

Destroying your hard drive is the only way to stop this super-advanced malware - Varcht
http://www.pcworld.com/article/2884952/equation-cyberspies-use-unrivaled-nsastyle-techniques-to-hit-iran-russia.html

======
ocdtrekkie
The government used to accept overwriting a hard drive several times with
random bits as an acceptable wipe. Then they changed to insisting destroying a
hard drive was the only solution. Now we know why. ;)

~~~
lawnchair_larry
Suddenly, the order for the Guardian to destroy everything with a
microcontroller makes sense. It's funny because to mere mortals, that is a
ridiculous thing to do, but to people in the spying world, it's routine.

~~~
AlyssaRowan
Not just that - they have _some_ kind of attempt at an implant against all of
those, with varying success. (In a way, it actually leaked their
capabilities!)

------
hga
Heh. Or just use SAS (Serial Attached SCSI) disk drives. Heck, my boot drives
are hidden behind an el-cheapo LSI board that mirrors them, even experts find
it _very_ difficult to talk directly to those drives (a perhaps unique case
for this 200x board/chipset family).

On the other hand, my next system will almost certainly include flash drives,
and I gather the inefficiencies and imperfections of ATA don't matter so much
with them, and staying in that ecosystem is of course cheaper. But maybe like
their true enterprise magnetic disks, SAS flash drives are better.

It's quite interesting to witness such a dramatic and quick change in how we
build systems, but I'm glad circumstances forced me to build my current
systems before using flash drives was safe enough (for me).

~~~
lawnchair_larry
Flash drives are way worse. They are overprovisioned to allow for wear
leveling, which means they already contain a ton of extra shadow storage that
the controller is already programmed to make invisible. At least with a
regular HDD, the owner could notice that some space is missing.

~~~
AlyssaRowan
Wrong: actually, hard disks also have some unallocated sectors on the platters
for both bad-sector replacement and firmware storage, and this is also
completely masked out from the (S)ATA interface.

Bearing in mind I don't have a proper sample - IRATEMONK does not _seem_ to be
engineered to try to persist through a hard drive firmware flash, via software
or via serial/JTAG. So, if you really are actually affected by this - _please
save your drive for analysis!_

Presumably such events are _very_ rare - seriously, when did you last update
your hard drive's firmware? Except for SSDs, did you even know that you could?

I wonder if the SSD version - I _know_ one exists, I've seen the intern
project to port it to the Indilinx Barefoot - tries? I'm guessing -
speculation - probably not, that's the kind of thing they'd probably want to
handle manually - they've definitely got the budget to keep them updated
across revisions, and maybe losing persistence is _probably_ preferable to
accidental bricking exposing their RAT, although that doesn't account for the
occasional fuckup - and well, thinking about it, people kind of _expect_ hard
drives to die on them on occasion, don't they? Still, a pattern of failures of
a model would stick out.

~~~
lawnchair_larry
By seen the SSD intern project, do you mean the der speigel document?

