Once the firmware is replaced with the Trojanized version, the flasher module creates an API that can communicate with other malicious modules on the system and also access hidden sectors of the disk where the attackers want to conceal data they intend to steal. They hide this data in the so-called service area of the hard drive disk where the hard disk stores data needed for its internal operation. This is particularly useful if the the computer has disk encryption enabled. Because the EquationDrug and GrayFish malware run in Windows, they can grab a copy of documents while they’re unencrypted and save them to this hidden area on the machine that doesn’t get encrypted. http://www.wired.com/2015/02/nsa-firmware-hacking/
Это, кстати, сообщил Касперский. Помните, Сноудена завербовало КГБ, вот и Касперский тоже из КГБ: все сходится.
