Russian researchers expose breakthrough U.S. spying program
Source: Reuters
The U.S. National Security Agency has figured out how to hide spying software deep within hard drives made by Western Digital, Seagate, Toshiba and other top manufacturers, giving the agency the means to eavesdrop on the majority of the world's computers, according to cyber researchers and former operatives.
That long-sought and closely guarded ability was part of a cluster of spying programs discovered by Kaspersky Lab, the Moscow-based security software maker that has exposed a series of Western cyberespionage operations.
Kaspersky said it found personal computers in 30 countries infected with one or more of the spying programs, with the most infections seen in Iran, followed by Russia, Pakistan, Afghanistan, China, Mali, Syria, Yemen and Algeria. The targets included government and military institutions, telecommunication companies, banks, energy companies, nuclear researchers, media, and Islamic activists, Kaspersky said. (http://reut.rs/1L5knm0)
The firm declined to publicly name the country behind the spying campaign, but said it was closely linked to Stuxnet, the NSA-led cyberweapon that was used to attack Iran's uranium enrichment facility. The NSA is the agency responsible for gathering electronic intelligence on behalf of the United States.
Read more: http://news.yahoo.com/russian-researchers-expose-breakthrough-u-spying-program-194217480--sector.html
Kaspersky published the technical details of its research on Monday, which should help infected institutions detect the spying programs, some of which trace back as far as 2001. (http://bit.ly/17bPUUe)
DeSwiss
(27,137 posts)Adrahil
(13,340 posts)I believe government can and should promote the general welfare of the people.
The Stranger
(11,297 posts)Octafish
(55,745 posts)Now they're all in it together. Cough UBS.
jakeXT
(10,575 posts)bemildred
(90,061 posts)If they can do it with thumb drives, they can certainly do it with IDE drives.
jakeXT
(10,575 posts)"They don't admit it, but they do say, 'We're going to do an evaluation, we need the source code,'" said Vincent Liu, a partner at security consulting firm Bishop Fox and former NSA analyst. "It's usually the NSA doing the evaluation, and it's a pretty small leap to say they're going to keep that source code."
bemildred
(90,061 posts)Jesus Malverde
(10,274 posts)One interesting tidbit was the use of online political forums that were used to distribute the malware. Specifically identifying the popular vBullitin software and describing how it would only infect logged in users.
bemildred
(90,061 posts)The Registry, I've always hated the registry, a stupid idea badly carried out. But it has been clear from the beginning that computer and internet businesses have about as much interest in your data privacy and security as they do in bankruptcy. That stuff costs money and it interferes with making money.
That looks like Perl. I know it probably isn't, it's some web language, but I do like Perl.
It seems very professional and controlled, the spyware, an enormous investment of time and energy. All very tailored and specific as it would have to be working at that level. I used to do some work like that, very unportable.
That is a fascinating map.
Edit: The regin connection is interesting too.
One can surmise that they really don't want to be found, the Equation Group, and hence that this Kaspersky report will be cause for alarm.
DeminTX88
(4 posts)The spyware was most likely written in a combination of different programming languages. The way it interacts and lives in the OS is fascinating. It's similar to a rootkit in that it installs itself and runs "outside" the Operating System, encapsulating it in a way. However this has many advanced features which is probably what gives it the rebranding of "bootkit"
dreamnightwind
(4,775 posts)I skimmed through much of the PDF, wasn't obvious to me how to go about checking for infection.
bemildred
(90,061 posts)Last edited Wed Feb 18, 2015, 05:39 AM - Edit history (1)
There will be countermeasures, which is why the spooks like their capabilities kept "private", but you as an individual user do not have the necessary resources to do anything about this sort of stuff.
Jesus Malverde
(10,274 posts)The other one would be to reflash the hard drive and or install one that is not updatable.
Like you said these guys would then come up with a new technique and they are obviously using the best talent.
Hi NSA
bemildred
(90,061 posts)I'd have to make sure, but any Un*x machine is likely good enough if you can get a shell to run in, since you are going to be dumping bits into a raw device.
Like the spooks do. In some respects it's even straightforward, not tricky. But you have to have the specs or the cost goes waaaay up because you are going to have to reverse engineer it like Kaspersky is trying to do by looking at externalities. And people who are able and willing to do that sort of work are not easy to come by. The guy who caught Mitnik for instance is one, and Kaspersky has a few, you can see.
Edit: and you have to be root.
bemildred
(90,061 posts)With modern cpu chips, it should be no trouble at all to put things in microcode. The fact is we all take it all on faith, what's in there, even the guys that run the NSA.
Leedo leedo leedo ...
bemildred
(90,061 posts)that we should not put things which are really important on computers at all. And I do avoid doing business on the web, although they suck you in eventually.
I like the internet, as you can see, but we should be using it to talk, not to run our nuclear power plants and pay our bills and manage our bank accounts.
Blue_Tires
(55,445 posts)Can't wait for someone to reveal how much "unofficial" assistance Snowden gave him on this...
Xithras
(16,191 posts)Eugene Kapersky himself certainly takes a pro-Russian stance on many things (the Russian government is a huge client), but the company has long been known as one of the leading voices in online security worldwide. One of their cybersecurity research labs is actually located in Seattle.
I have no doubt that they've already received a dump of the Snowden docs and have been perusing them to look for additional security holes created by the NSA, but I don't see how anyone could have a problem with that.
Blue_Tires
(55,445 posts)elias49
(4,259 posts)Blue_Tires
(55,445 posts)then look at the number of financial hackers Russia openly harbors, and THEN get back to me before opening your mouth...
Mr_Jefferson_24
(8,559 posts)Last edited Tue Feb 17, 2015, 11:59 PM - Edit history (1)
...Big Brother is ALL seeing, ALL knowing, ALL powerful, ALL the time, and we need to be very very afraid.
Ask yourself this: If the PTB had to choose between actually having all these domestic spying capabilities (and I'm not suggesting they don't), OR having the vast majority of us (the citizenry) truly believe they do (suppose PTB couldn't have it both ways), which would they choose?
No brainer? I think so. All the staged theater meant to pass for "real" events we've been treated to over the last couple decades makes it abundantly clear that their media psyops program(s) are extremely high priority -- they'd almost certainly choose to have us believe.
Not trying to suggest this isn't a worthy or credible news item, just reminding that psyops is an ever-present element in much of what we're spoon fed by MSM. Big Brother needs us paralyzed with fear and hopelessness -- psyops, whether it's beating a protester in the street or feeding "all powerful Big Brother" stories to MSM, is how they attempt to bring this about.
Simply recognizing government psyops for what it is when you encounter it, is in itself, an effective means of diminishing its paralyzing effects.
roamer65
(36,747 posts)Many foreign governments and companies will now think twice about buying American IT products.
MADem
(135,425 posts)geek tragedy
(68,868 posts)He's basically part of the Russian MIC.
So, he's likely to be slanting and exaggerating, even if there's some kernel of truth to this.
http://www.wired.com/2012/07/ff_kaspersky/all/
bemildred
(90,061 posts)And the possibility has been in my mind since IDE drives were invented. If you put little computers in everything, then everything can be hacked.
geek tragedy
(68,868 posts)superhuman tech prowess to the NSA without some serious proof (Kaspersky has delivered the goods before, e.g. Stuxnet).
bemildred
(90,061 posts)But they admit to hypothesizing from the outside.
And you can see it as sort of like white-hat hacking.
It is interesting to consider what the attitude would be in the intelligence community if it was more or less bullshitty. Would they encourage it to instill respect or dispute it to protect means and methods?
They do provide a lot of low-down details there too, some of that will be checkable.
Xithras
(16,191 posts)Kapersky Lab is one of the most respected cybersecurity companies on the planet and has thousands of security specialists working in hundreds of states and nations around the globe (one of their biggest research labs is in Seattle). Hundreds of millions of people use their security software in their homes, and hundreds of thousands of corporations depend on them for security. While some of his views are a little out there, Kapersky himself is still ranked among the planets security elite.
If Kapersky were caught fabricating something like this, it would destroy his reputation, kill the trust he has with his customers, and torpedo his company. I seriously doubt he'd do that just to score points with Pooty Poot.
geek tragedy
(68,868 posts)The man is not above stretching the truth in order to benefit his master.
Is he making the whole thing up? I would bet that he isn't.
Is he exaggerating? That possibility certainly exists.
bemildred
(90,061 posts)Kaspersky, and his utility to the Russian state, I mean.
So Xithras has a sound point, although I agree he is likely subject to "influence", he can't just make stuff up.
geek tragedy
(68,868 posts)Question of how big the fire is an open question.
He has a fine line to walk, between web security provider while also working for the FSB.
randome
(34,845 posts)Do you really think it's possible that no one else noticed this? Only this guy? As for Kapersky's reputation, people self-destruct all the time. Maybe this is him self-destructing. Maybe this is him being wrong. Maybe he's talking out of his ass.
The point is, someone else should easily be able to verify it.
[hr][font color="blue"][center]Stop looking for heroes. BE one.[/center][/font][hr]
jakeXT
(10,575 posts)randome
(34,845 posts)I mean some other reputable technology firm should easily be able to verify this since Kapersky has published the details. But I bet no one else finds what he says he's found.
[hr][font color="blue"][center]You should never stop having childhood dreams.[/center][/font][hr]
jakeXT
(10,575 posts)randome
(34,845 posts)That has to be more than 2 hard drives. Maybe it's...thirty hard drives? Even if true, it doesn't mean much since all kinds of law enforcement agencies are in the business of spying.
Maybe Kapersky needs to have another glass.
[hr][font color="blue"][center]Don't ever underestimate the long-term effects of a good night's sleep.[/center][/font][hr]
jakeXT
(10,575 posts)the hard disk option seems to be reserved for the valuable targets.
During our research, weve only identified a few victims who were targeted by this
module. This indicates that it is probably only kept for the most valuable victims
or for some very unusual circumstances.
http://25zbkz3k00wn2tp5092n6di7b5k.wpengine.netdna-cdn.com/files/2015/02/Equation_group_questions_and_answers.pdf
They also claim intercepted CD's as an infection way
http://arstechnica.com/security/2015/02/how-omnipotent-hackers-tied-to-the-nsa-hid-for-14-years-and-were-found-at-last/
bemildred
(90,061 posts)Finding it takes luck and a lot of work. You pretty much have to be looking hard to find it.
DeSwiss
(27,137 posts)MOTHERBOARD
February 18, 2015 // 05:13 PM EST
News broke earlier this week about the NSA's "most sophisticated" malware yet: An undetectable backdoor that can filter information to and from a hard drive, using the underlying framework of the drive itself. It surprised a lot of people, sure, but maybe it shouldnt have. A group of ordinary security researchers warned this was possible, and in fact installed hard drive backdoors themselves, nearly a year ago.
The paper " Implementation and Implications of a Stealth Hard-Drive Backdoor," published in March 2014 by a team of eight researchers from Eurecom in France, IBM Research in Zurich, and UCSD and Northeastern University in the US, reads almost exactly like security firm Kaspersky's expose on the NSA malware. The full paper is absolutely worth your read if youve been fascinated by Kasperskys revelations.
The malware, developed by Travis Goodspeed and his colleagues (Goodspeed has spoken the most publicly about the exploit), can be installed remotely by people who have no physical access to it. In fact, the paper asserts that such an attack "is not limited to the area of government cyber warfare; rather, it is well within the reach of moderately funded criminals, botnet herders, and academic researchers."
More
Jesus Malverde
(10,274 posts)Thanks!
bemildred
(90,061 posts)PersonNumber503602
(1,134 posts)If it's not the NSA, then it's probably the FSB, or Mossad, or MI6, or my mommy.
bemildred
(90,061 posts)Even if they don't happen to be looking, they can. Computers are not secure environments.
Blue_Tires
(55,445 posts)Iran, Russia, Pakistan, Afghanistan, China, Mali, Syria, Yemen and Algeria?