides.

  13. thatvisionthing says:

    Strangelove question. Why the wheelchair? FDR? What was Kubrick saying?

    Wikipedia says Strangelove is amalgam of four people: RAND Corporation strategist Herman Kahn, mathematician and Manhattan Project principal John von Neumann, rocket scientist Wernher von Braun (a central figure in Nazi Germany’s rocket development program recruited to the US after the war), and Edward Teller, the “father of the hydrogen bomb.” Were any of them in wheelchairs?

    Over in the ew’s Pauley post, I mentioned Pearl Harbor and Robert Stinnett. There’s a series of Stinnett interviews here that stretch over 10 years: http://www.correntewire.com/fdr_and_pearl_harbor_scott_hortons_2013_interview_of_robert_stinnett_author_of_day_of_deceit — that’s the last, links to the rest. And on Amazon you can search inside his book Day of Deceit. Stinnett says Pearl Harbor was part of a (U.S. Navy!) eight-point plan to provoke Japan into striking first that FDR approved and started implementing in October 1940 as a back door to war with Germany that FDR believed had to happen but that Americans overwhelmingly opposed. Days earlier, in September 1940, Japan, Germany and Italy had signed the Tripartite Pact that if one was attacked, the others would join and help. Before Pearl Harbor 80% of Americans opposed entering “Europe’s war,” the day after Pearl Harbor that totally flipped. Stinnett did the research, did the FOIAing, served in the Pacific in WWII, and doesn’t blame FDR, doesn’t see him as a monster, thinks he had no other option. But you can search all the interviews and the book and find no mention of Einstein or his 1939 letter to FDR that led to the Manhattan Project and that some suggest was a reason FDR was so determined to get America into war with Germany.

    Stinnett’s the one who found the documents and published Day of Deceit in December 1999; Kubrick died in March 1999, so he couldn’t have read the book. But it turns out others from the start believed FDR provoked Pearl Harbor or left the door open for it to happen. There’s been a long-running [academic battle?] between the “court historians” and the “revisionists” – they have names for each other.

    What did Kubrick know? I’ve been wondering why the wheelchair. And like with Lincoln and Kennedy, I wonder what would have happened if FDR had lived. Would FDR have dropped the bomb?

  14. thatvisionthing says:

    Waiting for someone to mention badBIOS and put it in context here –


    Another intriguing characteristic: in addition to jumping “airgaps” designed to isolate infected or sensitive machines from all other networked computers, the malware seems to have self-healing capabilities.

    “We had an air-gapped computer that just had its [firmware] BIOS reflashed, a fresh disk drive installed, and zero data on it, installed from a Windows system CD,” Ruiu said. “At one point, we were editing some of the components and our registry editor got disabled. It was like: wait a minute, how can that happen? How can the machine react and attack the software that we’re using to attack it? This is an air-gapped machine and all of a sudden the search function in the registry editor stopped working when we were using it to search for their keys.”

    Over the past two weeks, Ruiu has taken to Twitter, Facebook, and Google Plus to document his investigative odyssey and share a theory that has captured the attention of some of the world’s foremost security experts. The malware, Ruiu believes, is transmitted though USB drives to infect the lowest levels of computer hardware. With the ability to target a computer’s Basic Input/Output System (BIOS), Unified Extensible Firmware Interface (UEFI), and possibly other firmware standards, the malware can attack a wide variety of platforms, escape common forms of detection, and survive most attempts to eradicate it.

    But the story gets stranger still. In posts here, here, and here, Ruiu posited another theory that sounds like something from the screenplay of a post-apocalyptic movie: “badBIOS,” as Ruiu dubbed the malware, has the ability to use high-frequency transmissions passed between computer speakers and microphones to bridge airgaps.

  15. Frank33 says:

    Please say it ain’t so Joe…Der Spiegel has report about No Such Agency spying the old fashioned way. They are themselves an Original Equipment Manufacturer, OEM, and customizing the hardware and software, with customized hardware and software, or “bugs”.

    If a target person, agency or company orders a new computer or related accessories, for example, TAO can divert the shipping delivery to its own secret workshops. The NSA calls this method interdiction. At these so-called “load stations,” agents carefully open the package in order to load malware onto the electronics, or even install hardware components that can provide backdoor access for the intelligence agencies. All subsequent steps can then be conducted from the comfort of a remote computer.

    This will certainly inspire other governments and corporations.

    And Dr. Strangelove=Dr. Kissinger.

  16. bloodypitchfork says:

    @thatvisionthing:”But the story gets stranger still” unquote

    If they discover bios sucking alien parasites..I’m goin back to analog. :)

    quote”And Dr. Strangelove=Dr. Kissinger.”unquote

    DOH!!! of course.

  17. thatvisionthing says:

    @Frank33: The rest of the paragraph from wikipedia:


    There is a common misconception that the character was based on Henry Kissinger, but Kubrick and Sellers denied this;[13] Sellers said, “Strangelove was never modeled after Kissinger—that’s a popular misconception. It was always Wernher Von Braun.”[14]

    Love [13]:


    As Kubrick worked on the script, the tone shifted away from seriousness and more and more to that of a “nightmare comedy.” Kubrick said, “After a month or so, I began to realize that all the things I was throwing out were the things that were the most truthful. After all, what could be more absurd that the very idea of 2 mega-powers willing to wipe out all human life because of an accident, spiced up by political difference that will seem as meaningless to people in a hundred years from now as the theological conflicts of the Middle Ages seem to us today?” (Starr).

    Kubrick summarized, “Confront a man in his office with a nuclear alarm, and you have a documentary. If the news reaches him in his living room, you have a drama. If it catches him in the lavatory, the result is comedy.”

    “Kubrick spoke of how he became struck by people’s virtual listless acquiescence in the possibility–in fact the increasing probability–of nuclear war by either design or accident. Dr. Strangelove was undertaken with the conscious aim of sounding an alert that would startle people into a response and even resistance to such a fate. And, laughter, not for the first time was the device selected to penetrate the sound proofing of the paralyzed will.” (Walker). Kubrick and Sellers shared the conviction that power figures are impotent in one way or another, and riffed on the motif of sexual panic motivating deadly military strategy.

  18. Helmut Monotreme says:

    @thatvisionthing:I think I read somewhere that Peter Sellers was also going to play Major Kong. However, a misstep in the bomb bay of the B-52 led to a foot or ankle injury for Sellers, leading to the wheelchair for Sellers and the casting of Slim Pickens as Major Kong.

Comments are closed.