Feb 16, 2015
A top technology security firm announced on Monday that they have uncovered evidence that sophisticated spying software, likely linked to the National Security Agency, was implanted in the hard drives of personal computers across the globe.
Researchers with the Moscow-based Kaspersky Lab introduced their findings while presenting at the Kaspersky Security Analyst Summit in Cancun, Mexico, and also published an initial paper (pdf) Monday on what they consider "the most advanced threat actor" they've seen to date.
Dubbed the Equation Group, the suite of surveillance platforms has been found in hard drives made by Western Digital, Seagate, Toshiba and other top manufacturers, and located in personal computers in 30 countries, with the most infections seen in Iran, followed by Russia, Pakistan, Afghanistan, China, Mali, Syria, Yemen and Algeria, Kaspersky said.
The targets reportedly included government and military institutions, telecommunication companies, banks, energy companies, nuclear researchers, media, and Islamic activists.Although the firm did not publicly name the source behind the spying campaign, they said the Equation Group "worm" was closely linked to Stuxnet, the cyberweapon the U.S. used to attack Iran's uranium enrichment facility beginning in late 2007.
The New York Times reports that, in many cases, the powerful software is able to "grab the encryption keys off a machine, unnoticed, and unlock scrambled contents. Moreover, many of the tools are designed to run on computers that are disconnected from the Internet, which was the case in the computers controlling Iran's nuclear enrichment plants."
As the Times notes, the Russian tech firm is a trusted source among cyber security experts worldwide and is uniquely positioned to observe some U.S. surveillance tactics. The Times reports:
The fact that security software made by Kaspersky Lab is not used by many American government agencies has made it more trusted by other governments, like those of Iran and Russia, whose systems are closely watched by United States intelligence agencies. That gives Kaspersky a front-row seat to America's digital espionage operations.
Further, a former NSA employee toldReuters that the U.S. spy agency "still valued these spying programs as highly as Stuxnet." Another former intelligence operative reportedly confirmed to Reuters that the NSA "had developed the prized technique of concealing spyware in hard drives, but said he did not know which spy efforts relied on it."
After being given an advance look at the Kaspersky findings, WIREDreported on the capabilities of the newly uncovered surveillance software:
The new platforms, which appear to have been developed in succession with each one surpassing the previous in sophistication, can give the attackers complete and persistent control of infected systems for years, allowing them to siphon data and monitor activities while using complex encryption schemes and other sophisticated methods to avoid detection. The platforms also include an innovative module, the likes of which Kaspersky has never seen before, that re-flashes or reprograms a hard drive's firmware with malicious code to turn the computer into a slave of the attackers.
News that the U.S. spy agency had manually implanted personal computers with surveillance technology was also revealed in documents leaked by NSA whistleblower Edward Snowden.
Reporting on the Kaspersky presentation, Reuters notes, "Though the leaders of the still-active espionage campaign could have taken control of thousands of PCs, giving them the ability to steal files or eavesdrop on anything they wanted, the spies were selective and only established full remote control over machines belonging to the most desirable foreign targets."
In an interview, lead Kaspersky researcher Costin Raiu explained that the authors of the spying programs "must have had access to the proprietary source code that directs the actions of the hard drives."
Though hard drive manufacturers denied sharing such information with the government, former intelligence operatives confirmed to Reuters that "the NSA has multiple ways of obtaining source code from tech companies, including asking directly and posing as a software developer."
"They don't admit it, but they do say, 'We're going to do an evaluation, we need the source code,'" said Vincent Liu, a partner at security consulting firm Bishop Fox and former NSA analyst. "It's usually the NSA doing the evaluation, and it's a pretty small leap to say they're going to keep that source code."
In the days to come, Kaspersky says it will be releasing further information on its discovery.
"As we uncover more of these cyber espionage operations we realize how little we understand about the true capabilities of these threat actors," Raiu told WIRED.
Join Us: News for people demanding a better world
Common Dreams is powered by optimists who believe in the power of informed and engaged citizens to ignite and enact change to make the world a better place. We're hundreds of thousands strong, but every single supporter makes the difference. Your contribution supports this bold media model—free, independent, and dedicated to reporting the facts every day. Stand with us in the fight for economic equality, social justice, human rights, and a more sustainable future. As a people-powered nonprofit news outlet, we cover the issues the corporate media never will. |
Our work is licensed under Creative Commons (CC BY-NC-ND 3.0). Feel free to republish and share widely.
Lauren McCauley
Lauren McCauley is a former senior editor for Common Dreams covering national and international politics and progressive news. She is now the Editor of Maine Morning Star. Lauren also helped produce a number of documentary films, including the award-winning Soundtrack for a Revolution and The Hollywood Complex, as well as one currently in production about civil rights icon James Meredith. Her writing has been featured on Newsweek, BillMoyers.com, TruthDig, Truthout, In These Times, and Extra! the newsletter of Fairness and Accuracy in Reporting. She currently lives in Kennebunk, Maine with her husband, two children, a dog, and several chickens.
A top technology security firm announced on Monday that they have uncovered evidence that sophisticated spying software, likely linked to the National Security Agency, was implanted in the hard drives of personal computers across the globe.
Researchers with the Moscow-based Kaspersky Lab introduced their findings while presenting at the Kaspersky Security Analyst Summit in Cancun, Mexico, and also published an initial paper (pdf) Monday on what they consider "the most advanced threat actor" they've seen to date.
Dubbed the Equation Group, the suite of surveillance platforms has been found in hard drives made by Western Digital, Seagate, Toshiba and other top manufacturers, and located in personal computers in 30 countries, with the most infections seen in Iran, followed by Russia, Pakistan, Afghanistan, China, Mali, Syria, Yemen and Algeria, Kaspersky said.
The targets reportedly included government and military institutions, telecommunication companies, banks, energy companies, nuclear researchers, media, and Islamic activists.Although the firm did not publicly name the source behind the spying campaign, they said the Equation Group "worm" was closely linked to Stuxnet, the cyberweapon the U.S. used to attack Iran's uranium enrichment facility beginning in late 2007.
The New York Times reports that, in many cases, the powerful software is able to "grab the encryption keys off a machine, unnoticed, and unlock scrambled contents. Moreover, many of the tools are designed to run on computers that are disconnected from the Internet, which was the case in the computers controlling Iran's nuclear enrichment plants."
As the Times notes, the Russian tech firm is a trusted source among cyber security experts worldwide and is uniquely positioned to observe some U.S. surveillance tactics. The Times reports:
The fact that security software made by Kaspersky Lab is not used by many American government agencies has made it more trusted by other governments, like those of Iran and Russia, whose systems are closely watched by United States intelligence agencies. That gives Kaspersky a front-row seat to America's digital espionage operations.
Further, a former NSA employee toldReuters that the U.S. spy agency "still valued these spying programs as highly as Stuxnet." Another former intelligence operative reportedly confirmed to Reuters that the NSA "had developed the prized technique of concealing spyware in hard drives, but said he did not know which spy efforts relied on it."
After being given an advance look at the Kaspersky findings, WIREDreported on the capabilities of the newly uncovered surveillance software:
The new platforms, which appear to have been developed in succession with each one surpassing the previous in sophistication, can give the attackers complete and persistent control of infected systems for years, allowing them to siphon data and monitor activities while using complex encryption schemes and other sophisticated methods to avoid detection. The platforms also include an innovative module, the likes of which Kaspersky has never seen before, that re-flashes or reprograms a hard drive's firmware with malicious code to turn the computer into a slave of the attackers.
News that the U.S. spy agency had manually implanted personal computers with surveillance technology was also revealed in documents leaked by NSA whistleblower Edward Snowden.
Reporting on the Kaspersky presentation, Reuters notes, "Though the leaders of the still-active espionage campaign could have taken control of thousands of PCs, giving them the ability to steal files or eavesdrop on anything they wanted, the spies were selective and only established full remote control over machines belonging to the most desirable foreign targets."
In an interview, lead Kaspersky researcher Costin Raiu explained that the authors of the spying programs "must have had access to the proprietary source code that directs the actions of the hard drives."
Though hard drive manufacturers denied sharing such information with the government, former intelligence operatives confirmed to Reuters that "the NSA has multiple ways of obtaining source code from tech companies, including asking directly and posing as a software developer."
"They don't admit it, but they do say, 'We're going to do an evaluation, we need the source code,'" said Vincent Liu, a partner at security consulting firm Bishop Fox and former NSA analyst. "It's usually the NSA doing the evaluation, and it's a pretty small leap to say they're going to keep that source code."
In the days to come, Kaspersky says it will be releasing further information on its discovery.
"As we uncover more of these cyber espionage operations we realize how little we understand about the true capabilities of these threat actors," Raiu told WIRED.
Lauren McCauley
Lauren McCauley is a former senior editor for Common Dreams covering national and international politics and progressive news. She is now the Editor of Maine Morning Star. Lauren also helped produce a number of documentary films, including the award-winning Soundtrack for a Revolution and The Hollywood Complex, as well as one currently in production about civil rights icon James Meredith. Her writing has been featured on Newsweek, BillMoyers.com, TruthDig, Truthout, In These Times, and Extra! the newsletter of Fairness and Accuracy in Reporting. She currently lives in Kennebunk, Maine with her husband, two children, a dog, and several chickens.
A top technology security firm announced on Monday that they have uncovered evidence that sophisticated spying software, likely linked to the National Security Agency, was implanted in the hard drives of personal computers across the globe.
Researchers with the Moscow-based Kaspersky Lab introduced their findings while presenting at the Kaspersky Security Analyst Summit in Cancun, Mexico, and also published an initial paper (pdf) Monday on what they consider "the most advanced threat actor" they've seen to date.
Dubbed the Equation Group, the suite of surveillance platforms has been found in hard drives made by Western Digital, Seagate, Toshiba and other top manufacturers, and located in personal computers in 30 countries, with the most infections seen in Iran, followed by Russia, Pakistan, Afghanistan, China, Mali, Syria, Yemen and Algeria, Kaspersky said.
The targets reportedly included government and military institutions, telecommunication companies, banks, energy companies, nuclear researchers, media, and Islamic activists.Although the firm did not publicly name the source behind the spying campaign, they said the Equation Group "worm" was closely linked to Stuxnet, the cyberweapon the U.S. used to attack Iran's uranium enrichment facility beginning in late 2007.
The New York Times reports that, in many cases, the powerful software is able to "grab the encryption keys off a machine, unnoticed, and unlock scrambled contents. Moreover, many of the tools are designed to run on computers that are disconnected from the Internet, which was the case in the computers controlling Iran's nuclear enrichment plants."
As the Times notes, the Russian tech firm is a trusted source among cyber security experts worldwide and is uniquely positioned to observe some U.S. surveillance tactics. The Times reports:
The fact that security software made by Kaspersky Lab is not used by many American government agencies has made it more trusted by other governments, like those of Iran and Russia, whose systems are closely watched by United States intelligence agencies. That gives Kaspersky a front-row seat to America's digital espionage operations.
Further, a former NSA employee toldReuters that the U.S. spy agency "still valued these spying programs as highly as Stuxnet." Another former intelligence operative reportedly confirmed to Reuters that the NSA "had developed the prized technique of concealing spyware in hard drives, but said he did not know which spy efforts relied on it."
After being given an advance look at the Kaspersky findings, WIREDreported on the capabilities of the newly uncovered surveillance software:
The new platforms, which appear to have been developed in succession with each one surpassing the previous in sophistication, can give the attackers complete and persistent control of infected systems for years, allowing them to siphon data and monitor activities while using complex encryption schemes and other sophisticated methods to avoid detection. The platforms also include an innovative module, the likes of which Kaspersky has never seen before, that re-flashes or reprograms a hard drive's firmware with malicious code to turn the computer into a slave of the attackers.
News that the U.S. spy agency had manually implanted personal computers with surveillance technology was also revealed in documents leaked by NSA whistleblower Edward Snowden.
Reporting on the Kaspersky presentation, Reuters notes, "Though the leaders of the still-active espionage campaign could have taken control of thousands of PCs, giving them the ability to steal files or eavesdrop on anything they wanted, the spies were selective and only established full remote control over machines belonging to the most desirable foreign targets."
In an interview, lead Kaspersky researcher Costin Raiu explained that the authors of the spying programs "must have had access to the proprietary source code that directs the actions of the hard drives."
Though hard drive manufacturers denied sharing such information with the government, former intelligence operatives confirmed to Reuters that "the NSA has multiple ways of obtaining source code from tech companies, including asking directly and posing as a software developer."
"They don't admit it, but they do say, 'We're going to do an evaluation, we need the source code,'" said Vincent Liu, a partner at security consulting firm Bishop Fox and former NSA analyst. "It's usually the NSA doing the evaluation, and it's a pretty small leap to say they're going to keep that source code."
In the days to come, Kaspersky says it will be releasing further information on its discovery.
"As we uncover more of these cyber espionage operations we realize how little we understand about the true capabilities of these threat actors," Raiu told WIRED.
We've had enough. The 1% own and operate the corporate media. They are doing everything they can to defend the status quo, squash dissent and protect the wealthy and the powerful. The Common Dreams media model is different. We cover the news that matters to the 99%. Our mission? To inform. To inspire. To ignite change for the common good. How? Nonprofit. Independent. Reader-supported. Free to read. Free to republish. Free to share. With no advertising. No paywalls. No selling of your data. Thousands of small donations fund our newsroom and allow us to continue publishing. Can you chip in? We can't do it without you. Thank you.