Cyber-Security Firm: NSA-Linked Spyware Found in Hard Drives Worldwide

WHISTLEBLOWING - SURVEILLANCE, 2 Mar 2015

Lauren McCauley – Common Dreams

Researchers with Kaspersky Lab describe what they say is “the most advanced threat actor” they’ve seen to date.

New surveillance software closely linked to Stuxnet, the cyberweapon the U.S. used to attack Iran’s uranium enrichment facility beginning in late 2007. (Photo: powtac/flickr/cc)

A top technology security firm announced on Monday [16 Feb 2015] that they have uncovered evidence that sophisticated spying software, likely linked to the National Security Agency, was implanted in the hard drives of personal computers across the globe.

Researchers with the Moscow-based Kaspersky Lab introduced their findings while presenting at the Kaspersky Security Analyst Summit in Cancun, Mexico, and also published an initial paper (pdf) Monday on what they consider “the most advanced threat actor” they’ve seen to date.

Dubbed the Equation Group, the suite of surveillance platforms has been found in hard drives made by Western Digital, Seagate, Toshiba and other top manufacturers, and located in personal computers in 30 countries, with the most infections seen in Iran, followed by Russia, Pakistan, Afghanistan, China, Mali, Syria, Yemen and Algeria, Kaspersky said.

The targets reportedly included government and military institutions, telecommunication companies, banks, energy companies, nuclear researchers, media, and Islamic activists. Although the firm did not publicly name the source behind the spying campaign, they said the Equation Group “worm” was closely linked to Stuxnet, the cyberweapon the U.S. used to attack Iran’s uranium enrichment facility beginning in late 2007.

The New York Times reports that, in many cases, the powerful software is able to “grab the encryption keys off a machine, unnoticed, and unlock scrambled contents. Moreover, many of the tools are designed to run on computers that are disconnected from the Internet, which was the case in the computers controlling Iran’s nuclear enrichment plants.”

As the Times notes, the Russian tech firm is a trusted source among cyber security experts worldwide and is uniquely positioned to observe some U.S. surveillance tactics. The Times reports:

The fact that security software made by Kaspersky Lab is not used by many American government agencies has made it more trusted by other governments, like those of Iran and Russia, whose systems are closely watched by United States intelligence agencies. That gives Kaspersky a front-row seat to America’s digital espionage operations.

Further, a former NSA employee told Reuters that the U.S. spy agency “still valued these spying programs as highly as Stuxnet.” Another former intelligence operative reportedly confirmed to Reuters that the NSA “had developed the prized technique of concealing spyware in hard drives, but said he did not know which spy efforts relied on it.”

After being given an advance look at the Kaspersky findings, WIRED reported on the capabilities of the newly uncovered surveillance software:

The new platforms, which appear to have been developed in succession with each one surpassing the previous in sophistication, can give the attackers complete and persistent control of infected systems for years, allowing them to siphon data and monitor activities while using complex encryption schemes and other sophisticated methods to avoid detection. The platforms also include an innovative module, the likes of which Kaspersky has never seen before, that re-flashes or reprograms a hard drive’s firmware with malicious code to turn the computer into a slave of the attackers.

News that the U.S. spy agency had manually implanted personal computers with surveillance technology was also revealed in documents leaked by NSA whistleblower Edward Snowden.

Reporting on the Kaspersky presentation, Reuters notes, “Though the leaders of the still-active espionage campaign could have taken control of thousands of PCs, giving them the ability to steal files or eavesdrop on anything they wanted, the spies were selective and only established full remote control over machines belonging to the most desirable foreign targets.”

In an interview, lead Kaspersky researcher Costin Raiu explained that the authors of the spying programs “must have had access to the proprietary source code that directs the actions of the hard drives.”

Though hard drive manufacturers denied sharing such information with the government, former intelligence operatives confirmed to Reuters that ”

the NSA has multiple ways of obtaining source code from tech companies, including asking directly and posing as a software developer.”

“They don’t admit it, but they do say, ‘We’re going to do an evaluation, we need the source code,'” said Vincent Liu, a partner at security consulting firm Bishop Fox and former NSA analyst. “It’s usually the NSA doing the evaluation, and it’s a pretty small leap to say they’re going to keep that source code.”

In the days to come, Kaspersky says it will be releasing further information on its discovery.

“As we uncover more of these cyber espionage operations we realize how little we understand about the true capabilities of these threat actors,” Raiu told WIRED.

_____________________________

This work is licensed under a Creative Commons Attribution-Share Alike 3.0 License.

Go to Original – commondreams.org

Share this article: email mastodon facebook 🔗 copy link

DISCLAIMER: The statements, views and opinions expressed in pieces republished here are solely those of the authors and do not necessarily represent those of TMS. In accordance with title 17 U.S.C. section 107, this material is distributed without profit to those who have expressed a prior interest in receiving the included information for research and educational purposes. TMS has no affiliation whatsoever with the originator of this article nor is TMS endorsed or sponsored by the originator. “GO TO ORIGINAL” links are provided as a convenience to our readers and allow for verification of authenticity. However, as originating pages are often updated by their originating host sites, the versions posted may not match the versions our readers view when clicking the “GO TO ORIGINAL” links. This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available in our efforts to advance understanding of environmental, political, human rights, economic, democracy, scientific, and social justice issues, etc. We believe this constitutes a ‘fair use’ of any such copyrighted material as provided for in section 107 of the US Copyright Law. In accordance with Title 17 U.S.C. Section 107, the material on this site is distributed without profit to those who have expressed a prior interest in receiving the included information for research and educational purposes. For more information go to: http://www.law.cornell.edu/uscode/17/107.shtml. If you wish to use copyrighted material from this site for purposes of your own that go beyond ‘fair use’, you must obtain permission from the copyright owner.

Comments are closed.