26 Feb 15. NSA Surveillance Software Infecting Thousands of Computers Worldwide. A sophisticated spying campaign infected tens of thousands of computers worldwide with surveillance software, some embedded in hard drives, according to a report from a cybersecurity company that points toward the US National Security Agency. The malware was found in 30 countries, including Iran, Russia, China, Afghanistan & Pakistan and targeted governments and diplomatic institutions, military, Islamic activists and key industries like telecommunications, aerospace, energy, financial institutions and oil and gas, Kaspersky Lab Inc., a Moscow-based cybersecurity company, said in a report released recently.
The group’s ability to infect hard-drive firmware “exceeds anything we have ever seen before,” the company said. Kaspersky named the perpetrators the Equation Group.
Kaspersky didn’t explicitly identify the group as being affiliated with the NSA. ‘However’, said Costin Raiu, director of Kaspersky’s global research and analysis team, “to achieve this level of sophistication you need a lot of resources and money. We are not seeing any kind of obvious financial theft associated with this operation so they have to be nation-state sponsored.”
It used malware that was later found to be part of the Stuxnet computer worm, used in 2010 to cripple Iran’s nuclear program is widely believed to have been deployed by Israel and the NSA.US intelligence agencies use techniques identified in the report, such as implanting malware on hard-drive firmware, to go after a limited number of high-value targets judged to be a threat to national security, according to two US officials who weren’t authorized to speak on the record.
The NSA intensified its communications surveillance programs after the September 11th 2001 terrorist attacks on New York and Washington. Some details were disclosed in classified documents leaked by fugitive former contractor Edward Snowden, unleashing an international uproar. Congress has considered but failed to pass legislation to curb the NSA’s collection of bulk telephone calling and other electronic data.
The Equation Group is “one of the most sophisticated cyber attack groups in the world; and they are the most advanced threat actor we have seen,” Kaspersky said.
There are several other ways the group infects computers, including through CD-ROMs, USB sticks and Web-based exploits, Kaspersky said in the report. The most sophisticated weapon in the group’s arsenal, however, is the ability to infect the hard drives. Kaspersky said the spy code was found in products made by Western Digital Technologies Inc., Samsung Electronics Co. and Seagate Technology Plc.
Western Digital is reviewing the technical findings of the report and takes “such threats very seriously,” said a company spokesman, Steve Shattuck, in an e-mail. “Prior to the report, we had no knowledge of the described cyber-espionage program,” he said.
Clive Over, a spokesman for Seagate, said the company has no specific knowledge of any third parties accessing its drives.
Computer products also appeared to be intercepted while being shipped and implanted with malware, Kaspersky said. A little-known unit within the NSA known as Tailored Access Operations has covertly intercepted computers, routers and software being shipped in order to install spying tools allowing for the secret surveillance of targets, according to one document leaked by Snowden. (Source: Cyber Security Intelligence/info-management)
26 Feb 15. Who are the most notorious hacking groups? The hacking group known as Lizard Squad has been making quite a nuisance of itself, claiming responsibility for both an attack on the Malaysia Airlines website, that resulted in users being redirected to a page bearing the headline “404 – plane not found”, and an alleged DDoS attack on Facebook that temporarily took the website offline. Facebook has denied being hacked, claiming the 40-minute outage was d