The US Cyber Espionage Activities Are Not For Defense But Offence
Kaspersky’s researchers unveiled a detailed report of highly sophisticated computer espionage activities that they have dubbed, the “Equation Group”. The so-called Equation Group has been linked to previous leaks leading to the conclusion that it is the National Security Agency’s (NSA) Tailored Access Operations unit.
This is not the first-time cyberespionage allegations have been leveled against the NSA. Der Spiegel, a German news magazine, in late 2013 published a 50-page catalog detailing leaked NSA spy gears and malware. But now, Kaspersky Lab has given the allegations more weight by detailing the full capability of the alleged NSA’s spyware technology. The Lab got their hands on one of these malware, took it apart piece by piece and came up with a detailed catalog of how the spyware works.
Kaspersky says it has discovered six different families of malware, or “implants” as referred to by the NSA; all of which have been linked to the Equation Group. The oldest being said to have been around since 2001. According to Kaspersky, the malware stays under the radar since the NSA deploys it in stages. In the first stage, the NSA might use a web forum or an ad network and through that platform roll it out to targets’ computer in the form of a simple “validator”. Once the validator installs, it runs stealthy in the target’s computer, and fishes around for any data that might be of interest to the NSA. Should it fail to find anything of interest, the malware, again quietly uninstalls itself without being detected.
The next stage is where the malware becomes really interesting. According to Kaspersky, the best of these malware are made up of technology decades ahead of anything they have ever come across.
The top-tier malware uses highly sophisticated software known as a bootkit that has the capability of controlling the target’s operating system from ground up. It remains hidden inside the Windows registry in encryption mode making it impossible for the system’s anti-virus to detect it, let alone remove it. It then creates virtual file system on the host computer where it stores information for exfiltration.
The malware’s full version with all the implants comes with a stealthy update mechanisms, numerous plug-in, a lot of code obfuscation, countless fake websites that serve as command-and-control and a self-destruct function. One of the malware is even said to have the capability of reprogramming the host computer’s hard drive’s firmware to ensure it will survive even a complete disk wipe.
“The group is unique almost in every aspect of their activities. They use tools that are very complicated and expensive to develop, in order to infect victims, retrieve data, and hide activity in an outstandingly professional way,” concludes Kaspersky.
Taking into account the two revelations by Kaspersky Lab and that of Edward Snowden, it is easy to conclude that the US holds an almighty position in the world of cyberespionage with an NSA budget of $10 billion.
See Also: Avast warns Android Device Users not to Install these 3 Apps from Google Play.
Perhaps the narrative is true, that the US cyber espionage activities are for an offence, not defense. But, the alleged ISIS hack into US military’s Twitter and YouTube account and the alleged North Korea hack into Sony Pictures undermines the said US cyber superiority. Oh, wait, these would all require a defense strategy, not the so sophisticated offence strategy being run by the said Equation Group.
You can read a more detailed report on the Equation Group’s cyber espionage activities on Wired.com by following this link.