Solve : Kaspersky Labs has uncovered NSA malware?

1.	Solve : Kaspersky Labs has uncovered NSA malware?
Answer» This is filed under the "Well DUH!" news section but nonetheless an important finding. I wouldn't normally link to Reddit for news but the first few comments have a lot of good information. Source: Kaspersky Labs has uncovered a malware publisher that is pervasive, persistent, and seems to be the US Government. They infect hard drive firmware, USB thumb drive firmware, and can intercept encryption keys used Quote WHAT MAKES THE EQUATION GROUP UNIQUE? Ultimate persistence and invisibility GReAT has been able to recover two modules which allow reprogramming of the hard drive firmware of more than a dozen of the popular HDD brands. This is perhaps the most powerful tool in the Equation group’s arsenal and the first known malware capable of infecting the hard drives. By reprogramming the hard drive firmware (i.e. rewriting the hard drive’s operating system), the group achieves two purposes: An extreme level of persistence that helps to survive disk formatting and OS reinstallation. If the malware gets into the firmware, it is available to “resurrect” itself forever. It may prevent the deletion of a certain disk sector or substitute it with a malicious one during system boot. “Another dangerous thing is that once the hard drive gets infected with this malicious payload, it is impossible to scan its firmware. To put it simply: for most hard drives there are functions to write into the hardware firmware area, but there are no functions to read it back. It means that we are practically blind, and cannot detect hard drives that have been infected by this malware” – warns Costin Raiu, Director of the Global Research and Analysis Team at Kaspersky Lab. The ability to create an invisible, persistent area hidden inside the hard drive. It is used to save exfiltrated information which can be later retrieved by the attackers. Also, in some cases it may help the group to crack the encryption: “Taking into account the fact that their GrayFish implant is active from the very boot of the system, they have the ability to capture the encryption password and save it into this hidden area,” explains Costin Raiu. The NSA also has a special piece of software that can actually create clowns and they come out of the floppy drive, according to a former NSA employee.And that's why I normally wouldn't link to Reddit as a news source BC. They don't take anything seriously. Especially when there are fake KARMA points to gain. It's a race to see just how fast and how far they can take a post off topic. This Kaspersky finding isn't a joke. Law enforcement, especially federal, can bend the rules farther and faster than any criminal can. If you or I have typed a certain keyword into Google, Bing or any other search engine or visited a certain website then this malware can easily be on our computer right now. I haven't broken any federal laws and I don't deserve to be spied on. Maybe I need a Snickers. I get all Edward Snowden when I'm hungry.... Quote from: evilfantasy on February 17, 2015, 11:54:56 AM And that's why I normally wouldn't link to Reddit as a news source BC. They don't take anything seriously. Especially when there are fake karma points to gain. It's a race to see just how fast and how far they can take a post off topic. This Kaspersky finding isn't a joke. Law enforcement, especially federal, can bend the rules farther and faster than any criminal can. If you or I have typed a certain keyword into Google, Bing or any other search engine or visited a certain website then this malware can easily be on our computer right now. I haven't broken any federal laws and I don't deserve to be spied on. Maybe I need a Snickers. I get all Edward Snowden when I'm hungry.... My point was this. "according to a former NSA employee." You can staple that onto anything if you want to write an article, and, automatically, what you say is gospel. Considering online journals and news sites have been found fabricating quotes completely from people who they never talked to, I wouldn't be surprised if they just invented the information that "came from a former NSA employee". It makes sense that the name would be ANONYMIZED I suppose and there would be no way to externally verify it to protect them, but with such claims they need to at least have some corroboration outside of that.So you think the Kaspersky article is, in part, fabricated? They didn't find the malware or the fake company behind it? You think the NSA isn't stepping all over the US Constitution that protects us from what they are accused of doing? Really? Quote from: evilfantasy on February 17, 2015, 01:53:34 PM So you think the Kaspersky article is, in part, fabricated? They didn't find the malware or the fake company behind it? You think the NSA isn't stepping all over the US Constitution that protects us from what they are accused of doing? Really? the Kaspersky article says nothing about the NSA. it is the other articles that link the Kaspersky article which make that claim, and they are highly speculative. What they found (Kaspersky) is malware created by a group they (or themselves?) call "The Equation Group". Within the article, Kaspersky mentions that "The Equation Group" has "solid links indicating that the Equation group has interacted with other powerful groups, such as the Stuxnet and Flame operators – generally from a position of superiority." The "logic" goes that stuxnet, based on very little, was created by the NSA, and so was Flame. (many of the articles claim "there are strong connections between worms like stuxnet and the NSA" which is pretty much a fabrication, as those "connections" don't exist. The real "connection" is: 1.Equation Group interacts with those responsible for the stuxnet and flame operators acting as an authority towards them 2.Stuxnet was created by a malware authorship sponsored by the Israeli government to try to damage or otherwise negatively impact Iranian public works. (somewhat speculative) 3.Because Israel's actions against it's neighbours are generally supported by the United States, and if there was a more powerful entity associating with the Israeli during the creation of stuxnet, than that "more powerful entity"- The Equation Group- must be the NSA. Tenous connections, finely drawn. Quote You think the NSA isn't stepping all over the US Constitution that protects us from what they are accused of doing? Really? Need a lighter for that strawman? I didn't think you were this naive BC. At least you weren't at one time.A fine argument! I'm convinced.From your replies there is no changing your mind or even meeting in the middle so I would rather avoid the circle jerk, thanks.I also have a rule of not discussing politics with family and friends. We won't see eye to eye on this so no need in hurting each others feelings.The "naive" here would be the people who were surprised to LEARN about it. It's like everybody was like "Oh, remember how your average American was often under surveillance during the McCarthy era? Good thing they never did the same thing with the internet, whew! Dodged a bullet there guys! Now let's anonymize ourselves online using this anonymizer created by the NSA." and then was flabbergasted to learn that, powerpoint skills aside, "OMGS THEY KNOW HOW TO INTERNETS". Yes, It is HUGE revelation that a similar branch of the government that was responsible for effectively suspending their country's founding documents when it was convenient to "drive out the reds" after bills dictating the cause were passed into law during the Cold War are also responsible for effectively suspending their country's founding documents when it is convenient to "find terrorists" after bills dictating the cause were passed into law. Forgive me, but my attitude has been mostly surprise that there were people so naive as to think that it wasn't going on, and then when it all came out everybody was going on like it was big news. They may as well have declared the sky was blue for all the new information it actually presented. But then following that suddenly everything conncets back to it. Like come on this isn't illuminati conspiracy, if anything it's just Hoover's FBI all over again. EDIT: For some reason I feel it important to point out that the U.S constitution doesn't apply to me anyway, since I'm not an American, but the presumption one can make (I am assuming, for the moment, that all the articles are true and every single one of them is 100% accurate in their connections) would be that Canada is no doubt a party to this in some fashion, as would be most U.S allies. The only thing truly surprising would be that they became so incompetent that people actually know any details and the person responsible (who has a true hollywood hero backstory) hasn't been "dealt with". Quote from: BC_Programmer on February 17, 2015, 02:48:26 PM The "naive" here would be the people who were surprised to learn about it. The very first comment of mine when I posted this. Quote from: evilfantasy on February 16, 2015, 07:44:59 PM This is filed under the "Well DUH!" news section but nonetheless an important finding. Quote from: BC_Programmer on February 17, 2015, 02:48:26 PM EDIT: For some reason I feel it important to point out that the U.S constitution doesn't apply to me anyway, since I'm not an American, but the presumption one can make (I am assuming, for the moment, that all the articles are true and every single one of them is 100% accurate in their connections) would be that Canada is no doubt a party to this in some fashion, as would be most U.S allies. What makes this so important is that you my friend are presumably affected by this. The NSA does not recognise or acknowledge virtual borders. The US Government's attitude towards data on the internet, including PEOPLES personal password protected and/or encrypted data, is no different than how many people feel about downloading copyright protected material. It's there so they are entitled to use it however they want to. It is state sponsored malware and you are right in suspecting that it isn't just the USA using this malware. It's not a local story. It's worldwide. Quote from: evilfantasy on February 17, 2015, 03:07:18 PM What makes this so important is that you my friend are presumably affected by this. The NSA does not recognise or acknowledge virtual borders. The US Government's attitude towards data on the internet, including peoples personal password protected and/or encrypted data, is no different than how many people feel about downloading copyright protected material. It's there so they are entitled to use it however they want to. It is state sponsored malware and you are right in suspecting that it isn't just the USA using this malware. It's not a local story. It's worldwide. But this does bring us back, I think, to my previous post- the Kaspersky article doesn't mention NSA. So I am unclear, personally, how that connection is made. Aside from the known information fitting into the narrative (via the jumps I noted previously). some other articles do quote "NSA Contacts" and "former NSA employees". That sort of nebulity is troublesome for me in terms of TRUST-factor. I suppose it comes down to a case of trust. I don't trust news sites, and I truly do not think they are above fabricating information, particularly since they have been found to do just that sometimes. I also do not think questioning news magazines/articles should be considered naivety. If we are going to be skeptical of, say, the NSA's motives (or whatever), I don't think that skepticism should stop when it comes to the source of the news on which we base that skepticism. It's particularly worth considering how many such news sites have- well, ballooned- the original claims. kaspersky's article makes it clear it was intended for specific high-profile targets, and doesn't mention the NSA... Fair enough. Reuters than has the aforementioned quotation, which (allegedly) connects the entire operation to the NSA. And then you have sites taking that and turning it into "Your hard drives were RIDDLED with NSA SPYWARE for YEARS, and attributes claims to Kaspersky "Kaspersky's analysis says the NSA...". I hope you can understand what I'm saying here, because that is just a ridiculous title given what we can see in the Kaspersky article used as the primary source, and is nothing more than scare-mongering clickbait, and this sort of thing is only made worse with the passage of time as well. Forget the unnamed sources for a minute and nevermind the fact that we all have had suspicions about the NSA creating malware. Besides those two things it's not so much that the story was published but rather it's the physical evidence that Kaspersky has found. Programs like this run by the US have a very bad record of not just over stepping the "rules" but completely ignoring the rules to begin with. (The rules being the US Constitution) I'm all for counter terrorism but judging from the past this will trickle down to the state level and be turned against everyday citizens, if it already hasn't. If this malware is embedded as deeply into the hardware as Kaspersky claims you have to ask yourself just how it got there to begin with? AMD? Cisco? Intel? Do you see where I'm going here? Who else is in on this because it sounds like it is being built into the hardware at the manufacturing level and THAT is what concerns me the most. The NSA freaked out on Google, Apple and other companies when they said they will no longer make it possible for the NSA to snoop on their users. Is this how the NSA will get around the new security? Building the malware into the hardware seems like a pretty effective way to do it and that means they are spying on everyone. Not just US citizens or suspected terrorists but the entire world population.If the story is fake, in time it will be exposed. Stories like that one are coming in every day. Are all such bogus because the lack of some detail? Here is another: NSA planted surveillance software on hard drives, report says The link is to CNET. So must we dismiss it? OR: Find out if the UK used NSA data to spy on you The link below was published some time ago. Nothing new. http://en.wikipedia.org/wiki/Terrorist_Surveillance_Program Quote During the Obama Administration, the NSA has allegedly continued operating under the new FISA guidelines despite campaign promises to end warrantless wiretapping.[3] However, in April 2009 officials at the United States Department of Justice acknowledged that the NSA had engaged in "overcollection" of domestic communications in excess of the FISA court's authority, but claimed that the acts were unintentional and had since been rectified.[4] Accoutring the that, it was unintentional. So it does not count.

Answer»

This is filed under the "Well DUH!" news section but nonetheless an important finding.

I wouldn't normally link to Reddit for news but the first few comments have a lot of good information.

Source: Kaspersky Labs has uncovered a malware publisher that is pervasive, persistent, and seems to be the US Government. They infect hard drive firmware, USB thumb drive firmware, and can intercept encryption keys used

Quote

WHAT MAKES THE EQUATION GROUP UNIQUE?

Ultimate persistence and invisibility

GReAT has been able to recover two modules which allow reprogramming of the hard drive firmware of more than a dozen of the popular HDD brands. This is perhaps the most powerful tool in the Equation group’s arsenal and the first known malware capable of infecting the hard drives.
By reprogramming the hard drive firmware (i.e. rewriting the hard drive’s operating system), the group achieves two purposes:

An extreme level of persistence that helps to survive disk formatting and OS reinstallation. If the malware gets into the firmware, it is available to “resurrect” itself forever. It may prevent the deletion of a certain disk sector or substitute it with a malicious one during system boot. “Another dangerous thing is that once the hard drive gets infected with this malicious payload, it is impossible to scan its firmware. To put it simply: for most hard drives there are functions to write into the hardware firmware area, but there are no functions to read it back. It means that we are practically blind, and cannot detect hard drives that have been infected by this malware” – warns Costin Raiu, Director of the Global Research and Analysis Team at Kaspersky Lab. The ability to create an invisible, persistent area hidden inside the hard drive. It is used to save exfiltrated information which can be later retrieved by the attackers. Also, in some cases it may help the group to crack the encryption: “Taking into account the fact that their GrayFish implant is active from the very boot of the system, they have the ability to capture the encryption password and save it into this hidden area,” explains Costin Raiu.

The NSA also has a special piece of software that can actually create clowns and they come out of the floppy drive, according to a former NSA employee.And that's why I normally wouldn't link to Reddit as a news source BC. They don't take anything seriously. Especially when there are fake KARMA points to gain. It's a race to see just how fast and how far they can take a post off topic.

This Kaspersky finding isn't a joke. Law enforcement, especially federal, can bend the rules farther and faster than any criminal can. If you or I have typed a certain keyword into Google, Bing or any other search engine or visited a certain website then this malware can easily be on our computer right now. I haven't broken any federal laws and I don't deserve to be spied on.

Maybe I need a Snickers. I get all Edward Snowden when I'm hungry.... Quote from: evilfantasy on February 17, 2015, 11:54:56 AM

And that's why I normally wouldn't link to Reddit as a news source BC. They don't take anything seriously. Especially when there are fake karma points to gain. It's a race to see just how fast and how far they can take a post off topic.

This Kaspersky finding isn't a joke. Law enforcement, especially federal, can bend the rules farther and faster than any criminal can. If you or I have typed a certain keyword into Google, Bing or any other search engine or visited a certain website then this malware can easily be on our computer right now. I haven't broken any federal laws and I don't deserve to be spied on.

Maybe I need a Snickers. I get all Edward Snowden when I'm hungry....

My point was this. "according to a former NSA employee."

You can staple that onto anything if you want to write an article, and, automatically, what you say is gospel. Considering online journals and news sites have been found fabricating quotes completely from people who they never talked to, I wouldn't be surprised if they just invented the information that "came from a former NSA employee". It makes sense that the name would be ANONYMIZED I suppose and there would be no way to externally verify it to protect them, but with such claims they need to at least have some corroboration outside of that.So you think the Kaspersky article is, in part, fabricated? They didn't find the malware or the fake company behind it? You think the NSA isn't stepping all over the US Constitution that protects us from what they are accused of doing? Really? Quote from: evilfantasy on February 17, 2015, 01:53:34 PM

So you think the Kaspersky article is, in part, fabricated? They didn't find the malware or the fake company behind it? You think the NSA isn't stepping all over the US Constitution that protects us from what they are accused of doing? Really?

the Kaspersky article says nothing about the NSA. it is the other articles that link the Kaspersky article which make that claim, and they are highly speculative.

What they found (Kaspersky) is malware created by a group they (or themselves?) call "The Equation Group".

Within the article, Kaspersky mentions that "The Equation Group" has "solid links indicating that the Equation group has interacted with other powerful groups, such as the Stuxnet and Flame operators – generally from a position of superiority."

The "logic" goes that stuxnet, based on very little, was created by the NSA, and so was Flame. (many of the articles claim "there are strong connections between worms like stuxnet and the NSA" which is pretty much a fabrication, as those "connections" don't exist.

The real "connection" is:

1.Equation Group interacts with those responsible for the stuxnet and flame operators acting as an authority towards them
2.Stuxnet was created by a malware authorship sponsored by the Israeli government to try to damage or otherwise negatively impact Iranian public works. (somewhat speculative)
3.Because Israel's actions against it's neighbours are generally supported by the United States, and if there was a more powerful entity associating with the Israeli during the creation of stuxnet, than that "more powerful entity"- The Equation Group- must be the NSA.

Tenous connections, finely drawn.

Quote

You think the NSA isn't stepping all over the US Constitution that protects us from what they are accused of doing? Really?

Need a lighter for that strawman?

I didn't think you were this naive BC. At least you weren't at one time.A fine argument! I'm convinced.From your replies there is no changing your mind or even meeting in the middle so I would rather avoid the circle jerk, thanks.I also have a rule of not discussing politics with family and friends. We won't see eye to eye on this so no need in hurting each others feelings.The "naive" here would be the people who were surprised to LEARN about it. It's like everybody was like "Oh, remember how your average American was often under surveillance during the McCarthy era? Good thing they never did the same thing with the internet, whew! Dodged a bullet there guys! Now let's anonymize ourselves online using this anonymizer created by the NSA." and then was flabbergasted to learn that, powerpoint skills aside, "OMGS THEY KNOW HOW TO INTERNETS".

Yes, It is HUGE revelation that a similar branch of the government that was responsible for effectively suspending their country's founding documents when it was convenient to "drive out the reds" after bills dictating the cause were passed into law during the Cold War are also responsible for effectively suspending their country's founding documents when it is convenient to "find terrorists" after bills dictating the cause were passed into law.

Forgive me, but my attitude has been mostly surprise that there were people so naive as to think that it wasn't going on, and then when it all came out everybody was going on like it was big news. They may as well have declared the sky was blue for all the new information it actually presented. But then following that suddenly everything conncets back to it. Like come on this isn't illuminati conspiracy, if anything it's just Hoover's FBI all over again.

EDIT: For some reason I feel it important to point out that the U.S constitution doesn't apply to me anyway, since I'm not an American, but the presumption one can make (I am assuming, for the moment, that all the articles are true and every single one of them is 100% accurate in their connections) would be that Canada is no doubt a party to this in some fashion, as would be most U.S allies.

The only thing truly surprising would be that they became so incompetent that people actually know any details and the person responsible (who has a true hollywood hero backstory) hasn't been "dealt with".
Quote from: BC_Programmer on February 17, 2015, 02:48:26 PM

The "naive" here would be the people who were surprised to learn about it.

The very first comment of mine when I posted this.

Quote from: evilfantasy on February 16, 2015, 07:44:59 PM

This is filed under the "Well DUH!" news section but nonetheless an important finding.

Quote from: BC_Programmer on February 17, 2015, 02:48:26 PM

EDIT: For some reason I feel it important to point out that the U.S constitution doesn't apply to me anyway, since I'm not an American, but the presumption one can make (I am assuming, for the moment, that all the articles are true and every single one of them is 100% accurate in their connections) would be that Canada is no doubt a party to this in some fashion, as would be most U.S allies.

What makes this so important is that you my friend are presumably affected by this. The NSA does not recognise or acknowledge virtual borders. The US Government's attitude towards data on the internet, including PEOPLES personal password protected and/or encrypted data, is no different than how many people feel about downloading copyright protected material. It's there so they are entitled to use it however they want to. It is state sponsored malware and you are right in suspecting that it isn't just the USA using this malware. It's not a local story. It's worldwide. Quote from: evilfantasy on February 17, 2015, 03:07:18 PM

What makes this so important is that you my friend are presumably affected by this. The NSA does not recognise or acknowledge virtual borders. The US Government's attitude towards data on the internet, including peoples personal password protected and/or encrypted data, is no different than how many people feel about downloading copyright protected material. It's there so they are entitled to use it however they want to. It is state sponsored malware and you are right in suspecting that it isn't just the USA using this malware. It's not a local story. It's worldwide.

But this does bring us back, I think, to my previous post- the Kaspersky article doesn't mention NSA. So I am unclear, personally, how that connection is made. Aside from the known information fitting into the narrative (via the jumps I noted previously). some other articles do quote "NSA Contacts" and "former NSA employees". That sort of nebulity is troublesome for me in terms of TRUST-factor. I suppose it comes down to a case of trust. I don't trust news sites, and I truly do not think they are above fabricating information, particularly since they have been found to do just that sometimes.

I also do not think questioning news magazines/articles should be considered naivety. If we are going to be skeptical of, say, the NSA's motives (or whatever), I don't think that skepticism should stop when it comes to the source of the news on which we base that skepticism. It's particularly worth considering how many such news sites have- well, ballooned- the original claims. kaspersky's article makes it clear it was intended for specific high-profile targets, and doesn't mention the NSA... Fair enough. Reuters than has the aforementioned quotation, which (allegedly) connects the entire operation to the NSA. And then you have sites taking that and turning it into "Your hard drives were RIDDLED with NSA SPYWARE for YEARS, and attributes claims to Kaspersky "Kaspersky's analysis says the NSA...". I hope you can understand what I'm saying here, because that is just a ridiculous title given what we can see in the Kaspersky article used as the primary source, and is nothing more than scare-mongering clickbait, and this sort of thing is only made worse with the passage of time as well.
Forget the unnamed sources for a minute and nevermind the fact that we all have had suspicions about the NSA creating malware. Besides those two things it's not so much that the story was published but rather it's the physical evidence that Kaspersky has found. Programs like this run by the US have a very bad record of not just over stepping the "rules" but completely ignoring the rules to begin with. (The rules being the US Constitution) I'm all for counter terrorism but judging from the past this will trickle down to the state level and be turned against everyday citizens, if it already hasn't. If this malware is embedded as deeply into the hardware as Kaspersky claims you have to ask yourself just how it got there to begin with? AMD? Cisco? Intel? Do you see where I'm going here? Who else is in on this because it sounds like it is being built into the hardware at the manufacturing level and THAT is what concerns me the most.

The NSA freaked out on Google, Apple and other companies when they said they will no longer make it possible for the NSA to snoop on their users. Is this how the NSA will get around the new security? Building the malware into the hardware seems like a pretty effective way to do it and that means they are spying on everyone. Not just US citizens or suspected terrorists but the entire world population.If the story is fake, in time it will be exposed. Stories like that one are coming in every day. Are all such bogus because the lack of some detail?
Here is another:
NSA planted surveillance software on hard drives, report says
The link is to CNET. So must we dismiss it?
OR:
Find out if the UK used NSA data to spy on you
The link below was published some time ago. Nothing new.
http://en.wikipedia.org/wiki/Terrorist_Surveillance_Program
Quote

During the Obama Administration, the NSA has allegedly continued operating under the new FISA guidelines despite campaign promises to end warrantless wiretapping.[3] However, in April 2009 officials at the United States Department of Justice acknowledged that the NSA had engaged in "overcollection" of domestic communications in excess of the FISA court's authority, but claimed that the acts were unintentional and had since been rectified.[4]

Accoutring the that, it was unintentional. So it does not count.

Solve : Kaspersky Labs has uncovered NSA malware?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment