home Software Applications NSA Surveillance Software Infecting Thousands of Computers Worldwide

NSA Surveillance Software Infecting Thousands of Computers Worldwide

Mar 15, 2015

This post is also available in: עברית (Hebrew)

A sophisticated spying campaign infected tens of thousands of computers worldwide with surveillance software, some embedded in hard drives, according to a report from a cybersecurity company that points toward the US National Security Agency.

The malware was found in 30 countries, including Iran, Russia, China, Afghanistan & Pakistan and targeted governments and diplomatic institutions, military, Islamic activists and key industries like telecommunications, aerospace, energy, financial institutions and oil and gas, Kaspersky Lab Inc., a Moscow-based cybersecurity company, said in a report released recently.

The group’s ability to infect hard-drive firmware “exceeds anything we have ever seen before,” the company said. Kaspersky named the perpetrators the Equation Group. Kaspersky didn’t explicitly identify the group as being affiliated with the NSA. “However,” said Costin Raiu, director of Kaspersky’s global research and analysis team, “to achieve this level of sophistication you need a lot of resources and money. We are not seeing any kind of obvious financial theft associated with this operation so they have to be nation-state sponsored.”

It used malware that was later found to be part of the Stuxnet computer worm, used in 2010 to cripple Iran’s nuclear program is widely believed to have been deployed by Israel and the NSA.

US intelligence agencies use techniques identified in the report, such as implanting malware on hard-drive firmware, to go after a limited number of high-value targets judged to be a threat to national security, according to two US officials who weren’t authorized to speak on the record.

The NSA intensified its communications surveillance programs after the September 11th 2001 terrorist attacks on New York and Washington. Some details were disclosed in classified documents leaked by fugitive former contractor Edward Snowden, unleashing an international uproar. Congress has considered but failed to pass legislation to curb the NSA’s collection of bulk telephone calling and other electronic data.

The Equation Group is “one of the most sophisticated cyber attack hacker groups in the world. They are the most advanced threat actor we have seen,” Kaspersky said. There are several other ways the group infects computers, including through CD-ROMs, USB sticks and Web-based exploits, Kaspersky said in the report.

The most sophisticated weapon in the group’s arsenal, however, is the ability to infect the hard drives. Kaspersky said the spy code was found in products made by Western Digital Technologies Inc., Samsung Electronics Co. and Seagate Technology.