A top technology security firm announced on Monday that they have uncovered evidence that sophisticated spying software, likely linked to the National Security Agency, was implanted in the hard drives of personal computers across the globe.
Researchers with the Moscow-based Kaspersky Lab introduced their findings while presenting at the Kaspersky Security Analyst Summit in Cancun, Mexico, and also published an initial paper (pdf) Monday on what they consider “the most advanced threat actor” they’ve seen to date.
Dubbed the Equation Group, the suite of surveillance platforms has been found in hard drives made by Western Digital, Seagate, Toshiba and other top manufacturers, and located in personal computers in 30 countries, with the most infections seen in Iran, followed by Russia, Pakistan, Afghanistan, China, Mali, Syria, Yemen and Algeria, Kaspersky said.
The targets reportedly included government and military institutions, telecommunication companies, banks, energy companies, nuclear researchers, media, and Islamic activists.Although the firm did not publicly name the source behind the spying campaign, they said the Equation Group “worm” was closely linked to Stuxnet, the cyberweapon the U.S. used to attack Iran’s uranium enrichment facility beginning in late 2007.
The New York Times reports that, in many cases, the powerful software is able to “grab the encryption keys off a machine, unnoticed, and unlock scrambled contents. Moreover, many of the tools are designed to run on computers that are disconnected from the Internet, which was the case in the computers controlling Iran’s nuclear enrichment plants.”
As the Times notes, the Russian tech firm is a trusted source among cyber security experts worldwide and is uniquely positioned to observe some U.S. surveillance tactics. The Times reports:
Further, a former NSA employee told Reuters that the U.S. spy agency “still valued these spying programs as highly as Stuxnet.” Another former intelligence operative reportedly confirmed to Reuters that the NSA “had developed the prized technique of concealing spyware in hard drives, but said he did not know which spy efforts relied on it.”
After being given an advance look at the Kaspersky findings, WIRED reported on the capabilities of the newly uncovered surveillance software:
News that the U.S. spy agency had manually implanted personal computers with surveillance technology was also revealed in documents leaked by NSA whistleblower Edward Snowden.
Reporting on the Kaspersky presentation, Reuters notes, “Though the leaders of the still-active espionage campaign could have taken control of thousands of PCs, giving them the ability to steal files or eavesdrop on anything they wanted, the spies were selective and only established full remote control over machines belonging to the most desirable foreign targets.”
In an interview, lead Kaspersky researcher Costin Raiu explained that the authors of the spying programs “must have had access to the proprietary source code that directs the actions of the hard drives.”
Though hard drive manufacturers denied sharing such information with the government, former intelligence operatives confirmed to Reuters that “the NSA has multiple ways of obtaining source code from tech companies, including asking directly and posing as a software developer.”
“They don’t admit it, but they do say, ‘We’re going to do an evaluation, we need the source code,'” said Vincent Liu, a partner at security consulting firm Bishop Fox and former NSA analyst. “It’s usually the NSA doing the evaluation, and it’s a pretty small leap to say they’re going to keep that source code.”
Click Here: cheap sydney roosters jersey
In the days to come, Kaspersky says it will be releasing further information on its discovery.
“As we uncover more of these cyber espionage operations we realize how little we understand about the true capabilities of these threat actors,” Raiu told WIRED.