FacebookTwitter
Hatrack River Forum   
my profile login | search | faq | forum home

  next oldest topic   next newest topic
» Hatrack River Forum » Active Forums » Books, Films, Food and Culture » "Equation Group" and nasty malware (Stick around for the punchline!)

   
Author Topic: "Equation Group" and nasty malware (Stick around for the punchline!)
Elison R. Salazar
Member
Member # 8565

 - posted      Profile for Elison R. Salazar   Email Elison R. Salazar         Edit/Delete Post 
Quoted from SA user Fried Chicken:

quote:

So you probably heard on the news about the report from Kaspersky about how a munch of banks were robbed by hackers. This is clearly very important because while no individuals were effected, it will impact the quarterly reports for those banks and cost their finance guys a few points off their huge bonuses. Truly, a tragic event like no other.

What you probably didn't hear about was Kaspersky's other report, on what they termed the "Equation Group" and their engagement in cyber warfare. These guys have cranked out a whole suite of new malware applications which "exceeds anything we have ever seen before," per the report. Of course cyber warefare is not a precision art, like Stuxnet and Flame these things got out into the wild where Kaspersky found them. Kaspersky didn't know who it was that was building them, but did identify a signature - they targeted firmware and could spread to air-gapped computers (ones that aren't connected to the internet) via USB or were set so the attacker could install new features remotely, using control servers set up across the world. These are pretty insidious programs; here's a highlight

quote:

Of note, the group recovered two modules belonging to EquationDrug and GrayFish that were used to reprogram hard drives to give the attackers persistent control over a target machine. These modules can target practically every hard drive manufacturer and brand on the market, including Seagate, Western Digital, Samsung, Toshiba, Corsair, Hitachi and more. Such attacks have traditionally been difficult to pull off, given the risk in modifying hard drive software, which may explain why Kaspersky could only identify a handful of very specific targets against which the attack was used, where the risk was worth the reward.

But Equation Group's malware platforms have other tricks, too. GrayFish, for example, also has the ability to install itself into computer's boot record—software that loads even before the operating system itself—and stores all of its data inside a portion of the operating system called the registry, where configuration data is normally stored.

EquationDrug was designed for use on older Windows operating systems, and "some of the plugins were designed originally for use on Windows 95/98/ME"—versions of Windows so old that they offer a good indication of the Equation Group's age.

This is stuff that you do not get rid of; Kaspersky's recommendation is that if you get infected your only response is to destroy the machine


If you are waiting for the punchline (or why this belongs in the USA thread), here it is: per Reuter's reports, the Equation Group is the NSA.


Funny thing, this sort of attack was predicted by Cory Doctorow in 2012. It would be really nice if these assholes would start trying to create the cool parts of science fiction, instead of just the dystopian elements

Bolding mine.
Posts: 12931 | Registered: Aug 2005  |  IP: Logged | Report this post to a Moderator
Elison R. Salazar
Member
Member # 8565

 - posted      Profile for Elison R. Salazar   Email Elison R. Salazar         Edit/Delete Post 
British and US intelligence break into the primary manufacturer of cell phone SIM cards to obtain the cards' encryption keys.
Posts: 12931 | Registered: Aug 2005  |  IP: Logged | Report this post to a Moderator
JanitorBlade
Administrator
Member # 12343

 - posted      Profile for JanitorBlade   Email JanitorBlade         Edit/Delete Post 
The NSA shutting down North Korea's internet for a week was probably also a message to Russia and China that the US isn't going to let state sponsored hacking groups rampage forever.
Posts: 1194 | Registered: Jun 2010  |  IP: Logged | Report this post to a Moderator
Elison R. Salazar
Member
Member # 8565

 - posted      Profile for Elison R. Salazar   Email Elison R. Salazar         Edit/Delete Post 
Except for their own home grown ones that steal data from legitimate companies, those are A-OK.
Posts: 12931 | Registered: Aug 2005  |  IP: Logged | Report this post to a Moderator
Rakeesh
Member
Member # 2001

 - posted      Profile for Rakeesh   Email Rakeesh         Edit/Delete Post 
*shrug* As odd as it is for me to say this, in this case Elison's defense of China has a point I think. Though we don't tend, I suspect, to do it as much or with as much intent because we don't have as much need. But that's not an ethical restraint.
Posts: 17164 | Registered: Jun 2001  |  IP: Logged | Report this post to a Moderator
Elison R. Salazar
Member
Member # 8565

 - posted      Profile for Elison R. Salazar   Email Elison R. Salazar         Edit/Delete Post 
My current position isn't that I "defend" China per se, outside of the usual boilerplate 'sovereign states generally have the obligation to defend their interests' which as an armchair self-described polisci hobbyist I don't criticise the US for either; I only criticise the US as a consumer (which I'd equally criticise China for if they I dunno, hacked Rogers or Bell Canada and ruffled through my personal info) with the Chomskian view point being its own kettle of fish I'm not going into here.

Not that, I dunno, looking at it critically are the issues really similar. Suppose China and the PLA are doing a lot of cyber spy stuff but mainly targeting the DoD, the pentagon, CENTCOM, and specific MIC subcontractors for relevant SIGNIT data in the case of military applications; that's targeting the US for clear power political goals.

However the NSA/CIA/FBI/State Sec in general going after encryption keys from a allied state? That's 100% primarily about enhancing their ability to spy domestically on their own citizens illegally. While say what you will aboot' the Great Firewall at least that's "legal" for them.

Posts: 12931 | Registered: Aug 2005  |  IP: Logged | Report this post to a Moderator
Samprimary
Member
Member # 8561

 - posted      Profile for Samprimary   Email Samprimary         Edit/Delete Post 
quote:
My current position isn't that I "defend" China per se
i'm curious as to if you understand what your reputation is involving the subject of china and russia, or why you have that reputation bolstered over seven years
Posts: 15421 | Registered: Aug 2005  |  IP: Logged | Report this post to a Moderator
Rakeesh
Member
Member # 2001

 - posted      Profile for Rakeesh   Email Rakeesh         Edit/Delete Post 
Not sure how productive that would be. In a current question of China, he didn't do a knee jerk and one sided defense of the PRC, which is enough for me at least.
Posts: 17164 | Registered: Jun 2001  |  IP: Logged | Report this post to a Moderator
Samprimary
Member
Member # 8561

 - posted      Profile for Samprimary   Email Samprimary         Edit/Delete Post 
yeah, concurred
Posts: 15421 | Registered: Aug 2005  |  IP: Logged | Report this post to a Moderator
Lyrhawn
Member
Member # 7039

 - posted      Profile for Lyrhawn   Email Lyrhawn         Edit/Delete Post 
I assume the NSA is already spying on me, so I'm relieved to hear they're also getting into Chinese and Russian computers as well.
Posts: 21898 | Registered: Nov 2004  |  IP: Logged | Report this post to a Moderator
Rakeesh
Member
Member # 2001

 - posted      Profile for Rakeesh   Email Rakeesh         Edit/Delete Post 
Hell, that's not an assumption. You use the Internet, you are absolutely being spied upon, that's not even in contention anymore really.

(Or, you know, having your data mined and stored indefinitely, which totally isn't spying.)

Posts: 17164 | Registered: Jun 2001  |  IP: Logged | Report this post to a Moderator
Lyrhawn
Member
Member # 7039

 - posted      Profile for Lyrhawn   Email Lyrhawn         Edit/Delete Post 
To be honest, I'm more bothered by the fact that I have to worry when Target gets hacked because six years ago I used my Visa to buy a bag of dog food than I am of the NSA.

Why the hell are companies hanging on to credit card numbers for so long?

Posts: 21898 | Registered: Nov 2004  |  IP: Logged | Report this post to a Moderator
GaalDornick
Member
Member # 8880

 - posted      Profile for GaalDornick           Edit/Delete Post 
You've had the same credit card for six years?
Posts: 2054 | Registered: Nov 2005  |  IP: Logged | Report this post to a Moderator
TomDavidson
Member
Member # 124

 - posted      Profile for TomDavidson   Email TomDavidson         Edit/Delete Post 
I've had the same credit card for 20 years.
Posts: 37449 | Registered: May 1999  |  IP: Logged | Report this post to a Moderator
GaalDornick
Member
Member # 8880

 - posted      Profile for GaalDornick           Edit/Delete Post 
Did they not put expiration dates on them in the 90s
Posts: 2054 | Registered: Nov 2005  |  IP: Logged | Report this post to a Moderator
TomDavidson
Member
Member # 124

 - posted      Profile for TomDavidson   Email TomDavidson         Edit/Delete Post 
The number does not change; the expiration date does.
Posts: 37449 | Registered: May 1999  |  IP: Logged | Report this post to a Moderator
Lyrhawn
Member
Member # 7039

 - posted      Profile for Lyrhawn   Email Lyrhawn         Edit/Delete Post 
Even if the period were dramatically shorter, I can't think of a legitimate reason for any company to store my credit card information for any period longer than it takes for my payment to clear.
Posts: 21898 | Registered: Nov 2004  |  IP: Logged | Report this post to a Moderator
Elison R. Salazar
Member
Member # 8565

 - posted      Profile for Elison R. Salazar   Email Elison R. Salazar         Edit/Delete Post 
Convenience. Such as in the Playstation store or wherever else storing your data might have some benefit.
Posts: 12931 | Registered: Aug 2005  |  IP: Logged | Report this post to a Moderator
stilesbn
Member
Member # 11809

 - posted      Profile for stilesbn   Email stilesbn         Edit/Delete Post 
Target stored credit cards so that they could do data analysis on purchase habits. They use the data for research and to customize coupons. You'll probably notice that if you use the same credit card then you will start to get a lot of coupons with the receipt.
Posts: 362 | Registered: Nov 2008  |  IP: Logged | Report this post to a Moderator
Stone_Wolf_
Member
Member # 8299

 - posted      Profile for Stone_Wolf_           Edit/Delete Post 
Coupons for...the exact stuff I already buy...or the Target brand version anyway.
Posts: 6683 | Registered: Jun 2005  |  IP: Logged | Report this post to a Moderator
JanitorBlade
Administrator
Member # 12343

 - posted      Profile for JanitorBlade   Email JanitorBlade         Edit/Delete Post 
quote:
Originally posted by Elison R. Salazar:
Except for their own home grown ones that steal data from legitimate companies, those are A-OK.

Obtaining intelligence has been the name of the spying game since its inception. The day the NSA steals Lenovo's IP, and hands it over to Dell get back to me.

Or heck, the day the NSA hacks into a foreign bank's servers, and steals their money or sells their sensitive data, I'll accept that too.

Posts: 1194 | Registered: Jun 2010  |  IP: Logged | Report this post to a Moderator
Rakeesh
Member
Member # 2001

 - posted      Profile for Rakeesh   Email Rakeesh         Edit/Delete Post 
I won't say that evidence indicates that government backed corporate and industrial espionage is equally shared by China and the United States. That said though, do you believe this is an example restrain for ethical reasons, a lack of matching need, or some other cause?
Posts: 17164 | Registered: Jun 2001  |  IP: Logged | Report this post to a Moderator
JanitorBlade
Administrator
Member # 12343

 - posted      Profile for JanitorBlade   Email JanitorBlade         Edit/Delete Post 
If this question was directed to me. I think the US was looking for a chance to demonstrate this capability but didn't have an obvious target. North Korea gets in a tizzy about Sony, and voila, it's like gift wrapping a target.

Russia and China have been under the impression that there was no real risk to their state sponsored hacking. The Snowden incident had ruined the US's credibility with allies in Europe and Asia, and the US is not going to try to destroy foreign firms or steal their IP because doing the former would be insane, and doing the later is stupid because neither country has IP to steal, not really.

So the stage was set for Russia and China to keep on keeping on with no response that actually had teeth, until North Korea decided to give us the opportunity to show other countries something new.

Look, I'm not saying I applaud the NSA for having that capability. I think the NSA is terrifying and has been given *way* too much power by a scared populace willing to throw all their privacy away in exchange for the perception of security.

But I'm not going to be all torn up that the US is still better at true cyber espionage than China and Russia are.

Posts: 1194 | Registered: Jun 2010  |  IP: Logged | Report this post to a Moderator
   

   Close Topic   Feature Topic   Move Topic   Delete Topic next oldest topic   next newest topic
 - Printer-friendly view of this topic
Hop To:


Contact Us | Hatrack River Home Page

Copyright © 2008 Hatrack River Enterprises Inc. All rights reserved.
Reproduction in whole or in part without permission is prohibited.


Powered by Infopop Corporation
UBB.classic™ 6.7.2