UPDATED 23:21 EDT / FEBRUARY 16 2015

NEWS

NSA-linked “Equation Group” caught hiding spying software in hard disk firmware

4231585229_1955e505ce_nA new report from security software provider Kaspersky Lab has found that a group they’ve dubbed “Equation Group” has been hiding spying software deep within hard drives made by leading manufacturers including Seagate and Western Digital, in an attempt to eavesdrop on the majority of computers worldwide.

Kaspersky said it found the spyware in computers across 30 countries, with the list reading like a geopolitical wet dream of countries the United States either doesn’t like, or is highly competitive with; Iran had the highest number of infections, followed by Russia, Pakistan, Afghanistan, China, Mali, Syria, Yemen and Algeria. The targets included government and military institutions, telecommunication companies, banks, energy companies, nuclear researchers, media, and Islamic activists.

The report explained that the advantage of burying the spyware on a hard drive is in providing an level of persistence that helps to survive disk formatting and OS reinstallation; Kaspersky notes that if the malware gets into the firmware, it is available to “resurrect” itself forever.

Director of the Global Research and Analysis Team at Kaspersky Costin Raiu added that “another dangerous thing is that once the hard drive gets infected with this malicious payload, it is impossible to scan its firmware. To put it simply: for most hard drives there are functions to write into the hardware firmware area, but there are no functions to read it back. It means that we are practically blind, and cannot detect hard drives that have been infected by this malware.

Where hard drives weren’t already affected, Kaspersky claims that the attackers used other methods to infect targets; not only the internet, but also in the physical world.

The group is claimed to have intercepted physical goods and replaced them with Trojanized versions, and in one example participants of a scientific conference were sent conference materials on a CD-ROM which was then used to install the group’s DoubleFantasy implant into the target’s machine.

Kaspersky said that it had observed seven exploits used by Equation Group in their malware with at least four being zero-day attacks. At least one unknown exploit was observed that specifically attacked the Tor browser.

Kaspersky declined to name the country behind the spying campaign but said Equation Group was linked to Stuxnet, a National Security Administration (NSA) tool that was used to attack Iran’s nuclear program;  it’s a fair guess that this link implies that Equation Group is a section of the NSA itself, which means that the spyware is being placed by the Government of the United States of America.

photo credit: Hardware Porn 21 of 23 via photopin (license)


A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU