Russian cybersecurity firm Kaspersky Lab has uncovered a cluster of “state-created” spyware programs that may have roots in the National Security Agency.
According to Kaspersky Lab researchers, a “threat actor” that it calls “The Equation Group” has been using advanced malware tools to infect and spy on governments, telecoms and other groups in more than 30 countries including the U.S., U.K., Iran, Russia, Iraq and Hong Kong since at least 2001:
The group is unique almost in every aspect of their activities: they use tools that are very complicated and expensive to develop, in order to infect victims, retrieve data and hide activity in an outstandingly professional way, and utilize classic spying techniques to deliver malicious payloads to the victims.
Kaspersky says the Equation Group’s programs are not only capable of infecting data stored on hard drives, but also of infecting the firmware controlling the firmware itself. Motherboard points out that “such an exploit could survive a complete hard drive wipe, or the re-installation of an operating system.” The software could be hidden in hard drives made by Western Digital, Seagate and other major manufacturers, giving its creators unparalleled access to computers all over the world.
Kaspersky didn’t name the NSA outright in its report, but said the spy campaign was “closely linked to Stuxnet,” the NSA-led cyberweapon used to attack uranium enrichment facilities in Iran between 2009 and 2010. According to Reuters, a former NSA employee confirmed that the Kaspersky analysis was correct.
“We are aware of the recently released report,” an agency spokeswoman told The Wall Street Journal. “We are not going to comment publicly on any allegations that the report raises, or discuss any details.”
According to The Verge, the report raises important questions about hard drive manufacturers’ possible complicity in the scheme. Although the NSA would almost certainly be capable of rewriting a device’s firmware, it could have also compelled select companies to hand over their code directly or acquired it through more clandestine means.
The findings could do even more harm to the NSA’s already damaged surveillance program, not to mention the U.S.’s eroding reputation abroad. Engadget notes that while U.S. residents probably won’t have to worry about the bugged drives at home, the same cannot be said abroad. On the other hand, the Kaspersky report underlines an important truth that bears repeating: absolute security is never guaranteed. If this has alarmed you and made you feel uneasy, then you may want to look into selling your hard drive, exIT technologies do just this and their website will show you the process on how they sell drives onward.
Mashable’s Stan Schroeder put it best:
The most important takeaway is that there’s an organization out there (and it’s probably not alone) with immense knowledge and resources that can precisely and invisibly target and steal data from nearly any computer — even the best guarded, including those belonging to government or military.
Photo Credit: Robbert van der Steeg via Flickr