Equation Group: NSA-linked spying team have software to hack into any computer

Attacks linked to the National Security Agency have been going on for up to 15 years, and targeted Islamic scholars and encryption firms as well as governments and high-profile companies

Andrew Griffin
Tuesday 17 February 2015 14:44 GMT
Comments
The NSA in Fort Meade, Maryland. The Office of Tailored Operations, whose existence is rarely acknowledged by the NSA, hacks computers around the world – harvesting data, monitoring communications and even mounting its own cyber-attacks
The NSA in Fort Meade, Maryland. The Office of Tailored Operations, whose existence is rarely acknowledged by the NSA, hacks computers around the world – harvesting data, monitoring communications and even mounting its own cyber-attacks (Getty Images)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

The US security services have developed software that has enabled it to spy on home computers almost anywhere in the world.

Russian researchers at Kaspersky Lab have claimed that the software gave those behind it, thought to be the US National Security Agency, the power to listen in on the majority of the world’s computers.

It could be installed on practically any of the world's most common hard drives and spy on the computer while going undetected.

It was used to break in to government and other important institutions in 30 countries across the world, they claim.

Employees work at the headquarters of Kaspersky Labs, a company which specialises in the production of antivirus and internet security software
Employees work at the headquarters of Kaspersky Labs, a company which specialises in the production of antivirus and internet security software (REUTERS/Sergei Karpukhin)

Kaspersky Lab, the computer security firm that discovered the software, refused to name the country that the spying came from. But it said that it was closely related to Stuxnet, an NSA-led cyberweapon that was used in an attack on an Iranian nuclear facility.

The group was using some of the same exploits to get into computers that were used in the Stuxnet attack, even before they had been publicly exposed. That has led to many in the information security community to assume that the group behind it are either part of the NSA, or linked to the US intelligence agencies.

Instead, Kaspersky referred to the group behind the attack as the Equation group, because of the encryption used in its attacks. The group has been active since at least 2001, experts said, and “is probably one of the most sophisticated cyber attack groups in the world”, Kaspersky said in its report.

The group’s tools are complicated and expensive to develop, the report said. They are used to infect victims and steal their data, and are developed to go unnoticed.

Most of the tools are Trojans, which are implanted secretly on users’ computers and then give the group access to them.

Once a drive is infected, the only way to remove it is to destroy the drive physically.

The group has used the software to infect thousands, or perhaps tens of thousands, of victims, Kaspersky said. It was used on computers in the US, UK, Italy, Germany, the Netherlands and many other countries.

As well as governments, the software was used to attack Islamic scholars and activists, media organisations and aerospace, energy and nuclear research companies. It was also used on companies that are developing encryption software that can keep users from similar attacks.

The software uses an infrastructure built out of 100 servers and 300 domains, distributed across the world.

Kaspersky published the details of its research last night, in the hope of allowing institutions to guard against the attacks in future.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in