Cyber espionage is not a new game but it has become
more apparent and visible these days. World over intelligence
agencies have been using various techniques and methods to infiltrate
and track users of their interest. These methods include hardware and
software based spyware. The National Security Agency (NSA) of United
States has even used radio
waves to do e-surveillance.
As per the Cyber
Security Trends in India 2015 by Perry4Law
Organisation (P4LO), Malware like Stuxnet,
Duqu, Flame,
Uroburos/Snake,
Blackshades,
FinFisher,
Gameover
Zeus (GOZ), Carbanak,
etc would further increase in the year 2015. These are sophisticated
and customised malware that remained in operation for decades without
being tracked by the victims.
Traditional hardware and software based security
mechanisms have failed to protect crucial assets and sensitive
information of various organisations and nations. An out of the box
solution is need of the hour to tackle present day malware. For
instance, the Moscow-based security software maker Kaspersky Lab has
recently discovered hidden spyware in hard drives of computers.
Kaspersky called the authors of the spying program “the Equation
group,” named after their embrace of complex encryption formulas.
More details can be found at the documents titled Equation
Group- Questions and Answers (PDF) released by Kaspersky.
These hard drives are manufactured by Western
Digital, Seagate, Toshiba and other top manufacturers, thereby making
their use a potential cyber hazard. Kaspersky said it found personal
computers in 30 countries infected with one or more of the spying
programs, with the most infections seen in Iran, followed by Russia,
Pakistan, Afghanistan, China, Mali, Syria, Yemen and Algeria. The
targets included government and military institutions,
telecommunication companies, banks, energy companies, nuclear
researchers, media, and Islamic activists, Kaspersky said.
Although Kaspersky has not publicly named the
country or organisation behind this spyware yet it has claimed that
the work is attributed to the same people who are behind Stuxnet
malware. Some claim that Stuxnet is a product of National Security
Agency (NSA) of U.S. This view has been affirmed by a former NSA
employee who told Reuters that Kaspersky’s analysis was correct,
and that people still in the intelligence agency valued these spying
programs as highly as Stuxnet. Another former intelligence operative
confirmed that the NSA had developed the prized technique of
concealing spyware in hard drives, but said he did not know which spy
efforts relied on it. NSA spokeswoman Vanee Vines declined to
comment.
Kaspersky believes that this sort of cyber espionage
is possible only if a person or organisation has access to source
code of the hardware known as firmware. Once the access is there, the
source code can be manipulated the way it has been alleged to be done
by NSA. The spyware is activated the moment a computer with infected
hard drive is switched on. Since the spyware/malware is booting from
the firmware, antivirus and ant malware products cannot detect the
same and the malware keep on working stealthily.
A firmware infection is the second most sought after
method by crackers and cyber criminals to infect and compromise a
system. Obviously, BIOS infection through rootkit is the favourite
methods of such cyber criminals. No matter how many times a user
disinfects his computer, the hardware/BIOS based malware would keep
on infecting it again and again. This is so even if a user reinstalls
the operating system as the infection is not at the OS level but at
the root level itself.
Kaspersky has informed that the owner of this
still-active malware could have taken complete control of the systems
that were using the infected hard drives but they preferred to target
selective few of high interest. According to Kaspersky, the malware
owner also used other methods of cyber espionage and cyber spying
like compromising jihadist websites, infecting USB sticks and CDs,
and developing a self-spreading computer worm called Fanny. There
seems to be collaboration between the authors of Fanny and Stuxnet as
both exploit two of the same undisclosed software flaws, known as
zero days. Kaspersky believes that it is quite possible that the
Equation group used Fanny to scout out targets for Stuxnet in Iran
and spread the virus.
Source: Global
Techno Legal News And Views.