Jump to content

Elite hacking organisation uncovered: "The Equation Group"


Recommended Posts

Posted (edited)

By encrypting all malicious files and storing them in multiple branches of a computer's Windows registry, the infection was impossible to detect using antivirus software.

well i am safe. i dont have this at all. never did. born free and pure.

dunno about you though.blink.png

an indication that the group successfully compromised both iOS and OS X devices.

nope still missing mebiggrin.png

Edited by rabid old goat
Posted (edited)

I read the article in the OP and I don't understand. It says that "military grade" disk wiping won't remove these threats.

What does that mean? Unless the hackers got access to firmware on the HDD itself, there's no way one couldn't wipe the disk. Most times I've heard the term "military grade" wiping it meant overwriting the disk numerous times with 1's and 0's. Of course that won't get it because that only targets the data in one partition. It won't target hidden partitions.

Maybe diskpart won't get it but I doubt it. When the clean command with the /all switch is used there's no data left on the disk. It takes data to create a partition, even a hidden one. When a HDD is first manufactured it has no data on it except what's in the firmware.

I'll bet if I used diskpart there wouldn't be any data on the disks that would help hackers. After using diskpart clean /all even the bios can't recognize the disk. It doesn't show. Then the disk has to be activated by a utility before it can even be partitioned and formatted.

I'm not ready to believe that a HDD can't be wiped back to right at the end of the factory assembly line before any data is put on it other than firmware on its hardware.

Edited by NeverSure
Posted (edited)

I read the article in the OP and I don't understand. It says that "military grade" disk wiping won't remove these threats.

What does that mean? Unless the hackers got access to firmware on the HDD itself, there's no way one couldn't wipe the disk. Most times I've heard the term "military grade" wiping it meant overwriting the disk numerous times with 1's and 0's. Of course that won't get it because that only targets the data in one partition. It won't target hidden partitions.

Maybe diskpart won't get it but I doubt it. When the clean command with the /all switch is used there's no data left on the disk. It takes data to create a partition, even a hidden one. When a HDD is first manufactured it has no data on it except what's in the firmware.

I'll bet if I used diskpart there wouldn't be any data on the disks that would help hackers. After using diskpart clean /all even the bios can't recognize the disk. It doesn't show. Then the disk has to be activated by a utility before it can even be partitioned and formatted.

I'm not ready to believe that a HDD can't be wiped back to right at the end of the factory assembly line before any data is put on it other than firmware on its hardware.

So you didn't read the article.

The article explains how the malware accesses and rewrites HDD firmware and even stores data in the memory reserved for the firmware.

"disk wiping" only erases data stored on the proper storage areas, but not data contained in the storage reserved for firmware, meaning once the disk is wiped, the malware is ready to re-install itself from the firmware...

Edited by manarak
  • Like 1
Posted

There ought to be a shorter, lay person's version of this article.

But thanks for posting.

Malware is being injected into the firmware of Hard disk controller PCB's.

Think how the xbox 360 was compromised to allow playing pirated games.

It's that, but a lot more.

Posted

All I can say is, we should be thankful that there's a non-American security vendor (Kaspersky) out there, uncovering this stuff.....

  • Like 2
Posted (edited)

I'm not ready to believe that a HDD can't be wiped back to right at the end of the factory assembly line before any data is put on it other than firmware on its hardware.

What's to say you're going to be able to get a clean firmware?

We have to consider they're just stepping lightly/politically when they describe how this malicious code might get deployed in the first place...

The linked article is also stepping very lightly - all they say is "[they] have unlimited resources".... Not too many suspects now is there?

Edited by IMHO
Posted

All I can say is, we should be thankful that there's a non-American security vendor (Kaspersky) out there, uncovering this stuff.....

absolutely !

Posted

I'm scared about the risk of third parties piggybacking on the NSA's tools.

It's all very scary.

The one element of my security schema that could still prevent such breach on my computers is the firewall - but how can I be sure it will also detect connections to the NSA's covert servers since my firewall's manufacturer is located in the USA?

Posted

I'm scared about the risk of third parties piggybacking on the NSA's tools.

It's all very scary.

The one element of my security schema that could still prevent such breach on my computers is the firewall - but how can I be sure it will also detect connections to the NSA's covert servers since my firewall's manufacturer is located in the USA?

You can't trust American vendors, simple as that. I mean I do trust some - Apple would have a lot to lose if it was found to cooperate with the NSA, and they have enough resources to fight off legal threats in court. Same for Google, and some others.

But for small vendors, if they're faced with one of those top secret letters they can't talk about, they can either shut down their business (like Lavabit) or they can comply. And I guess all those that aren't directly in the security business would comply.

Anyway the firewall is the least of your problems; Windows comes with a Firewall, I don't think the NSA has backdoors into that. Because they don't need to - they have many other ways to get in.

Posted

Read the article. This is pretty awesome: "While it's simple for end users to re-flash their hard drives using executable files provided by manufacturers, it's just about impossible for an outsider to reverse engineer a hard drive, read the existing firmware, and create malicious versions."

For an outsider; we can bet that the NSA either made HDD manufacturers give them source level access, or that they hacked those manufacturers. Hacking 12 HDD manufacturers with targeted attacks would be a piece of cake for the Equation Group, given their demonstrated capabilities. It's kids stuff the junior intern could do in an afternoon.

If you take some clever people and supply them with money and access only the NSA has, things like that can happen.

The upside is this: Can you imagine how incredibly pissed off they must be that Kaspersky did this detailed analysis on them? That their cover is basically blown? They can still do all these things, and more, but now everybody knows about it. Kaspersky of course would have acted on behalf of Russian intelligence, there's no doubt about that.

  • Like 1
Posted

The question is if Kaspersky or any other company has been actually able to adjust their virus-scanning-software so users can find out if they are infected. Even though users would probably have to replace their HD in case that has happened

Posted

There ought to be a shorter, lay person's version of this article.

But thanks for posting.

Malware is being injected into the firmware of Hard disk controller PCB's.

Think how the xbox 360 was compromised to allow playing pirated games.

It's that, but a lot more.

Thanks i will check it out, but still many words above MY head:

firmware, hard disc controller and PCB for a start

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.



×
×
  • Create New...