{"id":54233,"date":"2015-02-23T12:51:30","date_gmt":"2015-02-23T12:51:30","guid":{"rendered":"https:\/\/www.transcend.org\/tms\/?p=54233"},"modified":"2015-05-05T21:26:03","modified_gmt":"2015-05-05T20:26:03","slug":"researchers-find-astonishing-malware-linked-to-nsa-spying","status":"publish","type":"post","link":"https:\/\/www.transcend.org\/tms\/2015\/02\/researchers-find-astonishing-malware-linked-to-nsa-spying\/","title":{"rendered":"Researchers Find \u2018Astonishing\u2019 Malware Linked to NSA Spying"},"content":{"rendered":"
\"David<\/a>

David Ramos\/Getty Images<\/p><\/div>\n

17 Feb 2015 – <\/em>Security researchers have uncovered highly sophisticated malware that is linked to a secret National Security Agency hacking operation exposed by The Intercept<\/em> last year.<\/p>\n

Russian security firm Kaspersky published a report<\/a> Monday [16 Feb 2015] documenting the malware, which it said had been used to infect thousands of computer systems and steal data in 30 countries around the world. Among the targets were a series of unnamed governments; telecom, energy and aerospace companies; as well as Islamic scholars and media organizations.<\/p>\n

Kaspersky did not name the NSA as the author of the malware. However, Reuters<\/em> reported<\/a> later on Monday that the agency had created the technology, citing anonymous former U.S. intelligence officials.<\/p>\n

Kaspersky\u2019s researchers noted that the newly found malware is similar to Stuxnet, a covert tool reportedly<\/a> created by the U.S. government to sabotage Iranian nuclear systems. The researchers also identified a series of code names that they found contained within the samples of malware, including STRAIGHTACID, STRAITSHOOTER\u00a0<\/em>and GROK.<\/em><\/p>\n

Notably, GROK, which Kaspersky said is a piece of malware used to secretly log keystrokes, is tied to secret NSA hacking tactics described in documents from whistleblower Edward Snowden. Last year, The Intercept<\/em> revealed<\/a> that the NSA was using a tool called GROK to log keystrokes as part of a toolkit it uses to hack computers and collect data.<\/p>\n

The other codenames identified by Kaspersky on Tuesday\u2014such as STRAIGHTACID and STRAITSHOOTER\u2014are strikingly similar to known NSA hacking operations. Leaked NSA documents have revealed that the agency uses hacking tools known as STRAIGHTBIZARRE<\/a> and FOXACID<\/a> to break into computers and grab data.<\/p>\n

According to Kaspersky, the malware found in the latest discovery is the most advanced ever found and represents an \u201castonishing technical accomplishment.\u201d It hides deep within an infected computer and can stay on the machine even after attempts to wipe or reformat the hard drive. The security firm has dubbed different variants of the malware EquationLaser, EquationDrug and GrayFish, and they are calling its creators the \u201cEquation Group,\u201d because of the way the spy technology attempts to hide itself in an infected computer using complex encryption.<\/p>\n

The majority of the infected machines found by Kaspersky were in Iran. But the security firm has also found infected computers in Belgium, Germany, the United States, the United Kingdom, Russia, Afghanistan, Pakistan, Sudan, Lebanon and the Palestinian Territories.<\/p>\n

According to Wired<\/a><\/em>, the targets in the U.S. and the U.K. were all Islamic activists or scholars. The Kaspersky researchers reportedly first discovered the Equation Group malware while researching Regin, a spy tool that The Intercept<\/em> revealed<\/a> in December appears to have been used in British and American government hacking operations targeting a Belgian telecommunications company<\/a> and offices used by European Union officials.<\/p>\n

NSA spokeswoman Vanee Vines told The Intercept<\/em> the agency was aware of Kaspersky\u2019s research, but said the agency was \u201cnot going to comment publicly on any allegations that the report raises, or discuss any details.\u201d<\/p>\n

________________________<\/p>\n

Email the author: ryan.gallagher@theintercept.com<\/a><\/em><\/p>\n

Go to Original \u2013 firstlook.org<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

17 Feb 2015 – Security researchers have uncovered highly sophisticated malware that is linked to a secret National Security Agency hacking operation exposed by The Intercept last year.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[60],"tags":[],"class_list":["post-54233","post","type-post","status-publish","format-standard","hentry","category-whistleblowing-surveillance"],"_links":{"self":[{"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/posts\/54233","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/comments?post=54233"}],"version-history":[{"count":0,"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/posts\/54233\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/media?parent=54233"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/categories?post=54233"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/tags?post=54233"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}