Companies are rather particular about their firmware and technical secrets. It's likely that companies will become more tight lipped when it comes to their tech. This news may cause hdd manufacturers to stop biding on US government contracts, due to the us govt often asking for source code to audit (which is done by the NSA, and who could easily just keep the code afterwards).

Other countries are already starting to restrict what tech they will accept, if it has had the NSA's hands on it, they'll likely avoid it. China has gone a step further even, they now REQUIRE source code. Which I really don't see happening, so we'll see what happens there.

The problem there though is, the NSA and even China can just get their guys hired at those companies and steal the firmware that way. Not all that hard. Or just hack into the companies systems.

It's unlikely to be possible for a mere mortal to detect it. The HDD controller is completely opaque to the host system. It in fact completely lies all the time to the host about the drive itself. You know that CHS crap? It's been a lie since the early ATA days, if not earlier (MFM?). These days they even lie about their sector size. Many larger HDDs are now 4K sector drives, but will advertise 512B sectors to be compatible with old operating systems.

So long as the firmware behaves the same as it did before the infection, I really doubt there's much that can be done to detect it. The firmware can just secretly write data to a file some place, and the OS can't (easily^[1]) detect that happening. One possible method might be to check the exact advertised size of the disk. Drives these days are standardized in size, to the byte level, if they are smaller, then something is using up extra space. Of course the drive could leave the size alone, and just return errors, or read from another location when an attempt is made to read the location that stores the data needed to infect the host. Of course that assumes they even need to store the payload on the platters, there might be enough room on the firmware flash. Good luck detecting that.

I've read that some manufacturers may have bid on DOD projects, and the gov't could have asked for code to audit. the NSA is the one that does the audit, so yeah. Otherwise as a global company, I'd be wary of letting the Govt get its hands on my code.

You can detect a regular malware infection in the host yes. But the actual infection in the hd controller, not so much. There's no way to access it from the host, and the controller itself can only access the platter, and maybe the host through bugs in the AHCI driver (maybe?).

Actually reporting a smaller size is going to be rather easy to detect. So I think they probably didn't go that route.

I doubt their firmware is smart enough to hack a pass-through box running Wireshark on Linux to hide specific packets it didn't send.

But even if you wanted to be that tinfoily, hell, run ARM Linux on a Raspberry Pi running on a SD card. It says they had to specifically target EACH hard drive type with PROPRIETARY firmware codes. If you're not running a common HDD, SSD, or flash drive, then it's not likely to be hacked. You could even run a pre-1996 HDD if you were that scared, since there is no evidence the group/department existed before 1996. It certainly wouldn't exist before popular-internet, since its entire purpose is to use the internet.

The virus (clearly an NSA project) also is designed to remove itself after a set period if the control hub doesn't deem it as worthy. It was not designed to spy on everyone, but only specific targets. I applaud them for that foresight and professionalism, but of course that doesn't make me not angry for the intrusion akin to breaking into everyone's house but leaving everything undisturbed if they didn't find any drugs.

Not sure what they'd need to hide on the actual disk. Probably got lots of space on the firmware flash.. But if they have to, there's a lot of spare blocks allocated they can use for a smallish amount of data.

I highly doubt they limited themselves to just iran.

Looking through the Wikipedia page for Stuxnet, it seems pretty obvious that Stuxnet was designed by cooperating with the US and Israel, and this part I didn't know, it's been hinted that Israel was considering a military attack on Iran to stop their Nuke program and the USA started (or at least utilized) this program as a less invasive stop-gap. Then again, I'm sure Israel often exaggerates its plans to get the USA to play ball.

I recall a similar strategy during the first Gulf War threatening to enter Iraq if the USA didn't stop Saddam from lobbing missiles at them, which effectively took large numbers of needed US aircraft away from the battlefield to do nothing but comb the desert for needle in the haystack guerrilla missile launching sites. (Spoiler: It didn't work.)

[edit] Oh my gosh is this an awesome quote about Iraq from none other than Darth Vader himself:

Wikipedia and 2-part Frontline special.

http://www.pbs.org/wgbh/pages/frontline/gulf/

Because as we all know, local news is never ever biased, or leaves out details about interaction with other countries.

Look out! There's a conspiracy around every corner!

**RUN!!! THE PARANOIDS ARE COMING!!!**