It hacks system administrators worldwide. We know it’s collected every phone call in the Bahamas and Afghanistan. We know that it’s hacked the Belgian telephone company and the Brazilian oil company. On the other hand, the NSA’s definition of “targeted” can be pretty broad. In the overall scheme of things, this is much less disruptive to Internet security than deliberately inserting vulnerabilities that leave everyone insecure. It’s exploiting existing vulnerabilities. On one hand, it’s the sort of thing we want the NSA to do. The targets included government and military institutions, telecommunication companies, banks, energy companies, nuclear researchers, media, and Islamic activists, Kaspersky said.” A map of the infections Kaspersky found bears this out. Reuters again: “Kaspersky said it found personal computers in 30 countries infected with one or more of the spying programs, with the most infections seen in Iran, followed by Russia, Pakistan, Afghanistan, China, Mali, Syria, Yemen and Algeria. It’s doing it only to networks it wants to monitor. There’s nothing here that implies the NSA is doing this sort of thing to every computer, router, or hard drive. We already know about the NSA’s infection methods using packet injection and hardware interception. (Aside: I don’t believe the person who leaked that catalog is Edward Snowden.) In those pages, we saw examples of malware that embedded itself in computers’ BIOS and disk drive firmware. We saw examples of these techniques in 2013, when Der Spiegel published details of the NSA’s 2008 catalog of implants.
Another former intelligence operative confirmed that the NSA had developed the prized technique of concealing spyware in hard drives, but said he did not know which spy efforts relied on it.” A related Reuters story provides more confirmation: “A former NSA employee told Reuters that Kaspersky’s analysis was correct, and that people still in the intelligence agency valued these spying programs as highly as Stuxnet. Kaspersky doesn’t explicitly name the NSA, but talks about similarities between these techniques and Stuxnet, and points to NSA-like codenames. The details are impressive, and I urge anyone interested to read the Kaspersky documents, or this very detailed article from Ars Technica. This week, Kaspersky Labs published detailed information on what it calls the Equation Group - almost certainly the NSA - and its abilities to embed spyware deep inside computers, gaining pretty much total control of those computers while maintaining persistence in the face of reboots, operating system reinstalls, and commercial anti-virus products. The Equation Group's Sophisticated Hacking and Exploitation Tools
0 kommentar(er)
