Russian researchers say they have found a complex system of spy software in many computers of multinational corporations around the world.
The programs were reportedly discovered by Kaspersky Lab, a Moscow-based cybersecurity agency. The agency said it had exposed the spying software in computers from countries including Iran, China, Afghanistan, Pakistan and Russia. According to Reuters, “the targets included government and military institutions, telecommunication companies, banks, energy companies, nuclear researchers, media and Islamic activists.”
While Kaspersky Lab did not reveal the name of the country behind the spying scandal, it did say the perpetrator was related to Stuxnet, a National Security Agency-created cyber-weapon that was used to attack Iran’s nuclear enrichment facility. The NSA serves the interests of the U.S.
Reuters also spoke with a former NSA employee who confirmed the lab’s analysis of the situation was accurate and stressed the importance of Stuxnet. Another former employee admitted to having knowledge of the NSA’s practices in storing spyware in computer programs, but could not name which spy efforts needed it.
The spyware was reportedly securely hidden in hard drives from many well-known companies, including IBM, Western Digital and Toshiba. Continued fear of U.S. spying would further tarnish the reputation of U.S. tech companies and the security agency, which came under scrutiny following NSA leaks by Edward Snowden in 2013.
Top executives affiliated with the computer companies are not sure how the computers were so easily infiltrated. A spokesman for Western Digital, one of the companies alleged to have spyware in its products, said the company “has not provided its source code to government agencies.”
Former intelligence workers believe the NSA has many ways to obtain information or time to encrypt different spyware programs in computers. For example, if a company wants to work with the government by buying or selling products, the NSA has the right to check the companies’ source code, which then enables the government to use the code permanently.
While Western Digital said it had no knowledge of any of these programs taking place, Toshiba and IBM declined to comment on the situation.