[rottenfool]

IrateMonk is especially troubling - it installs itself on hard disk firmware, and supports all the major manufacturers: Western Digital, Seagate, Samsung etc. Now that it's known to exist, it's just a matter of time until some enterprising malware author will do the same...

[acdha]

These attacks have all been well understood as possible within the security community for years. People have demonstrated firmware exploits at security conferences and things like Microsoft's secure boot were explicitly designed to prevent this kind of threat.

Put another way, if you found that an intelligence agency had cool lock-picking tech would it change anything? Maybe it's surprisingly fast, leaves fewer traces, etc. but … it's not exactly a secret that they're in this business and this kind of thing is far less troubling than wide-scale surveillance because it still requires explicitly targeting specific people.

[mschuster91]

The callsigns have been there for a long time - only two or three weeks ago there was some guy who ran Linux on his harddrive. Literally. I think even the #badBIOS affair might have had its roots in a NSA black op gone bad... and nothing's off the radar anymore, these days.

Honestly, I wouldn't be surprised if there's a leak of a satellite with microwave/RF radar able to penetrate and fry electronic equipment in a centimetre-fine location.