A Russian cybersecurity firm has revealed that it found permanently embedded surveillance and sabotage tools from the United States in computers and networks targeted in Iran, Russia, Pakistan, China, Afghanistan and several other countries.
The firm traced the spyware back to the “Equation Group,” which appears to be a reference to the National Security Agency and United States Cyber Command. The infiltrated countries are the ones most closely watched by American intelligence agencies.
The Russian firm Kaspersky Lab presented its findings at a conference in Mexico on Monday.
Using the spyware, the American intelligence agencies could capture encryption keys and unlock scrambled contents, even when the computers are not connected to the internet. The Kaspersky presentation said that it looks like the group has been carrying out these computer infections since 2001, according to time codes detected in the spyware, and increased their efforts in 2008. The United States has never acknowledged conducting any offensive cyberoperations.
The type of spyware detected is virtually impossible to completely eradicate, Kaspersky reported. Any spyware that infects the embedded software that preps the computer’s hardware before the operating system starts is beyond the reach of existing antivirus products and most security controls. If the firmware gets infected, the typical cyberattack recovery plan of wiping the computer’s operating system or replacing a computer’s hard drive becomes useless. The computer can be reinfected with the spyware even if its hard drive is wiped.
Kaspersky’s report claimed that techniques used were similar to those used in the Stuxnet virus, which disabled most of Iran’s nuclear enrichment program and similar viruses that infected computers in Iran, Pakistan and Russia. Stuxnet was part of a program code-named Olympic Games jointly run by Israel and the United States.
The report from Kaspersky also detailed efforts by the group to map out systems that are not connected to the Internet and infect them using a USB stick. In some cases, the machines were intercepted in transit and infected before being sent on their way. Former National Security Agency contractor Edward J. Snowden revealed documents that detailed the agency’s plans to install specialized hardware on computers being shipped to target countries.