In July 2013, GCHQ, Britain’s equivalent of the U.S. National Security Agency, forced journalists at the London headquarters of The Guardian to completely obliterate the memory of the computers on which they kept copies of top secret documents provided to them by former NSA contractor and whistleblower Edward Snowden.
However, in its attempt to destroy information, the GCHQ also revealed intriguing details about what it did and why.
Two technologists, Mustafa Al-Bassam and Richard Tynan, visited The Guardian headquarters last year to examine the remnants of the devices. Al-Bassam is an ex-hacker who two years ago pled guilty to joining attacks on Sony, Nintendo, and other companies, and now studies computer science at King’s College; Tynan is a technologist at Privacy International with a PhD in computer science. The pair concluded, first, that GCHQ wanted The Guardian to completely destroy every possible bit of information the news outlet might retain; and second, that GCHQ’s instructions may have inadvertently revealed all the locations in your computer where information may be covertly stored.
What Al-Bassam and Tynan theorized was that the government may have targeted parts of the Apple devices that it “doesn’t trust”: pieces that can retain bits of electronic information even after the hard drive is obliterated.
These hidden memory storage locations could theoretically be taken advantage of, Tynan and Al-Bassam said, by a computer’s owner, hackers, or even the government itself, either during its design phase or after the computer is purchased. The Russian cybersecurity firm Kaspersky Lab has presented evidence that an organization it calls “Equation Group,” and which it suspects is connected to the NSA, has developed ways to “create an invisible, persistent area hidden inside [a computer’s] hard drive” that would be virtually undetectable by the computer’s owner. This area could be used “to save exfiltrated information which can be later retrieved by the attackers.”