Category Archives: NSA

The U.S. intelligence community has found ways to avoid even the strongest of security measures and practices, a new report from Moscow-based Kaspersky Lab suggests, demonstrating a range of technological accomplishments that place the nation's hackers as among the most sophisticated and well resourced in the world.

Hackers who are part of what the cybersecurity researchers call "Equation Group" have been operating under the radar for at least 14years, deploying a range of malware that could infect hard drives in a wayalmost impossible to remove and cold hide code in USB storage devicesto infiltratenetworks kept separate from the Internet for security purposes.

Kaspersky's report did not say the U.S. government wasbehind the group. But it did say the group was closely linked to Stuxnet -- malware widely reported to have been developed by the National Security Agency and Israel that was used in an attack against Iran's uranium enrichment program -- along with other bits of data that appear to align with previous disclosures. Reuters further linked the NSA to the Kaspersky report, citing anonymous former employees of the agency who confirmed Kaspersky's analysis.

NSA spokesperson Vanee Vines said in a statement that the agency was aware of the report, but would not comment publicly on any allegations it raises.

The Kaspersky report shows a highly sophisticated adversarythat has found ways to worm itself into computers with even the strongest of security measures in place. This matches up with what we know about other NSA efforts from documents leaked by former NSA contractor Edward Snowden, which showed efforts to undermine encryption and evade the protections major tech companies used to guard user data.

But the new report paints a more detailed picture of the breadth of the agency's reported offensive cyber arsenal. And unlike other recent revelations about U.S. government snooping, which have largely come from Snowden, the insights from Kaspersky came from examining attacks found in the digital wild. Victims were observed in more than 30 countries, withIran, Russia, Pakistan and Afghanistan having among the highest infection rates, according to the report.

One of the most sophisticatedattacks launched by theEquation Group lodged malware deep into hard drives, according to Kaspersky. It worked by reprogramming the proprietary code, called firmware, built into the hard drives themselves. That allowed for persistent storage hidden inside a target system that could survive the hard drive being reformatted or an operating system being reinstalled, the report says.

The code uncovered by Kaspersky suggests the malware was designed to work ondisk drives of more than a dozen major manufacturers -- including those from Seagate, Western Digital, Toshiba, IBM and Samsung. But the report also notes that this particular technique seemed to be rarely deployed, suggesting that it was used only on the most valuable victims or in unusual circumstances.

The Kaspersky report also said the group found ways to hide malicious files within aWindows operating system database on the targets' computer known as the registry -- encrypting and stashing the files so that they would be impossible to detect using antivirus software.

Equation Group also found ways to infiltratesystemsthat were kept off the Internet for security purposes -- commonly known as "air-gapped" networks. Malware used by the hackers relied on infected USB sticks to map out such networks -- or even remotely deploy code on them, according to the report.

Originally posted here:
The NSA has reportedly found ways to avoid even the strongest security measures

Security vendor Kaspersky outs a group capable of inserting spying software onto hard drives around the world, while Reuters fingers the NSA as the culprit.

Is the NSA behind a sophsticated way of implanting spyware on hard drives?

The National Security Agency is able to infect hard drives with surveillance software to spy on computers, Reuters said on Tuesday, citing information from cyber researchers and former NSA operatives.

In a new report, Kaspersky revealed the existence of a group dubbed The Equation Group capable of directly accessing the firmware of hard drives from Western Digital, Seagate, Toshiba, IBM, Micron, Samsung and other drive makers. As such, the group has been able to implant spyware on hard drives to conduct surveillance on computers around the world.

In a blog posted on Monday, Kaspersky said this threat has been around for almost 20 years and "surpasses anything known in terms of complexity and sophistication of techniques." The security researcher called the group "unique almost in every aspect of their activities: they use tools that are very complicated and expensive to develop, in order to infect victims, retrieve data and hide activity in an outstandingly professional way, and utilize classic spying techniques to deliver malicious payloads to the victims."

Surveillance software implanted on hard drives is especially dangerous as it becomes active each time the PC boots up and thus can infect the computer over and over again without the user's knowledge. Though this type of spyware could have surfaced on a "majority of the world's computers," Kaspersky cited thousands or possibly tens of thousands of infections across 30 different countries.

Infected parties and industries include government and diplomatic institutions, as well as those involved in telecommunications, aerospace, energy, nuclear research, oil and gas, military and nanotechnology. Also, included are Islamic activists and scholars, mass media, the transportation sector, financial institutions and companies developing encryption technologies.

And who's responsible for this sophisticated spyware?

Kaspersky didn't name names but did say that the group has ties to Stuxnet, a virus used to infect Iran's uranium enrichment facility. The NSA has been accused of planting Stuxnet, leading Reuters to finger the agency as the source behind the hard drive spyware, especially based on outside information.

Kaspersky's analysis was right, a former NSA employee told Reuters, adding that the agency valued this type of spyware as highly as Stuxnet. Another "former intelligence operative" said that the NSA developed this method of embedding spyware in hard drives but said he didn't know which surveillance efforts used it.

Read more here:
NSA planted surveillance software on hard drives, report says

Hacking tools linked to U.S. intelligence that burrow inside hard disk drives could also be made by nongovernment hackers.

Over the weekend Russian security company Kaspersky described a suite of extremely sophisticated hacking tools that since 2008 have been used to infiltrate government, military, and corporate computers in 30 countries around the world. Reuters reports that it was the work of the U.S. National Security Agency.

Kasperskys most striking finding was that the toolkit of what it calls the Equation Group could inject malware into the software embedded inside hard disk drives. Not only is that firmware invisible to conventional security software, but malicious code hidden inside it can emerge to take over a computer even after its hard disk has been carefully erased. Costin Raiu, a researcher with Kaspersky, told the New York Times that the technique rendered investigators like him practically blind.

That impressive trick sets a new bar for the sophistication in malware caught in the wild. And it has led to speculation that the NSA had assistance from hard drive manufacturers, for example by getting access to details on how their firmware worked.

But despite suggestions it would be just about impossible for even the NSA to reverse-engineer hard drive firmware without such help, it appears to be well within its reachand that of many others, too. In recent years hackers and researchers with budgets far smaller than the NSAs have reverse-engineered the firmware of hard drives and other devices and demonstrated their own invisible malware.

That raises the prospect that multiple national intelligence agenciesand perhaps even groups without government backingcould be using the technique. Few, if any, security researchers are on the lookout for such attacks because they are essentially invisible.

Anyone looking to get started hacking hard drive firmware would be well advised to start with this page on the subject from prolific hacker Jereom Domburg. In 2013 he gave several talks on his research and showed how it enabled him to remotely take over a server with a hard disk made by Western Digital, a leading manufacturer whose drives were also targeted by Equation Group.

Also in 2013, academic researchers independently went even further and developed several proof-of-concept attacks against a hard disk from a different manufacturer. They showed how a disks firmware could be infected remotely, and made a system to communicate over the Internet with the unerasable malware to send commands and copy data such as encryption keys. This line from the academic papers summary has gained new plausibility after what we learned over the weekend:

The difficulty of implementing such an attack is not limited to the area of government cyber-warfare; rather, it is well within the reach of moderately funded criminals, botnet herders and academic researchers.

At the Black Hat security conference last summer, two researchers described how they had reverse engineered the firmware of USB sticks to hide code inside that can silently take over a computer.

Read the original here:
Not Only the NSA Knows How to Make Unerasable Malware

The NSA may be implanting spying software in hard drives from a dozen major manufacturers including Toshiba, Western Digital, IBM, Samsung and Seagate, a report from cybersecurity firm Kaspersky Lab revealed Monday.

Though Kaspersky did not come out and point the finger directly at the National Security Agency -- instead calling out the Equation group, who have been perpetrating high-level attacks for almost 20 years -- but they said that there are "solid links indicating that the Equation group has interacted with" the actors behind Stuxnet, a virus the NSA used to attack Iranian nuclear weapons development in 2012.

A former NSA employee told Reuters that Kaspersky's analysis was correct, and "another former intelligence operative confirmed that the NSA had developed the prized technique of concealing spyware in hard drives."

The Kaspersky paper calls the software "perhaps the most powerful tool" in the Equation group's impressive arsenal, and "the first known malware capable of infecting the hard drives." It reprograms the drives and creates a hidden space where it can save stolen information to be retrieved later.

As CNET's Bridget Carey told CBS News, getting that deep into a piece of firmware (the core software of the drives), is very hard to do and requires the source code from the manufacturer.

One of the companies whose hard drives were infected with the spyware, Western Digital, said that it did not give its source code to the government. "But other sources in cybersecurity say that the government can get this because all it takes is for you to sell a computer to the Pentagon or another agency and they have to say, 'You know what, for security reasons we need that source code,'" Carey explained.

In other words, the government may have only had to ask for what it wanted in order to send spying-capable hard drives all over the world.

2015 CBS Interactive Inc. All Rights Reserved.

See the original post:
Is the NSA putting spyware in hard drives?

NSA MCW 2015 Fashion Show
Here #39;s our creative fashion show performance that won us 1st place at this year #39;s YFS Multicultural Week.

By: NSA York U

Continued here:
NSA MCW 2015 Fashion Show - Video

RecentR TV (09.02.15) Die Verschwrung hinter NSA, Snowden und den Koch-Brdern
Bereits vor der Entstehung der amerikanischen Behrde fr Fernmeldeaufklrung NSA lieferten westliche Konzerne alle ntige Technologie in den Osten um die Sowjets zu einer ansehnlichen...

By: Alexander Benesch

Read more:
RecentR TV (09.02.15) Die Verschwrung hinter NSA, Snowden und den Koch-Brdern - Video

Fighting Back! New Bill Takes On NSA Code-Breaking Facility
http://www.undergroundworldnews.com On Wednesday, Tennessee legislators filed legislation to directly take on NSA spying by withholding vital state resources and material support from any...

By: Dahboo777

Visit link:
Fighting Back! New Bill Takes On NSA Code-Breaking Facility - Video

The U.S. National Security Agency(NSA) has been planting surveillance software deep within hard drives made by top manufacturers, allowing it to eavesdrop on almost every computer in the world, according to Kaspersky Lab, aMoscow-based software security company that announced its findings Monday.

Kaspersky did not explicitly name from which country or intelligence agency the spying software was found, but former operatives from the NSA confirmed that the findings correlated with NSA activity, Reuters reported.

The NSAs spyware lies within drives manufactured by Western Digital and Seagate, who deny that they had any knowledge of such programs. Samsung and Toshiba drives also contained the code, but both declined to comment.

Kaspersky said that PCs in 30 different countries were infected by the most advanced hacking operation ever uncovered, with the most in Iran, Russia, Pakistan, Afghanistan and China. The NSA has a number of ways in which it can obtain the drives source code, which it requires to embed the spyware. The NSAs methods include posing as software companies or asking for it directly, Reuters reported. The government can also request it for a security audit from manufacturers who wish to sell hard drives to the Department of Defense, and then use it to infect the manufacturers products.

The NSA also would intercept mailed items, such as CDs or USB drives, to infect them, according to a report from Ars Technica. The infections also affect iPhones and other Apple products.

The NSA is targeting a number of organizations, including government and military offices, telecommunication, energy and media companies as well as nuclear research facilities and Islamic activists. Institutions with infected hard drives should be able to detect the NSA spyware using technical details that Kaspersky published Monday.

Those details could impair the NSAs surveillance programs, which were already affected by the revelations made by former NSA contractor Edward Snowden. The disclosures have already slowed sales of U.S. technology products internationally, especially in China.

Originally posted here:
NSA Has Planted Surveillance Software Deep Within Hard Drives Since 2001: Kaspersky

Kaspersky Labs

Equation infection: Kaspersky Labs says the highest number of machines infected with Equation programs were in Iran, Russia and Pakistan.

The US National Security Agency has figured out how to hide spying software deep within hard drives made by Western Digital, Seagate, Toshiba and other top manufacturers, giving the agency the means to eavesdrop on the majority of the world's computers, according to cyber researchers and former operatives.

That long-sought and closely guarded ability was part of a cluster of spying programs discovered by Kaspersky Lab, the Moscow-based security software maker that has exposed a series of Western cyberespionage operations.

Kaspersky said it found personal computers in 30 countries infected with one or more of the spying programs, with the most infections seen in Iran, followed by Russia, Pakistan, Afghanistan, China, Mali, Syria, Yemen and Algeria. The targets included government and military institutions, telecommunication companies, banks, energy companies, nuclear researchers, media, and Islamic activists, Kaspersky said.

Kaspersky Labs

The areas of government Equation has been able to infect by nation.

The firm declined to publicly name the country behind the spying campaign, but said it was closely linked to Stuxnet, the NSA-led cyberweapon that was used to attack Iran's uranium enrichment facility. The NSA is the agency responsible for gathering electronic intelligence on behalf of the United States.

A former NSA employee told Reuters that Kaspersky's analysis was correct, and that people still in the intelligence agency valued these spying programs as highly as Stuxnet. Another former intelligence operative confirmed that the NSA had developed the prized technique of concealing spyware in hard drives, but said he did not know which spy efforts relied on it.

NSA spokeswoman Vanee Vines declined to comment.

Go here to see the original:
NSA hiding Equation spy program on hard drives

CANCUN, MexicoThe last two years have been filled with revelations about NSA surveillance activities and the sophisticated spy tools the agency uses to take control of everything from individual systems to entire networks. Now it looks like researchers at Kaspersky Lab may have uncovered some of these NSA tools in the wild on customer machines, providing an extensive new look at the spy agencys technical capabilities. Among the tools uncovered is a worm that appears to have direct connections to Stuxnet, the digital weapon that was launched repeatedly against centrifuges in Iran beginning in late 2007 in order to sabotage them. In fact, researchers say the newly uncovered worm may have served as a kind of test run for Stuxnet, allowing the attackers to map a way to targeted machines in Iran that were air-gapped from the internet.

For nearly a year, the researchers have been gradually collecting components that belong to several highly sophisticated digital spy platforms that they say have been in use and development since 2001, possibly even as early as 1996, based on when some command servers for the malware were registered. They say the suite of surveillance platforms, which they call EquationLaser, EquationDrug and GrayFish, make this the most complex and sophisticated spy system uncovered to date, surpassing even the recently exposed Regin platform believed to have been created by Britains GCHQ spy agency and used to infiltrate computers belonging to the European Union and a Belgian telecom called Belgacom, among others.

The new platforms, which appear to have been developed in succession with each one surpassing the previous in sophistication, can give the attackers complete and persistent control of infected systems for years, allowing them to siphon data and monitor activities while using complex encryption schemes and other sophisticated methods to avoid detection. The platforms also include an innovative module, the likes of which Kaspersky has never seen before, that re-flashes or reprograms a hard drives firmware with malicious code to turn the computer into a slave of the attackers. The researchers, who gave WIRED an advance look at their findings and spoke about them today at the Kaspersky Security Analyst Summit in Mexico, have dubbed the attackers the Equation Group and consider them the most advanced threat actor theyve seen to date.

The researchers have published an initial paper on their findings and plan to publish more technical details over the next few days, but theres still a lot they dont know about the Equation Groups activities.

As we uncover more of these cyber espionage operations we realize how little we understand about the true capabilities of these threat actors, Costin Raiu, head of Kasperskys Global Research and Analysis Team told WIRED.

Although the researchers have no solid evidence that the NSA is behind the tools and decline to make any attribution to that effect, there is circumstantial evidence that points to this conclusion. A keywordGROKfound in a keylogger component appears in an NSA spy tool catalog leaked to journalists in 2013. The 53-page document detailswith pictures, diagrams and secret codenamesan array of complex devices and capabilities available to intelligence operatives. The capabilities of several tools in the catalog identified by the codenames UNITEDRAKE, STRAITBAZZARE, VALIDATOR and SLICKERVICAR appear to match the tools Kaspersky found. These codenames dont appear in the components from the Equation Group, but Kaspersky did find UR in EquationDrug, suggesting a possible connection to UNITEDRAKE (United Rake). Kaspersky also found other codenames in the components that arent in the NSA catalog but share the same naming conventionsthey include SKYHOOKCHOW, STEALTHFIGHTER, DRINKPARSLEY, STRAITACID, LUTEUSOBSTOS, STRAITSHOOTER, and DESERTWINTER.

Other evidence possibly pointing to the NSA is the fact that five victims in Iran who were infected with Equation Group components were also key victims of Stuxnet, which was reportedly created and launched by the U.S. and Israel.

Kaspersky wouldnt identify the Iranian victims hit by the Equation tools, but the five key Stuxnet victims have been previously identified as five companies in Iran, all contractors in the business of building and installing industrial control systems for various clients. Stuxnet targeted industrial control systems used to control centrifuges at a uranium-enrichment plant near Natanz, Iran. The companiesNeda Industrial Group, Kala Electric, Behpajooh, CGJ (believed to be Control Gostar Jahed) and Foolad Technicwere infected with Stuxnet in the hope that contractors would carry it into the enrichment plant on an infected USB stick. This link between the Equation Group and Stuxnet raises the possibility that the Equation tools were part of the Stuxnet attack, perhaps to gather intelligence for it.

But the newly uncovered worm created by the Equation Group, which the researchers are calling Fanny after the name of one of its files, has an equally intriguing connection to Stuxnet.

It uses two of the same zero-day exploits that Stuxnet used, including the infamous .LNK zero-day exploit that helped Stuxnet spread to air-gapped machines at Natanzmachines that arent connected to the internet. The .LNK exploit in Fanny has a dual purposeit allows attackers to send code to air-gapped machines via an infected USB stick but also lets them surreptitiously collect intelligence about these systems and transmit it back to the attackers. Fanny does this by storing the intelligence in a hidden file on the USB stick; when the stick is then inserted into a machine connected to the internet, the data intelligence gets transferred to the attackers. EquationDrug also makes use of the .LNK exploit. A component called SF loads it onto USB sticks along with a trojan to infect machines.

See the rest here:
Suite of Sophisticated Nation-State Attack Tools Found With Connection to Stuxnet