A group presumed to be the US National Security Agency has found a way to install surveillance and sabotage spyware deep inside computers it has targeted in numerous nations, a Russian cybersecurity company claimed on Monday.
The New York Times reports Kaspersky Lab, the same firm that recently revealed that cyber criminals have stolen more than $1 billion from as many as 100 banks and financial institutions around the world, presented its findings at a conference in Mexico.
Kaspersky Lab said the spyware had been installed on computers in Iran, Russia, Pakistan, China, Afghanistan and other nations under surveillance by US intelligence agencies by the Equation Group, which is apparently a reference to the NSA and the United States Cyber Command.
Kaspersky is withholding the actual name of the country and organization behind these attacks. It named nations in which computers were targeted as Syria, Yemen, Algeria and Mali, among others.
The techniques utilized by the Equation Group are similar to those used in the Stuxnet computer worm, with which US and Israeli intelligence attacked cascades and centrifuges at Iran’s Natanz uranium enrichment plant in 2009 and 2010 in a bid to stymie the Islamic Republic’s ability to develop nuclear weapons.
Kaspersky Lab said some of the spyware was implanted so deep in targeted computer systems that it affected their firmware, embedded software that prepares a computer’s hardware prior to startup. Antivirus and most security controls are powerless to prevent such attacks.
The malware gets into the firmware, it is able to resurrect itself forever, Kaspersky threat researcher Costin Raiu said in the report. It means that we are practically blind and cannot detect hard drives that have been infected with this malware.
US intelligence agencies are using the spyware to steal encryption keys from computers without being detected by their users, then unlock their scrambled contents. Kaspersky said that of the 60 groups it is tracking in cyberspace, the Equation Group surpasses anything known in terms of complexity and sophistication of techniques, and that has been active for almost two decades.
A former NSA employee told Reuters that Kaspersky’s analysis is correct, while another intelligence operative confirmed that the NSA has developed the ability to conceal spyware deep inside hard drives.
NSA spokeswoman Vanee Vines told Reuters the agency was aware of the Kaspersky report but would not comment on it publicly.