WASHINGTON (Sputnik) — A report by Kaspersky Lab that the US National Security Agency (NSA) could have infiltrated computer hardware to spy on foreign entities is not surprising, former Central Intelligence Agency (CIA) and State Department’s Counter-Terrorism expert Larry Johnson told Sputnik.
“The discovery that intelligence agencies are trying to collect electronic information and are doing so in a way that they are getting into other people’s sensitive information should not surprise anybody,” Johnson said. “It is like discovering that there is gambling in the casino.”
On Monday, the Russia-based computer security company Kaspersky Lab published a report documenting an advanced hacking operation conducted by a group dubbed the Equation Group.
While Kaspersky declined to state that NSA was behind the program, it did say the program was linked to Stuxnet, designed by the NSA to slow down Iran’s nuclear program.
According to Kaspersky, a spy agency was able to place malicious software code in the firmware of hard drives. Unlike traditional malicious software, the firmware spying program would enable the spy agency to control and monitor computers without being detected.
The Kaspersky report did not mention how a spy agency was able to install malicious hardware and gain access to privately held proprietary source code information to target foreign computers for espionage.
Western Digital, one of the US hardware manufacturers mentioned in the report, told Sputnik they had no prior knowledge of an alleged NSA program.
But Johnson suggested the companies may have cooperated with NSA.
“It is more likely the companies were cooperating with NSA. That does not mean that the knowledge of that cooperation would be widespread in those companies, it would be closely held,” Johnson said. “There are less risks of first enlisting the cooperation of companies that are US-based.”
“That would violate tenants of counter-intelligence 101,” Johnson said.
Responding to Sputnik requests to comment, the NSA said the spy agency is aware of the Kaspersky report but would not comment publicly.
“The US Government calls on our intelligence agencies to protect the United States, its citizens, and its allies from a wide array of serious threats — including terrorist plots from al-Qaeda, ISIL, and others; the proliferation of weapons of mass destruction; foreign aggression against ourselves and our allies; and international criminal organizations,” NSA said, adding that the agency complies with presidential decrees governing signals intelligence gathering.
A January 2014 presidential policy directive on signals intelligence said some spy activities pose a risk to the United States’ commercial interests, including a potential loss of trust in US firms.