Tag: Kapersky

NSA CYBER WAR ACCELERATES

 Know Your Enemy


Via PC World

Destroying your hard drive is the only way to stop this super-advanced malware

Jeremy Kirk
A cyberespionage group with a toolset similar to ones used by U.S. intelligence agencies has infiltrated key institutions in countries including Iran and Russia, utilizing a startlingly advanced form of malware that is impossible to remove once it’s infected your PC.Kaspersky Lab released a report Monday that said the tools were created by the “Equation” group, which it stopped short of linking to the U.S. National Security Agency.The tools, exploits and malware used by the group—named after its penchant for encryption—have strong similarities with NSA techniques described in top-secret documents leaked in 2013.

Countries hit the most by Equation include Iran, Russia, Pakistan, Afghanistan, India and China. Targets in those countries included the military, telecommunications, embassies, government, research institutions and Islamic scholars, Kaspersky said.

Infirm firmware

Kaspersky’s most striking finding is Equation’s ability to infect the firmware of a hard drive, or the low-level code that acts as an interface between hardware and software.

The malware reprograms the hard drive’s firmware, creating hidden sectors on the drive that can only be accessed through a secret API (application programming interface). Once installed, the malware is impossible to remove: disk formatting and reinstalling the OS doesn’t affect it, and the hidden storage sector remains.

“Theoretically, we were aware of this possibility, but as far as I know this is the only case ever that we have seen of an attacker having such an incredibly advanced capability,” said Costin Raiu, director of Kaspersky Lab’s global research and analysis team, in a phone interview Monday.

equation 1
A group of cyberspies called Equation that uses similar techniques as the NSA has struck at least 30 countries using never-before-seen malware that infects hard disk drives. 

Drives made by Seagate Technology, Western Digital Technologies, Hitachi, Samsung Electronics and Toshiba can be modified by two of Equation’s hard disk drive malware platforms, “Equationdrug” and “Grayfish.”

Continue reading “NSA CYBER WAR ACCELERATES”

Moscow-Based Security Firm Reveals What May Be The Biggest NSA “Backdoor Exploit” Ever

Tyler Durden's picture

Submitted by Tyler Durden on 02/16/2015 19:41 -0500

Since 2001, a group of hackers – dubbed the “Equation Group” by researchers from Moscow-based Kaspersky Lab – have infected computers in at least 42 countries (with Iran, Russia, Pakistan, Afghanistan, India, and Syria most infected) with what Ars Technica calls “superhuman technical feats” indicating “extraordinary skill and unlimited resources.”

The exploits – including the ‘prized technique’ of the creation of a secret storage vault that survives military-grade disk wiping and reformatting – cover every hard-drive manufacturer and have many similar characteristics to the infamous NSA-led Stuxnet virus.

According to Kaspersky, the spies made a technological breakthrough by figuring out how to lodge malicious software in the obscure code called firmware that launches every time a computer is turned on.

 

Disk drive firmware is viewed by spies and cybersecurity experts as the second-most valuable real estate on a PC for a hacker, second only to the BIOS code invoked automatically as a computer boots up.

 

“The hardware will be able to infect the computer over and over,” lead Kaspersky researcher Costin Raiu said in an interview.

 

 

Kaspersky’s reconstructions of the spying programs show that they could work in disk drives sold by more than a dozen companies, comprising essentially the entire market. They include Western Digital Corp, Seagate Technology Plc, Toshiba Corp, IBM, Micron Technology Inc and Samsung Electronics Co Ltd.

The group used a variety of means to spread other spying programs, such as by compromising jihadist websites, infecting USB sticks and CDs, and developing a self-spreading computer worm called Fanny, Kasperky said.

Fanny was like Stuxnet in that it exploited two of the same undisclosed software flaws, known as “zero days,” which strongly suggested collaboration by the authors, Raiu said. He added that it was “quite possible” that the Equation group used Fanny to scout out targets for Stuxnet in Iran and spread the virus.

Continue reading “Moscow-Based Security Firm Reveals What May Be The Biggest NSA “Backdoor Exploit” Ever”