NSA BIOS Backdoor a.k.a God Mode Malware - Part 1

This article is the first part of a series on NSA BIOS Backdoor internals. Before we begin, I’d like to point out why these malware are classified as “god mode” malware. First, most of the malware use internal (NSA) codename in the realms of “gods”, such as DEITYBOUNCE, GODSURGE, etc. Secondly, these malware have capabilities similar to “god mode” cheat in video games which made the player using it close to being invincible. This is the case with this type of malware because they are very hard to detect and remove even with the most sophisticated anti malware tool during its possible deployment timeframe.

This part of the series focuses on the DEITYBOUNCE malware described in the NSA ANT Server document, leaked by Edward Snowden. The analysis presented in this article is based on technical implications of the information provided by the document. The document lacks in many technical specifics, but based on the BIOS technology at the day DEITYBOUNCE started to become operational, we can infer some technically sound hypothesis—or conclusions, if you prefer :-).

You can download the complete article in the link below.