The US has found a way to permanently embed surveillance and sabotage tools in computers and networks it has targeted in Iran, Russia, Pakistan, China, Afghanistan and other nations watched closely by US intelligence agencies, according to Russian cybersecurity firm Kaspersky Lab.
In a presentation of its findings at a conference in Mexico on Monday, Kaspersky said that the software had been placed by what it called the “Equation Group,” which appears to be a veiled reference to the US National Security Agency and its military counterpart, US Cyber Command.
It linked the techniques to those used in Stuxnet, a computer worm that disabled about 1,000 centrifuges in Iran’s nuclear enrichment program. It was later revealed that Stuxnet was part of a program codenamed “Olympic Games” and run jointly by Israel and the US.
Kaspersky’s report said that Olympic Games had similarities to a much broader effort to infect computers well beyond those in Iran.
It detected particularly high infection rates in computers in Iran, Pakistan and Russia, three nations whose nuclear programs the US routinely monitors.
Some of the implants burrow so deeply into the computer systems, Kaspersky said, that they infect the “firmware,” embedded software that preps the computer’s hardware before the operating system starts.
The software is beyond the reach of existing antivirus products and most security controls, Kaspersky reported, making it virtually impossible to wipe out.
In many cases, it also allows US intelligence agencies to obtain encryption keys off a machine and unlock scrambled contents.
Moreover, many of the tools are designed to run on computers that are disconnected from the Internet, which was the case in the computers controlling Iran’s nuclear enrichment plants.
Kaspersky said that of the more than 60 attack groups it was tracking in cyberspace, the so-called Equation Group “surpasses anything known in terms of complexity and sophistication of techniques, and that has been active for almost two decades.”
Kaspersky Lab was founded by Eugene Kaspersky, who studied cryptography at a high school co-sponsored by the KGB and once worked for the Russian military.
The group’s studies, including one about a cyberattack on more than 100 banks and other financial institutions in 30 nations, are considered credible by Western experts.
Security software made by Kaspersky Lab is not used by many US government agencies, making it more trusted by other governments, like those of Iran and Russia, whose systems are closely watched by US intelligence agencies. That gives Kaspersky a front-row seat to the US’ digital espionage operations.
The firm’s researchers said that what makes these attacks particularly remarkable is their way of attacking the actual firmware of the computers. Only in rare cases are cybercriminals able to get into what is considered the guts of a machine.
Recovering from a cyberattack typically involves wiping the computer’s operating system and reinstalling software, or replacing a computer’s hard drive.
However, if the firmware becomes infected, security experts said, it can turn even the most sophisticated computer into a useless piece of metal.
In the past, security experts have spoken about “the race to the bare metal” of a machine. As security around software has increased, criminals have looked for ways to infect the actual hardware of the machine. Firmware is about the closest to the bare metal users can get — a coveted position that allows the attacker to not only hide from antivirus products, but also to reinfect a machine even if its hard drive is wiped.
“If the malware gets into the firmware, it is able to resurrect itself forever,” Kaspersky threat researcher Costin Raiu said in the report. “It means that we are practically blind and cannot detect hard drives that have been infected with this malware.”
The possibility of such an attack is one that math researchers at the US National Institute of Standards and Technology, a branch of the US Department of Commerce, have long cautioned about, but have very rarely seen.
In an interview last year, institute math researcher Andrew Regenscheid said that such attacks were extremely powerful.
If the firmware gets corrupted, Regenscheid said, “your computer won’t boot up and you can’t use it. You have to replace the computer to recover from that attack.”
That kind of attack also makes for a powerful encryption-cracking tool, Raiu said, because it gives attackers the ability to capture a machine’s encryption password, store it in “an invisible area inside the computer’s hard drive” and unscramble a machine’s contents.
Republican US lawmakers on Friday criticized US President Joe Biden’s administration after sanctioned Chinese telecoms equipment giant Huawei unveiled a laptop this week powered by an Intel artificial intelligence (AI) chip. The US placed Huawei on a trade restriction list in 2019 for contravening Iran sanctions, part of a broader effort to hobble Beijing’s technological advances. Placement on the list means the company’s suppliers have to seek a special, difficult-to-obtain license before shipping to it. One such license, issued by then-US president Donald Trump’s administration, has allowed Intel to ship central processors to Huawei for use in laptops since 2020. China hardliners
A top Vietnamese property tycoon was on Thursday sentenced to death in one of the biggest corruption cases in history, with an estimated US$27 billion in damages. A panel of three hand-picked jurors and two judges rejected all defense arguments by Truong My Lan, chair of major developer Van Thinh Phat, who was found guilty of swindling cash from Saigon Commercial Bank (SCB) over a decade. “The defendant’s actions ... eroded people’s trust in the leadership of the [Communist] Party and state,” read the verdict at the trial in Ho Chi Minh City. After the five-week trial, 85 others were also sentenced on
Conjoined twins Lori and George Schappell, who pursued separate careers, interests and relationships during lives that defied medical expectations, died this month in Pennsylvania, funeral home officials said. They were 62. The twins, listed by Guinness World Records as the oldest living conjoined twins, died on April 7 at the Hospital of the University of Pennsylvania, obituaries posted by Leibensperger Funeral Homes of Hamburg said. The cause of death was not detailed. “When we were born, the doctors didn’t think we’d make 30, but we proved them wrong,” Lori said in an interview when they turned 50, the Philadelphia Inquirer reported. The
RAMPAGE: A Palestinian man was left dead after dozens of Israeli settlers searching for a missing 14-year-old boy stormed a village in the Israeli-occupied West Bank US President Joe Biden on Friday said he expected Iran to attack Israel “sooner, rather than later” and warned Tehran not to proceed. Asked by reporters about his message to Iran, Biden simply said: “Don’t,” underscoring Washington’s commitment to defend Israel. “We are devoted to the defense of Israel. We will support Israel. We will help defend Israel and Iran will not succeed,” he said. Biden said he would not divulge secure information, but said his expectation was that an attack could come “sooner, rather than later.” Israel braced on Friday for an attack by Iran or its proxies as warnings grew of