Russian cybersecurity firm Kaspersky Lab has accused the United States of permanently embedding surveillance and spy tools into networks and computers that American intelligence agencies are watching. Among the countries impacted are Iran, Pakistan, Afghanistan, China, and Russia.
The Russian firm said at a conference in Mexico that implants were placed by what they called the “Equation Group,” which appears to be a reference to the National Security Agency and the United States Cyber Command. It has linked the same techniques to that of Stuxnet, which was jointly run by the U.S. and Israel. Stuxnet was a computer worm that was responsible for disabling approximately 1,000 centrifuges in Iran’s nuclear enrichment program. It was code named Olympic Games.
The report goes on to say that it had detected high infection rates in Iran, Pakistan, and Russia that had similarities to Olympic Games. These three countries’ nuclear programs are also routinely monitored by the U.S. “Some of the implants burrow so deep into the computer systems,” Kaspersky said, “that they infect the ‘firmware,’ the embedded software that prepares the computer’s hardware before the operating system starts. It is beyond the reach of existing antivirus products and most security controls, making it virtually impossible to wipe out.”
In many cases, it also allows the American intelligence agencies to grab the encryption keys off a machine, unnoticed, and unlock scrambled contents. Moreover, many of the tools are designed to run on computers that are disconnected from the Internet, which was the case with Iran’s nuclear enrichment plants. Of over 60 groups it is tracking, the Equation Group “surpasses anything known in terms of complexity and sophistication of techniques, and that has been active for almost two decades,” noted Kaspersky.
What makes these attacks particularly remarkable is their way of attacking the actual firmware of the computers. Only in rare cases are cybercriminals able to get into the actual guts of a machine, said Kaspersky researchers.
Watch this PressTV News Video:
“If the malware gets into the firmware, it is able to resurrect itself forever,” Costin Raiu, a Kaspersky threat researcher, said in the report. “It means that we are practically blind and cannot detect hard drives that have been infected with this malware.” In an interview last year, Andrew Regenscheid, a researcher at the National Institute of Standards and Technology, warned that such attacks were extremely powerful. “If the firmware becomes corrupted”, Mr. Regenscheid said, “your computer won’t boot up and you can’t use it.”You have to replace the computer to recover from that attack.” Kaspersky’s report detailed the group’s efforts “to map out so called air gapped systems that are not connected to the Internet, including Iran’s nuclear enrichment facilities, and infect them using a USB stick. To get those devices onto the machines, the report said, “The attackers have in some cases intercepted them in transit.”
Former National Security Agency contractor Edward J. Snowden revealed documents that had details of the agency’s plan to leap the “air gaps,” as well as efforts to gain access to computers going to target countries, to install specialized hardware. That hardware would then be able to receive low frequency radio waves broadcast from a device that the NSA has already deployed around the world. Another way that the air gap has been leapt was using a spy to physically infect a computer by the use of a USB stick.
Here is an interview with Edward Snowden and the President’s response:
“This is more like basketball than football, in the sense that there’s no clear line between offence and defense,” said President Obama, himself a basketball player. “Things are going back and forth all the time.”
The U.S. has never admitted to performing any cyber-attack operations.
I’m sure all countries would join this warfare if they could. Just ask yourself—is your computer really protected?