What happens when increasingly unprotected and already vulnerable US voting systemss meet Putin's latest spyware weapon? A recipe for a blue wave that vanishes before it's ever recorded.
Russia’s GRU has secretly developed and deployed new malware that’s virtually impossible to eradicate, capable of surviving a complete wipe of a target computer’s hard drive, and allows the Kremlin’s hackers to return again and again.
The malware, uncovered by the European security company ESET, works by rewriting the code flashed into a computer’s UEFI chip, a small slab of silicon on the motherboard that controls the boot and reboot process. Its apparent purpose is to maintain access to a high-value target in the event the operating system gets reinstalled or the hard drive replaced—changes that would normally kick out an intruder.
It’s proof that the hackers known as Fancy Bear “may be even more dangerous than previously thought,” company researchers wrote in a blog post. They’re set to present a paper on the malware at the Blue Hat security conference Thursday.
U.S. intelligence agencies have identified Fancy Bear as two units within Russia’s military intelligence directorate, the GRU, and last July Robert Mueller indicted 12 GRU officers for Fancy Bear’s U.S. election interference hacking.
The advanced malware shows the Kremlin’s continued investment in the hacking operation that staged some of the era’s most notorious intrusions, including the 2016 Democratic National Committee hack. The GRU’s hackers have been active for at least 12 years, breaching NATO, Obama’s White House, a French television station, the World Anti-Doping Agency, countless NGOs, and military and civilian agencies in Europe, Central Asia, and the Caucasus. Last year, they targeted targeted Democratic Sen. Claire McCaskill, who’s facing a hotly contested 2018 re-election race.
“There’s been no deterrence to Russian hacking,” said former FBI counterterrorism agent Clint Watts, a research fellow at the Foreign Policy Research Institute. “And as long as there’s no deterrence, they’re not going to stop, and they’re going to get more and more sophisticated.”
As sophisticated as it is, Russia’s new malware works only on PCs with security weaknesses in the existing UEFI configuration. It also isn’t the first code to hide in the UEFI chip. Security researchers have demonstrated the vulnerability with proof-of-concept code in the past, and a 2015 leak showed that commercial spyware manufacturer Hacking Team offered UEFI persistence as an option in one of their products. There’s even evidence that Fancy Bear borrowed snippets of Hacking Team’s code, ESET said.
Malware that invades the motherboard and is impossible to get rid of? Sounds like the perfect weapon to wreck America on, say, an important election.
Not saying it's going to happen of course, but then again, there's no reason to believe that the Trump regime is going to do anything should Russia decide to make a move using this little surprise, either...