Kaspersky Says 'The Equation Group' Is A Unique And Dangerous Threat

[Guest]

Kaspersky Lab discussed a threat that has been in operation for nearly two decades. According to the firm, the cyber threat known as “The Equation Group” is unlike anything they have dealt with.

Kaspersky Says 'The Equation Group' Is A Unique And Dangerous Threat : Read more

 

[Integr8d]

Science conference, eh? Wonder what they were after.

 

[brandonjclark]

You call this news? You mention the "Equation Group" like they are some unknown hacker group.

IT'S THE NSA!

http://www.stuff.co.nz/technology/digital-living/66279485/nsa-hiding-equation-spy-program-on-hard-drives

 

[brandonjclark]

The US National Security Agency has figured out how to hide spying software deep within hard drives made by Western Digital, Seagate, Toshiba and other top manufacturers, giving the agency the means to eavesdrop on the majority of the world's computers, according to cyber researchers and former operatives.

That long-sought and closely guarded ability was part of a cluster of spying programs discovered by Kaspersky Lab, the Moscow-based security software maker that has exposed a series of Western cyberespionage operations.

Kaspersky said it found personal computers in 30 countries infected with one or more of the spying programs, with the most infections seen in Iran, followed by Russia, Pakistan, Afghanistan, China, Mali, Syria, Yemen and Algeria. The targets included government and military institutions, telecommunication companies, banks, energy companies, nuclear researchers, media, and Islamic activists, Kaspersky said.

 

[thor220]

I see this is making the rounds. If anyone takes the time to read the source article, Kaspersky doesn't actually provide any evidence to back up their claim that this actually exists and who it's linked to.

They merely provide a stat sheet about it listing how it infects, what it does, ect. It's very easy for a company to make this sort of thing up if your in the anti-virus business.

Do remember that Kaspersky is a Russian company and that Russia's relations with the USA aren't good at all.

 

[agnickolov]

Here's a far better written article on the subject from Ars Technica:
http://arstechnica.com/security/2015/02/how-omnipotent-hackers-tied-to-the-nsa-hid-for-14-years-and-were-found-at-last/

 

[BobDDDD]

Someone needs to invent an Enigma machine for computers, whereby a random challenge code is issued before every .exe file is launched, requiring a binary response that is randomly changed every 13ms.

 

[rokit]

NSA being responsible(in one form or another) is obvious. But Kaspersky can't be trusted because they're screaming on another wolf while pretending to be a sheep.

 

[PepiX]

60 years of work in the security business? Is this translated from russian? Isn't it 16 years?

 

[Christopher1]

NSA being responsible(in one form or another) is obvious. But Kaspersky can't be trusted because they're screaming on another wolf while pretending to be a sheep.

Kaspersky is not a sheep, but they are not a wolf either. They are more the shepherd trying to protect the sheep armed only with a shepherd's crook, while the wolves are using invisibility suits to get close to and steal the sheep.

 

[Impulseman45]

Ah, consumers can't upgrade the firmware on hard drives my ass. We have been able to this for years. All the major OEMs and Hard Drive manufacturers have utilities that do this very thing because sometimes the firmware they ship is buggy or not as fine tuned as it could be and they make a new one. Just go to HP Support and find drivers for just about any computer and you will see Hard Drive firmware updates and even firmware updates for CD,DVD drives as well. Where the hell has Kaspersky Labs been the last decade or more, under a rock? And we are suppose to trust a company that comes out of left field with remarks like this. Hey guys is the 21st century now its time to have a look at the internet and see things as they really are.

 

[virtualban]

I wish for jumpers to come back now. If flashing a hard drive's firmware, or motherboard, or anything at all which could have potential repercussions on future reinstalls, users would never feel safe unless having some degree of control where no virus has gone (yet). The physical world.

Maybe something like a dual firmware chips, in which one is non rewriteable even if the jumpers are all in the correct position, and serves only to properly write the other firmware, so the other firmware can then use the next part of the storage media.

 

[xyster]

Just remember that a shipment of clean devices can be intercepted during shipping and either modified or replaced with a bad batch; not much you can do to stop this.

 

[chicofehr]

I guess this means AV programs have to now scan firm ware and flash infected ones with clean. This could get risky and complicated for AV firms if a flash goes wrong. I can't see people being able to flash the firmware themselves.

 

[toddybody]

I think the idea of Kaspersky being a benign actor is insane. Kaspersky has long rumored been in bed with the Kremlin...and if you have any delusions about Russia's track record on state surveillance and human rights, please educate yourself.

What if John McAfee was an NSA consultant for X years prior to making his antivirus...which, so happens to send host/system metrics back to Washington D.C for periodic evaluation. Herpa Durp people...sound familiar?

Btw: Google "gay rights" in Russia, Iran, etc...and then tell me how Im supposed to feel terrible that some group is performing surveillance on them. What a joke.

 

[velocityg4]

How about just making the firmware static and physically impossible to rewrite? How many people actually download and update their firmware? Same goes with the motherboard and any other potential hiding place for viruses.

 

[soundping]

Nothing mentioned about Adata drives getting the NSAware.

 

[ddpruitt]

Bogus stats by another company under the new Kremlin's thumb. Nobody should be under illusions that Russia is in trouble at the moment and they need all the advantages they can get, and that includes usurping "private" companies for their own purpose. If you look at some of the screenshots provided by "Kaspersky", a security company, it's obvious something's up. The screenshots show programs being run as root, Code that tests if a value is greater than zero when it was just generated that way, and other strange problems. I seriously doubt that a security company would make such obvious errors. And the NSA not spying on Egypt, right.

I wouldn't put something like this past the NSA, but this has Russion fingerprints all over it. They use to do the same thing all the time before 1991. You know, when
"President" Putin was Lieutenant Colonel in the KGB, right before the USSR collapsed.

 

[hst101rox]

You could change the PCB board of the hard drive if the firmware is hacked, but first clean the data on the drive of any malicious code so the firmware won't be hacked on the new PCB!

 

[MCLPCB]

As a <<link removed by moderator>>, we get a lot of questions regarding this topic and we're always looking for write ups like this to help us better understand the full complexity, or simplicity, around it. In a perfect world, everybody would update their firmware but the truth is, suppliers don't make this easy. Some do, oh yes, some do, but for the most part, if you're not a techie, you don't even know what firmware is!

Sounds to me like someone needs to rewrite the book on keeping these things safe.

 

[Impulseman45]

I agree, I too used to work for a company that did surface mount work on PCBs and then transitioned into the computer repair field. When someone hears the term firmware they usually just think its their cell phone. But each piece of a computer has firmware that allows it to talk to the motherboard. Every hard drive, CD,DVD,and BlueRay drive, every network card, sound card, video card and so on. On the outside of the computer it goes to your printer, cable box, modem, router, Monitor, TV, Xbox, PS3-4, etc. They all have firmware that can be compromised and infected with some form of spyware. All it takes is the patients, access, and time to do it. Everyone has this great idea that having everything connected is such a good idea that they forget how easy it would be to bring it all down, or open it all up for mass surveillance. Oh well, its the world we live in and the way allot of people wanted it so we must all be on our guard.

 

[godnodog]

I think this info was released this week in Lisbon, and in an interview for the portuguese news channel SIC, Kaspersky founder explained why he doesn't provide all the info he knows, so that whomever is behind this doesn't know how much Kaspersky knows, thus preventing them for correcting the viruses, another reason is not to give insight to other potential cyber groups with bad intentions.

 

[bit_user]

Ah, consumers can't upgrade the firmware on hard drives my ass. We have been able to this for years.

On a normal drive? Sure. But if the drive you're trying to upgrade is infected, how do you know the FW upgrade function isn't compromised? You don't.

The only way to know for sure is to get directly at the EEPROM, which requires intimate knowledge of the controller & firmware, as well as equipment most people don't have.

 

[bit_user]

I wish for jumpers to come back now.

I think EUFI had the right idea with signing firmware and OS images. At least, until the master key gets stolen, like what happened to Verisign, years ago.

 

[bit_user]

I guess this means AV programs have to now scan firm ware

This only works if there's some kind of standard interface for accessing the firmware image that can't be intercepted by the controller. Which there's not. Otherwise, you're typically using the firmware to access it. Therefore, a clever virus could easily hide itself.