Pages

19 February 2015

Kaspersky Report Reveals the Sophistication of U.S. Computer Espionage Tactics

Danny Yadron
February 17, 2015

Report Bares U.S. Computer-Espionage Tactics

New research from a Russian computer security company offers good news and bad news for U.S. intelligence agencies.

On the one hand, the report by Kaspersky Lab appears to reaffirm that U.S. spies can hack into just about anything, including the preprogrammed code that helps a hard drive work. That means the U.S. could, in theory, burrow so deeply into a target’s computer that its spyware would remain even if the target reinstalls every piece of consumer software.

On the other hand, the rest of the world now knows where to look for U.S. computer spies. Spies don’t like being found.

Kaspersky didn’t name the U.S. or any of its agencies in the report. It labeled the hackers the “Equation Group,” because of their advanced use of encryption. (The closely held company has a policy not to name the country it thinks is behind a hacking attack.)

Nonetheless, the report is an unusually detailed look at an apparently American computer espionage operation, traditionally run out of the National Security Agency.

Kaspersky described the attackers as the most advanced it had ever encountered. Former and current U.S. officials said the tactics described in the report resemble past espionage operations.

The NSA neither confirmed nor denied involvement. “We are aware of the recently released report,” an agency spokeswoman said. “We are not going to comment publicly on any allegations that the report raises, or discuss any details.”

The tools described in the report were used against governments, telecoms, think tanks and other groups in Iran, Russia, Iraq, Hong Kong and other countries. Kaspersky said networks in the U.S. and U.K. also were targets.

To be clear, almost all world powers these days use hacker tricks to spy on each other. But the issue has become highly politicized in the U.S. following leaks fromEdward Snowden, the former NSA contractor.

Reports such as Kaspersky’s can make it harder for the U.S. to use the same intelligence tricks. The report also exposed how the U.S. sometimes hides bugs in computer software for years before the software maker fixes them.

For instance, Kaspersky found evidence that the U.S. sat on a bug in MicrosoftMSFT +1.78% software for at least two years before it was revealed in 2010. The bug was patched after security researchers found that a sophisticated worm targeting industrial-control systems, called Stuxnet, used it. Media outlets later reported that Stuxnet was a joint operation between the U.S. and Israel against Iran’s nuclear program.

Kaspersky found the same bug was used in other spying operations as early as 2008. Exploiting such bugs for spying purposes is controversial because, in theory, it leaves other Internet users at risk.

In this case, U.S. spies coded malware that could install itself into the inner-most level of hard drives made by Western Digital WDC +0.39%, Samsung Electronics005930.SE +0.22%, Seagate Technology STX +1.10%, Micron and other major vendors. Such malware would survive even if a target notices something suspicious and reinstalls Windows.

Kaspersky researchers noted designing spy tools to get to the core of a hard drive would require special access to the drive’s source code. Companies in the past have willingly given such information to the NSA. Other times, the U.S. government requires the NSA perform an audit on a vendor’s code if a product is going to be used for national-security purposes.

Western Digital, Seagate and Micron said they had no knowledge of any efforts to use their data-storage devices for intelligence gathering purposes, while stating that they go great lengths to protect the security of their products.

Seagate has “secure measures to prevent tampering or reverse engineering of its firmware or other technologies,” a spokesman for the disk drive maker said.

Western Digital said it is reviewing the Kaspersky report. “Western Digital has not provided its source code to government agencies,” a company spokesman said.

Samsung could not be reached for comment.

No comments:

Post a Comment