Science and Tech

Actions

'Death Star Of Malware Galaxy' Could Be Linked To NSA

Kaspersky Lab just revealed its findings on "one of the most sophisticated cyber attack groups in the world." That group could be linked to the NSA.
Posted

What does it take for security researchers to call you the "Death Star" of the malware galaxy?

Tens of thousands of complex infections in at least 42 countries and several unprecedented hacking techniques, that's all.

In a 44-page report, security company Kaspersky Lab revealed what it's calling the "Equation Group," a team of cyberhackers Kaspersky says is "probably one of the most sophisticated cyber attack groups in the world."

Kaspersky chose the name the "Equation Group" after discovering its sophisticated encryption techniques — the group relies on encryption to go unnoticed during its hacking campaigns.

There's evidence the group intercepted physical media sent through the mail — think CDs — and infected them with malware.

Kaspersky describes one instance in which scientists who'd visited an international conference in Houston were later mailed a CD with photos and documents from the conference — some of them were infected with malware used by the Equation Group.

What's more, Kaspersky believes the tools used by the Equation Group not only predate prolific cyberweapons Stuxnet and Flame but are far superior. (Video via ABC)

Using a series malware programs, including Trojan horses and worms, the group has been able to do something Kaspersky calls "astonishing." (Video via Jewish News One)

The Equation Group can access and reprogram firmware on a target's hard drive. That's exceptionally worrisome because even if a user completely erases their hard drive, the installed malware will persist. An accomplishment — if you can call it that — of this magnitude is practically unheard of.

It's technical feats like this one that have researchers and news outlets alike linking the Equation Group to the NSA. 

"While Kaspersky did not directly attribute this to the NSA, so far we're seeing that correlation exist in more than just a couple different ways … such as the Flame and Stuxnet viruses," said RT producer Andrew Blake.

In a multipage report on Kaspersky's findings, a writer for Ars Technica highlighted some similarities between NSA and Equation Group activities.

Comparing the Kaspersky findings with documents released by whistleblower Edward Snowden, Ars was able to link a malware program called GROK to one used by the NSA with the same name. (Video via TED)

Kaspersky also found Equation Group tools named "STRAITSHOOTER" and "STRAITACID." It’s that prefix — STRAIT — that Ars compared to the NSA's "STRAITBIZARRE" malware.

But perhaps the most telling evidence of a link between the NSA and the Equation Group had nothing to do with malware tools. 

If anything, the tools' capabilities shed some light on the means required to build an operation like this. It leaves "little doubt that the operation was sponsored by a nation-state with nearly unlimited resources to dedicate to the project," wrote Ars Technica's Dan Goodin.

If Kaspersky's findings are indeed related to the NSA, It could put the cybersecurity agency in a tough spot.

Some of the findings point to specific vulnerabilities within software systems, like Java and Microsoft's Windows operating system. (Video via U.S. Department of Defense)

When these vulnerabilities are patched, the Equation Group will have to find new ways to exploit its targets' computers. (Video via Microsoft)

Or, as a writer for The Wall Street Journal put it, "the rest of the world now knows where to look for U.S. computer spies. … Reports such as Kaspersky's can make it harder for the U.S. to use the same intelligence tricks."

That is, of course, only if the NSA and the Equation Group are related in any way. 

This video includes images from Getty Images and Jaymis Loveday / CC BY 2.0 and music from Pierlo / CC BY 3.0.