The Equation Group’s scalpel proves the sledgehammer is unneeded

decrypt this the equation groups scalpel proves sledgehammer is unneeded shutterstock 134428790
Image Credit: Zentilia/Shutterstock
If you’ve been following the news lately, you’ve probably caught a glimpse into the shadowy world of Kaspersky’s newest investigation, which followed the movements and actions of the clandestine hacking collective known only as “The Equation Group.”

The group earned its name through its use of complex cryptographic algorithms to compromise targets. Operating in the shadows for over the decade, The Group’s existence only recently came to light in Kaspersky’s in-depth profile.

What the Group achieved during its lengthy tenure (and indeed, the organization may still exist) has exceeded anyone’s expectation of what was possible. By reverse engineering the firmware of drives from Seagate, Western Digital, and Toshiba, the Group discovered how to hide malware in drives with an extremely low risk of detection, and maintain an infection even if a drive was re-formatted.

There’s more to this story than the Group’s now infamous hacking ability, though. The organization’s likely connection to the NSA has dramatic implications for global cyber-security, and discredits the arguments used by those in favor of surveillance on a massive scale.

The most impressive malware, ever

The world woke up one morning in June of 2010 to discover the United States and Israel had been cooperating on a new form of malware, labeled Stuxnet. Targeted at Iranian uranium enrichment facilities, it upset the country’s centrifuges so discreetly that the country’s engineers didn’t realize there was a problem until it was too late.

Related: How Stuxnet crippled Iran’s nuclear dreams

While nation-state attacks weren’t unheard of, this was the first time a nation was caught actively harassing outside countries with a state-sponsored virus that could cause real, physical damage. It was widely speculated that the methods used were invented by the attacker that deployed Stuxnet, but it turns out the Group was behind it all along.

During its year-long dive into the activities of the Equation Group, Kaspersky discovered that the same zero-days utilized by the Group were later translated into the development of Stuxnet and Flame. Further, those exploits were only the tip of the iceberg.

“One of the modules utilized by the Equation Group (Fanny) used two zero-day exploits, which were later uncovered during the discovery of Stuxnet,” Soumenkov explained. ”In order to spread, it used the Stuxnet LNK exploit and USB sticks. For escalation of privilege, Fanny used a vulnerability patched by the Microsoft bulletin MS09-025, which from 2009 was also used in one of the early versions of Stuxnet.”

This means that at some level, members of the Group and the NSA, which deployed Stuxnet, were in contact. And it seems the NSA was outranked, at least in technical ability.

“A similar type of use of both exploits together in different computer worms, at around the same time, indicates that the Equation Group and the Stuxnet developers are either the same or working closely together.”

The Equation Group does not engage in indiscriminate attacks, but is instead a master of precise hacking.

While the Group’s malware is incredibly powerful, it wasn’t wielded indiscriminately, which further suggests a national power was in control. All software invented by the Group is incredibly selective of its targets, infecting only a few thousand machines globally and carefully monitoring each and every connection. The Group does not engage in spam attacks, but is instead a master of precise hacking.

Related: How the NSA can hide malware on your hard drive

But, despite our insistence that Kaspersky fill in a definitive link between the actions of Equation Group and the programs leaked by Edward Snowden from the NSA, Soumenkov was staunch in denying a direct link. While it appears the Equation Group and the NSA work together (likely, the former is a part of the latter), Kaspersky has no way to be certain of their affiliation.

“We do not make any attribution to the origins of the malware. We are not able to confirm the conclusions that journalists came up with,” Igor told us. “We worked on the technical analysis of the group’s malware, and we don’t have hard proof to attribute the Equation Group or speak of its origin.”

Snowden says what?

Though Igor was unwilling to name the rouge government agency as a culprit, outside research has divulged details that could potentially link the two agents in a more definitive fashion.

Namely, the several programs found in the Snowden documents (STRAITACID and STRAITSHOOTER) happen to bear a striking resemblance to a codename unearthed in the Group investigation, called STRAITBIZARRE .

STRAITBIZARRE, as those who follow the Snowden revelations might remember, was a key element in many of the programs and infection distribution webs that the NSA used to maintain their command and control networks. The software, developed by Digital Network Technologies, was a highly modular form of code that could be adapted for everything from delivering payloads onto iPhones to constructing encrypted channels for passing data between various branches of the surveillance division.

All three programs maintain similar goals in their implementation (intrusion and communication between infected machines), and even share many of the same core tenants of infrastructure that makes them work in the first place. That said, Igor was reticent to be the one who named names.

In the case of the Equation Group, it’s believed that STRAITBIZARRE was utilized to get the hard drive monitoring executable onto the hard drives of prospective targets, and once a successful drop was made, STRAITACID and STRAITSHOOTER handled all the communication between the corrupted drive and the Group’s home base.

Precision was possible after all

So why are journalists and analysts so eager to make the link between the Group and the NSA? Because, if true, it shows the NSA has opted to use mass surveillance to spy on every call and Internet search in the country simply because they could, not necessarily because they needed to. The actions of the Equation Group proves these blanket collection efforts didn’t need to be so broad, as there was already at least one specialized team dedicated to distributing digital smart-bombs with laser-like precision. The existence of the Equation Group shows that the NSA had other alternatives all along, and they actively chose to spy on everyone instead.

Related: Snowden warns to avoid Facebook, Google if you value privacy

The NSA has insisited it had to use a sledgehammer to catch the bad guys, when in reality a scalpel could’ve done the job just as well.

See, if you’re like me, much, if not all of what we’ve learned about the NSA over the course of the past two years has been enough to make your blood boil. First, they came for our phone records, then our emails. Next it was our texts, but somehow, even that wasn’t enough. They needed our search history, our Snapchats, anything we ever decided to do on the Internet was theirs for the taking, no matter how much money it cost to get there or how many technology companies they needed to compromise in the process.

The NSA has spent years in the wake of the leaks championing why it had to use a sledgehammer to catch the bad guys, when in reality a scalpel could have done the job just as well.

Should you be worried?

If there’s one thing we learned during our time with Somenkov which brings a slight sense of relief, it’s that Kaspersky is confident that because the malware is so complex, it’s unlikely the code will be used by others with ease. In all the research that Kaspersky collected over the past 12 months, its scientists concluded the threat of this malware spiraling out of control is close to zero.

And, in case you’re concerned that the Equation Group might have your machine in the crosshairs, you can use antivirus solutions provided by Kaspersky to detect the infection. “Kaspersky Lab products detect all known modules used by the Equation Group,” Igor said in closing.

Overall, while the Group’s achievements are impressive, we can’t act as though we’re surprised. Yes, the United States spies on people. We knew that already. And yes, maybe they haven’t gone about it in the most ethical manner. But it’s good to know that teams like the Equation Group are out there. They build the highly targeted malware we need, and prove a catch-all approach isn’t necessary.

The Group isn’t the problem. On the contrary, it’s the solution. The problem is the NSA’s refusal to rely on its precision and instead insist that blanket surveillance is necessary. Nations will always spy on each other, but spying on citizens is a greater sin, and one now known to be avoidable.

The views expressed here are solely those of the author and do not reflect the beliefs of Digital Trends.

Emerging Tech

CES 2019 recap: All the trends, products, and gadgets you missed

CES 2019 didn’t just give us a taste of the future, it offered a five-course meal. From 8K and Micro LED televisions to smart toilets, the show delivered with all the amazing gadgetry you could ask for. Here’s a look at all the big…

Android vs. iOS: Which smartphone platform is the best?

If you’re trying to choose a new phone and you’re not sure about the merits and pitfalls of the leading smartphone operating systems, then come on in for a detailed breakdown as we pit Android vs. iOS in various categories.

Hackers are scoring with ransomware that attacks its previous victims

Computer viruses are always evolving. In a new one, dubbed "Ryuk," hackers are targeting PCs with ransomware that scours an infected network in order to pinpoint and attack and enterprises with big money.

We tried all the latest and greatest smartphones to find the best of 2019

Smartphones are perhaps the most important and personal piece of tech on the planet. That’s why it’s important to pick the best phone for your individual needs. Here are the best smartphones you can buy.

It's not all free money. Here's what to know before you try to mine Bitcoin

Mining Bitcoin today is harder than it used to be, but if you have enough time, money, and cheap electricity, you can still turn a profit. Here's how to get started mining Bitcoin at home and in the cloud.

Need a free alternative to Adobe Illustrator? Here are our favorites

Photoshop and other commercial tools can be expensive, but drawing software doesn't need to be. This list of the best free drawing software is just as powerful as some of the more expensive offerings.
Emerging Tech

Awesome Tech You Can’t Buy Yet: camera with A.I. director, robot arm assistant

Check out our roundup of the best new crowdfunding projects and product announcements that hit the web this week. You may not be able to buy this stuff yet, but it sure is fun to gawk!

What is fixed wireless 5G? Here’s everything you need to know

Here's fixed wireless 5G explained! Learn what you need to know about this effective new wireless technology, when it's available, how much it costs, and more. If you're thinking about 5G, this guide can help!

Fix those internet dead zones by turning an old router into a Wi-Fi repeater

Is there a Wi-Fi dead zone in your home or office? A Wi-Fi repeater can help. Don't buy a new one, though. Here is how to extend Wi-Fi range with another router you have lying around.

Heal your wrist aches and pains with one of these top ergonomic mice

If you have a growing ache in your wrist, it might be worth considering ergonomic mice alternatives. But which is the best ergonomic mouse for you? One of these could be the ticket to the right purchase for you.

These are the best indie games you can get on PC right now

Though many indie games now come to consoles as well, there's still a much larger selection on PC. With that in mind, we've created a list of the best indie games for PC, with an emphasis on games that are only available on PC.

Want a MacBook that will last all day on a single charge? Check these models out

Battery life is one of the most important factors in buying any laptop, especially MacBooks. Their battery life is typically average, but there are some standouts. Knowing which MacBook has the best battery life can be rather useful.

Want a Dell laptop with an RTX 2060? Cross the new XPS 15 off your list

The next iteration of Dell's XPS 15 laptop won't come with an option for an RTX 2060, according to Alienware's Frank Azor. You could always opt for a new Alienware m15 or m17 instead.

Always have way too many tabs open? Google Chrome might finally help

Google is one step closer to bringing tab groups to its Chrome browser. The feature is now available in Google's Chrome Canady build with an early implementation that can be enabled through its flag system.