Hiding Data from Forensic Imagers – Using the Service Area of a Hard Disk Drive

By Todd G. Shipley and Bryan Door

Kaspersky Labs® recently released their research regarding the compromise of hard disk drive firmware. This has confirmed our long standing suspicion that data hiding techniques using a hard disk drives Service Area could be used for malicious purposes. Kaspersky Labs® identified a group of attackers, dubbed the Equation Group, reportedly having close ties to the groups responsible for writing Stuxnet and Flame.

The “Equation Group” is reported to have run the most advanced hacking operation ever uncovered (Goodin 2015). This group is reported to have used firmware update techniques to create a “secret storage vault” to store data in the firmware of the compromised hard drives. Thus allowing the storage of data including the malware itself allowing the ability to survive standard format and wiping operations.

Read More

Leave a Comment