View Full Version : Russian blows lid on NSA linked trojan spying group

David Guyatt
02-18-2015, 08:53 AM
Equation Group: NSA-linked spying team have software to hack into any computer


Attacks linked to the National Security Agency have been going on for up to 15 years, and targeted Islamic scholars and encryption firms as well as governments and high-profile companies

ANDREW GRIFFIN (http://www.independent.co.uk/search/simple.do?destinationSectionUniqueName=search&publicationName=ind&pageLength=5&startDay=1&startMonth=1&startYear=2010&useSectionFilter=true&useHideArticle=true&searchString=byline_text:(%22Andrew%20Griffin%22)&displaySearchString=Andrew%20Griffin)

Tuesday 17 February 2015

The US security services have developed software that has enabled it to spy on home computers almost anywhere in the world.

Russian researchers at Kaspersky Lab have claimed that the software gave those behind it, thought to be the US National Security Agency, the power to listen in on the majority of the world’s computers.
It could be installed on practically any of the world's most common hard drives and spy on the computer while going undetected.
It was used to break in to government and other important institutions in 30 countries across the world, they claim.
http://www.independent.co.uk/incoming/article10051958.ece/alternates/w460/kaspersky.jpgEmployees work at the headquarters of Kaspersky Labs, a company which specialises in the production of antivirus and internet security software
Kaspersky Lab, the computer security firm that discovered the software, refused to name the country that the spying came from. But it said that it was closely related to Stuxnet, an NSA-led cyberweapon that was used in an attack on an Iranian nuclear facility.
The group was using some of the same exploits to get into computers that were used in the Stuxnet attack, even before they had been publicly exposed. That has led to many in the information security community to assume that the group behind it are either part of the NSA, or linked to the US intelligence agencies.
Instead, Kaspersky referred to the group behind the attack as the Equation group, because of the encryption used in its attacks. The group has been active since at least 2001, experts said, and “is probably one of the most sophisticated cyber attack groups in the world”, Kaspersky said in its report (https://securelist.com/files/2015/02/Equation_group_questions_and_answers.pdf).
The only way to remove nls_933w.dll #TheSAS2015 (https://twitter.com/hashtag/TheSAS2015?src=hash)#EquationAPT (https://twitter.com/hashtag/EquationAPT?src=hash) pic.twitter.com/zfVE1kKyha (http://t.co/zfVE1kKyha)
— Fabio Assolini (@assolini) February 16, 2015 (https://twitter.com/assolini/status/567410130934067201)
The group’s tools are complicated and expensive to develop, the report said. They are used to infect victims and steal their data, and are developed to go unnoticed.
Most of the tools are Trojans, which are implanted secretly on users’ computers and then give the group access to them.
Once a drive is infected, the only way to remove it is to destroy the drive physically.
The group has used the software to infect thousands, or perhaps tens of thousands, of victims, Kaspersky said. It was used on computers in the US, UK, Italy, Germany, the Netherlands and many other countries.
As well as governments, the software was used to attack Islamic scholars and activists, media organisations and aerospace, energy and nuclear research companies. It was also used on companies that are developing encryption software that can keep users from similar attacks.

The software uses an infrastructure built out of 100 servers and 300 domains, distributed across the world.
Kaspersky published the details of its research last night, in the hope of allowing institutions to guard against the attacks in future.