Not unlike a nefarious clandestine world threatening organization out of a comic book, the Equation Group is a crack team of cyber-espionage experts (see nerd spy). In a plot that the Matrix would be envious of, these cyber-spies have been hunted for months by the internet security firm Kaspersky Lab and have recently been ‘caught’.
What do they Do and why are they Nefarious
Image source: arstechnica
The Equation Group is responsible for over 500 worldwide infections, of mainly important governmental and military server style machines. The suite of cyber-espionage worms, viruses and malware were practically undetectable while they gathered, again mainly, sensitive data. The group also seems to be very closely tied to another cyber-attack, Stuxnet, that was intended to target nuclear plants in Iran, but also infected nuclear plants in Russia and a steel mill in Germany resulting in costly physical damages.
It Primarliy Targets the West’s Enemies
Image source: popsci
The primary target of the most recent malware and virus suite was Iran, the Russian Federation, Pakistan and Afghanistan. This made many people assume that the group was most probably based in the U.S. and although Kaspersky said they ‘caught’ them. They actually just managed to track the malicious software back to its authors.
The Worst Part of the Attacks
Probably the most discerning part of the attacks was the fact that the malicious software would rewrite the hard-drive firmware (that’s the software that makes your hard-drive work). So even if you erased everything and started fresh (which would normally eradicate any problems), it would still be there. The only effective way to destroy the virus was to destroy your hard-drive according to Kaspersky.
What Else Has it Infected?
Well, no one is absolutely sure because Kaspersky speculates that the programs had a self-destruct function wiping all evidence of its existence from the infected devices. Also, it takes a very specialized computer security expert to detect the malicious software again making it difficult to pinpoint. From Kaspersky’s analysis though they estimate that around 500 people in 30 different countries have been infected at this point.
Am I at Risk?
It looks like the malware specifically targeted governmental and military targets so the probability of a civilian getting infected is small. On the other hand, though, Bruce Schneier says that technology democratizes, meaning that tools or weapons such as these can be extremely destructive in the wrong hands. Still sounds a bit like a Hollywood spy movie doesn’t it?
A Little Bit More
If I haven’t made you paranoid enough, I’d also like to let you know that the suite of malware can also infect mass storage devices such as flash drives, external hard-drives (obviously), USB storage and even CDs. No! Stop smashing your computer and external storage with a hammer!!! I told you it doesn’t infect civilians!!! Do you even read what I’m writing here?
How’d they Do It?
See Also: The Evolution of the IT Professional
First off, it seems that the group is composed of very, very talented hackers. Another asset they had at their disposal seems to be the source code for the hard-drive the malicious software was written for. Basically, the source code for the hard-drives gave them a map to all the hard-drives’ vulnerabilities that they obviously took advantage of.
Are you worried about cyber-attacks? You should! Their terrifying, nevermind what I said, smash all your hard-drives!!!