SUBSCRIBE TO OUR FREE NEWSLETTER
Daily news & progressive opinion—funded by the people, not the corporations—delivered straight to your inbox.
5
#000000
#FFFFFF
5
#000000
#FFFFFF
New surveillance software closely linked to Stuxnet, the cyberweapon the U.S. used to attack Iran's uranium enrichment facility beginning in late 2007. (Photo: powtac/flickr/cc)
Cyber-Security Firm: NSA-Linked Spyware Found in Hard Drives Worldwide
Researchers with Kaspersky Lab describe what they say is "the most advanced threat actor" they’ve seen to date.
Feb 16, 2015
A top technology security firm announced on Monday that they have uncovered evidence that sophisticated spying software, likely linked to the National Security Agency, was implanted in the hard drives of personal computers across the globe.
Researchers with the Moscow-based Kaspersky Lab introduced their findings while presenting at the Kaspersky Security Analyst Summit in Cancun, Mexico, and also published an initial paper (pdf) Monday on what they consider "the most advanced threat actor" they've seen to date.
Dubbed the Equation Group, the suite of surveillance platforms has been found in hard drives made by Western Digital, Seagate, Toshiba and other top manufacturers, and located in personal computers in 30 countries, with the most infections seen in Iran, followed by Russia, Pakistan, Afghanistan, China, Mali, Syria, Yemen and Algeria, Kaspersky said.
The targets reportedly included government and military institutions, telecommunication companies, banks, energy companies, nuclear researchers, media, and Islamic activists.Although the firm did not publicly name the source behind the spying campaign, they said the Equation Group "worm" was closely linked to Stuxnet, the cyberweapon the U.S. used to attack Iran's uranium enrichment facility beginning in late 2007.
The New York Times reports that, in many cases, the powerful software is able to "grab the encryption keys off a machine, unnoticed, and unlock scrambled contents. Moreover, many of the tools are designed to run on computers that are disconnected from the Internet, which was the case in the computers controlling Iran's nuclear enrichment plants."
As the Times notes, the Russian tech firm is a trusted source among cyber security experts worldwide and is uniquely positioned to observe some U.S. surveillance tactics. The Times reports:
The fact that security software made by Kaspersky Lab is not used by many American government agencies has made it more trusted by other governments, like those of Iran and Russia, whose systems are closely watched by United States intelligence agencies. That gives Kaspersky a front-row seat to America's digital espionage operations.
Further, a former NSA employee told Reuters that the U.S. spy agency "still valued these spying programs as highly as Stuxnet." Another former intelligence operative reportedly confirmed to Reuters that the NSA "had developed the prized technique of concealing spyware in hard drives, but said he did not know which spy efforts relied on it."
After being given an advance look at the Kaspersky findings, WIRED reported on the capabilities of the newly uncovered surveillance software:
The new platforms, which appear to have been developed in succession with each one surpassing the previous in sophistication, can give the attackers complete and persistent control of infected systems for years, allowing them to siphon data and monitor activities while using complex encryption schemes and other sophisticated methods to avoid detection. The platforms also include an innovative module, the likes of which Kaspersky has never seen before, that re-flashes or reprograms a hard drive's firmware with malicious code to turn the computer into a slave of the attackers.
News that the U.S. spy agency had manually implanted personal computers with surveillance technology was also revealed in documents leaked by NSA whistleblower Edward Snowden.
Reporting on the Kaspersky presentation, Reuters notes, "Though the leaders of the still-active espionage campaign could have taken control of thousands of PCs, giving them the ability to steal files or eavesdrop on anything they wanted, the spies were selective and only established full remote control over machines belonging to the most desirable foreign targets."
In an interview, lead Kaspersky researcher Costin Raiu explained that the authors of the spying programs "must have had access to the proprietary source code that directs the actions of the hard drives."
Though hard drive manufacturers denied sharing such information with the government, former intelligence operatives confirmed to Reuters that "the NSA has multiple ways of obtaining source code from tech companies, including asking directly and posing as a software developer."
"They don't admit it, but they do say, 'We're going to do an evaluation, we need the source code,'" said Vincent Liu, a partner at security consulting firm Bishop Fox and former NSA analyst. "It's usually the NSA doing the evaluation, and it's a pretty small leap to say they're going to keep that source code."
In the days to come, Kaspersky says it will be releasing further information on its discovery.
"As we uncover more of these cyber espionage operations we realize how little we understand about the true capabilities of these threat actors," Raiu told WIRED.
An Urgent Message From Our Co-Founder
Dear Common Dreams reader, The U.S. is on a fast track to authoritarianism like nothing I've ever seen. Meanwhile, corporate news outlets are utterly capitulating to Trump, twisting their coverage to avoid drawing his ire while lining up to stuff cash in his pockets. That's why I believe that Common Dreams is doing the best and most consequential reporting that we've ever done. Our small but mighty team is a progressive reporting powerhouse, covering the news every day that the corporate media never will. Our mission has always been simple: To inform. To inspire. And to ignite change for the common good. Now here's the key piece that I want all our readers to understand: None of this would be possible without your financial support. That's not just some fundraising cliche. It's the absolute and literal truth. We don't accept corporate advertising and never will. We don't have a paywall because we don't think people should be blocked from critical news based on their ability to pay. Everything we do is funded by the donations of readers like you. Will you donate now to help power the nonprofit, independent reporting of Common Dreams? Thank you for being a vital member of our community. Together, we can keep independent journalism alive when it’s needed most. - Craig Brown, Co-founder |
Our work is licensed under Creative Commons (CC BY-NC-ND 3.0). Feel free to republish and share widely.
Lauren McCauley
Lauren McCauley is a former senior editor for Common Dreams covering national and international politics and progressive news. She is now the Editor of Maine Morning Star. Lauren also helped produce a number of documentary films, including the award-winning Soundtrack for a Revolution and The Hollywood Complex, as well as one currently in production about civil rights icon James Meredith. Her writing has been featured on Newsweek, BillMoyers.com, TruthDig, Truthout, In These Times, and Extra! the newsletter of Fairness and Accuracy in Reporting. She currently lives in Kennebunk, Maine with her husband, two children, a dog, and several chickens.
A top technology security firm announced on Monday that they have uncovered evidence that sophisticated spying software, likely linked to the National Security Agency, was implanted in the hard drives of personal computers across the globe.
Researchers with the Moscow-based Kaspersky Lab introduced their findings while presenting at the Kaspersky Security Analyst Summit in Cancun, Mexico, and also published an initial paper (pdf) Monday on what they consider "the most advanced threat actor" they've seen to date.
Dubbed the Equation Group, the suite of surveillance platforms has been found in hard drives made by Western Digital, Seagate, Toshiba and other top manufacturers, and located in personal computers in 30 countries, with the most infections seen in Iran, followed by Russia, Pakistan, Afghanistan, China, Mali, Syria, Yemen and Algeria, Kaspersky said.
The targets reportedly included government and military institutions, telecommunication companies, banks, energy companies, nuclear researchers, media, and Islamic activists.Although the firm did not publicly name the source behind the spying campaign, they said the Equation Group "worm" was closely linked to Stuxnet, the cyberweapon the U.S. used to attack Iran's uranium enrichment facility beginning in late 2007.
The New York Times reports that, in many cases, the powerful software is able to "grab the encryption keys off a machine, unnoticed, and unlock scrambled contents. Moreover, many of the tools are designed to run on computers that are disconnected from the Internet, which was the case in the computers controlling Iran's nuclear enrichment plants."
As the Times notes, the Russian tech firm is a trusted source among cyber security experts worldwide and is uniquely positioned to observe some U.S. surveillance tactics. The Times reports:
The fact that security software made by Kaspersky Lab is not used by many American government agencies has made it more trusted by other governments, like those of Iran and Russia, whose systems are closely watched by United States intelligence agencies. That gives Kaspersky a front-row seat to America's digital espionage operations.
Further, a former NSA employee told Reuters that the U.S. spy agency "still valued these spying programs as highly as Stuxnet." Another former intelligence operative reportedly confirmed to Reuters that the NSA "had developed the prized technique of concealing spyware in hard drives, but said he did not know which spy efforts relied on it."
After being given an advance look at the Kaspersky findings, WIRED reported on the capabilities of the newly uncovered surveillance software:
The new platforms, which appear to have been developed in succession with each one surpassing the previous in sophistication, can give the attackers complete and persistent control of infected systems for years, allowing them to siphon data and monitor activities while using complex encryption schemes and other sophisticated methods to avoid detection. The platforms also include an innovative module, the likes of which Kaspersky has never seen before, that re-flashes or reprograms a hard drive's firmware with malicious code to turn the computer into a slave of the attackers.
News that the U.S. spy agency had manually implanted personal computers with surveillance technology was also revealed in documents leaked by NSA whistleblower Edward Snowden.
Reporting on the Kaspersky presentation, Reuters notes, "Though the leaders of the still-active espionage campaign could have taken control of thousands of PCs, giving them the ability to steal files or eavesdrop on anything they wanted, the spies were selective and only established full remote control over machines belonging to the most desirable foreign targets."
In an interview, lead Kaspersky researcher Costin Raiu explained that the authors of the spying programs "must have had access to the proprietary source code that directs the actions of the hard drives."
Though hard drive manufacturers denied sharing such information with the government, former intelligence operatives confirmed to Reuters that "the NSA has multiple ways of obtaining source code from tech companies, including asking directly and posing as a software developer."
"They don't admit it, but they do say, 'We're going to do an evaluation, we need the source code,'" said Vincent Liu, a partner at security consulting firm Bishop Fox and former NSA analyst. "It's usually the NSA doing the evaluation, and it's a pretty small leap to say they're going to keep that source code."
In the days to come, Kaspersky says it will be releasing further information on its discovery.
"As we uncover more of these cyber espionage operations we realize how little we understand about the true capabilities of these threat actors," Raiu told WIRED.
Lauren McCauley
Lauren McCauley is a former senior editor for Common Dreams covering national and international politics and progressive news. She is now the Editor of Maine Morning Star. Lauren also helped produce a number of documentary films, including the award-winning Soundtrack for a Revolution and The Hollywood Complex, as well as one currently in production about civil rights icon James Meredith. Her writing has been featured on Newsweek, BillMoyers.com, TruthDig, Truthout, In These Times, and Extra! the newsletter of Fairness and Accuracy in Reporting. She currently lives in Kennebunk, Maine with her husband, two children, a dog, and several chickens.
A top technology security firm announced on Monday that they have uncovered evidence that sophisticated spying software, likely linked to the National Security Agency, was implanted in the hard drives of personal computers across the globe.
Researchers with the Moscow-based Kaspersky Lab introduced their findings while presenting at the Kaspersky Security Analyst Summit in Cancun, Mexico, and also published an initial paper (pdf) Monday on what they consider "the most advanced threat actor" they've seen to date.
Dubbed the Equation Group, the suite of surveillance platforms has been found in hard drives made by Western Digital, Seagate, Toshiba and other top manufacturers, and located in personal computers in 30 countries, with the most infections seen in Iran, followed by Russia, Pakistan, Afghanistan, China, Mali, Syria, Yemen and Algeria, Kaspersky said.
The targets reportedly included government and military institutions, telecommunication companies, banks, energy companies, nuclear researchers, media, and Islamic activists.Although the firm did not publicly name the source behind the spying campaign, they said the Equation Group "worm" was closely linked to Stuxnet, the cyberweapon the U.S. used to attack Iran's uranium enrichment facility beginning in late 2007.
The New York Times reports that, in many cases, the powerful software is able to "grab the encryption keys off a machine, unnoticed, and unlock scrambled contents. Moreover, many of the tools are designed to run on computers that are disconnected from the Internet, which was the case in the computers controlling Iran's nuclear enrichment plants."
As the Times notes, the Russian tech firm is a trusted source among cyber security experts worldwide and is uniquely positioned to observe some U.S. surveillance tactics. The Times reports:
The fact that security software made by Kaspersky Lab is not used by many American government agencies has made it more trusted by other governments, like those of Iran and Russia, whose systems are closely watched by United States intelligence agencies. That gives Kaspersky a front-row seat to America's digital espionage operations.
Further, a former NSA employee told Reuters that the U.S. spy agency "still valued these spying programs as highly as Stuxnet." Another former intelligence operative reportedly confirmed to Reuters that the NSA "had developed the prized technique of concealing spyware in hard drives, but said he did not know which spy efforts relied on it."
After being given an advance look at the Kaspersky findings, WIRED reported on the capabilities of the newly uncovered surveillance software:
The new platforms, which appear to have been developed in succession with each one surpassing the previous in sophistication, can give the attackers complete and persistent control of infected systems for years, allowing them to siphon data and monitor activities while using complex encryption schemes and other sophisticated methods to avoid detection. The platforms also include an innovative module, the likes of which Kaspersky has never seen before, that re-flashes or reprograms a hard drive's firmware with malicious code to turn the computer into a slave of the attackers.
News that the U.S. spy agency had manually implanted personal computers with surveillance technology was also revealed in documents leaked by NSA whistleblower Edward Snowden.
Reporting on the Kaspersky presentation, Reuters notes, "Though the leaders of the still-active espionage campaign could have taken control of thousands of PCs, giving them the ability to steal files or eavesdrop on anything they wanted, the spies were selective and only established full remote control over machines belonging to the most desirable foreign targets."
In an interview, lead Kaspersky researcher Costin Raiu explained that the authors of the spying programs "must have had access to the proprietary source code that directs the actions of the hard drives."
Though hard drive manufacturers denied sharing such information with the government, former intelligence operatives confirmed to Reuters that "the NSA has multiple ways of obtaining source code from tech companies, including asking directly and posing as a software developer."
"They don't admit it, but they do say, 'We're going to do an evaluation, we need the source code,'" said Vincent Liu, a partner at security consulting firm Bishop Fox and former NSA analyst. "It's usually the NSA doing the evaluation, and it's a pretty small leap to say they're going to keep that source code."
In the days to come, Kaspersky says it will be releasing further information on its discovery.
"As we uncover more of these cyber espionage operations we realize how little we understand about the true capabilities of these threat actors," Raiu told WIRED.
We've had enough. The 1% own and operate the corporate media. They are doing everything they can to defend the status quo, squash dissent and protect the wealthy and the powerful. The Common Dreams media model is different. We cover the news that matters to the 99%. Our mission? To inform. To inspire. To ignite change for the common good. How? Nonprofit. Independent. Reader-supported. Free to read. Free to republish. Free to share. With no advertising. No paywalls. No selling of your data. Thousands of small donations fund our newsroom and allow us to continue publishing. Can you chip in? We can't do it without you. Thank you.