The Equation Group’s scalpel proves the sledgehammer is unneeded

decrypt this the equation groups scalpel proves sledgehammer is unneeded shutterstock 134428790
Image Credit: Zentilia/Shutterstock
If you’ve been following the news lately, you’ve probably caught a glimpse into the shadowy world of Kaspersky’s newest investigation, which followed the movements and actions of the clandestine hacking collective known only as “The Equation Group.”

The group earned its name through its use of complex cryptographic algorithms to compromise targets. Operating in the shadows for over the decade, The Group’s existence only recently came to light in Kaspersky’s in-depth profile.

What the Group achieved during its lengthy tenure (and indeed, the organization may still exist) has exceeded anyone’s expectation of what was possible. By reverse engineering the firmware of drives from Seagate, Western Digital, and Toshiba, the Group discovered how to hide malware in drives with an extremely low risk of detection, and maintain an infection even if a drive was re-formatted.

There’s more to this story than the Group’s now infamous hacking ability, though. The organization’s likely connection to the NSA has dramatic implications for global cyber-security, and discredits the arguments used by those in favor of surveillance on a massive scale.

The most impressive malware, ever

The world woke up one morning in June of 2010 to discover the United States and Israel had been cooperating on a new form of malware, labeled Stuxnet. Targeted at Iranian uranium enrichment facilities, it upset the country’s centrifuges so discreetly that the country’s engineers didn’t realize there was a problem until it was too late.

Related: How Stuxnet crippled Iran’s nuclear dreams

While nation-state attacks weren’t unheard of, this was the first time a nation was caught actively harassing outside countries with a state-sponsored virus that could cause real, physical damage. It was widely speculated that the methods used were invented by the attacker that deployed Stuxnet, but it turns out the Group was behind it all along.

During its year-long dive into the activities of the Equation Group, Kaspersky discovered that the same zero-days utilized by the Group were later translated into the development of Stuxnet and Flame. Further, those exploits were only the tip of the iceberg.

“One of the modules utilized by the Equation Group (Fanny) used two zero-day exploits, which were later uncovered during the discovery of Stuxnet,” Soumenkov explained. ”In order to spread, it used the Stuxnet LNK exploit and USB sticks. For escalation of privilege, Fanny used a vulnerability patched by the Microsoft bulletin MS09-025, which from 2009 was also used in one of the early versions of Stuxnet.”

This means that at some level, members of the Group and the NSA, which deployed Stuxnet, were in contact. And it seems the NSA was outranked, at least in technical ability.

“A similar type of use of both exploits together in different computer worms, at around the same time, indicates that the Equation Group and the Stuxnet developers are either the same or working closely together.”

The Equation Group does not engage in indiscriminate attacks, but is instead a master of precise hacking.

While the Group’s malware is incredibly powerful, it wasn’t wielded indiscriminately, which further suggests a national power was in control. All software invented by the Group is incredibly selective of its targets, infecting only a few thousand machines globally and carefully monitoring each and every connection. The Group does not engage in spam attacks, but is instead a master of precise hacking.

Related: How the NSA can hide malware on your hard drive

But, despite our insistence that Kaspersky fill in a definitive link between the actions of Equation Group and the programs leaked by Edward Snowden from the NSA, Soumenkov was staunch in denying a direct link. While it appears the Equation Group and the NSA work together (likely, the former is a part of the latter), Kaspersky has no way to be certain of their affiliation.

“We do not make any attribution to the origins of the malware. We are not able to confirm the conclusions that journalists came up with,” Igor told us. “We worked on the technical analysis of the group’s malware, and we don’t have hard proof to attribute the Equation Group or speak of its origin.”

Snowden says what?

Though Igor was unwilling to name the rouge government agency as a culprit, outside research has divulged details that could potentially link the two agents in a more definitive fashion.

Namely, the several programs found in the Snowden documents (STRAITACID and STRAITSHOOTER) happen to bear a striking resemblance to a codename unearthed in the Group investigation, called STRAITBIZARRE .

STRAITBIZARRE, as those who follow the Snowden revelations might remember, was a key element in many of the programs and infection distribution webs that the NSA used to maintain their command and control networks. The software, developed by Digital Network Technologies, was a highly modular form of code that could be adapted for everything from delivering payloads onto iPhones to constructing encrypted channels for passing data between various branches of the surveillance division.

All three programs maintain similar goals in their implementation (intrusion and communication between infected machines), and even share many of the same core tenants of infrastructure that makes them work in the first place. That said, Igor was reticent to be the one who named names.

In the case of the Equation Group, it’s believed that STRAITBIZARRE was utilized to get the hard drive monitoring executable onto the hard drives of prospective targets, and once a successful drop was made, STRAITACID and STRAITSHOOTER handled all the communication between the corrupted drive and the Group’s home base.

Precision was possible after all

So why are journalists and analysts so eager to make the link between the Group and the NSA? Because, if true, it shows the NSA has opted to use mass surveillance to spy on every call and Internet search in the country simply because they could, not necessarily because they needed to. The actions of the Equation Group proves these blanket collection efforts didn’t need to be so broad, as there was already at least one specialized team dedicated to distributing digital smart-bombs with laser-like precision. The existence of the Equation Group shows that the NSA had other alternatives all along, and they actively chose to spy on everyone instead.

Related: Snowden warns to avoid Facebook, Google if you value privacy

The NSA has insisited it had to use a sledgehammer to catch the bad guys, when in reality a scalpel could’ve done the job just as well.

See, if you’re like me, much, if not all of what we’ve learned about the NSA over the course of the past two years has been enough to make your blood boil. First, they came for our phone records, then our emails. Next it was our texts, but somehow, even that wasn’t enough. They needed our search history, our Snapchats, anything we ever decided to do on the Internet was theirs for the taking, no matter how much money it cost to get there or how many technology companies they needed to compromise in the process.

The NSA has spent years in the wake of the leaks championing why it had to use a sledgehammer to catch the bad guys, when in reality a scalpel could have done the job just as well.

Should you be worried?

If there’s one thing we learned during our time with Somenkov which brings a slight sense of relief, it’s that Kaspersky is confident that because the malware is so complex, it’s unlikely the code will be used by others with ease. In all the research that Kaspersky collected over the past 12 months, its scientists concluded the threat of this malware spiraling out of control is close to zero.

And, in case you’re concerned that the Equation Group might have your machine in the crosshairs, you can use antivirus solutions provided by Kaspersky to detect the infection. “Kaspersky Lab products detect all known modules used by the Equation Group,” Igor said in closing.

Overall, while the Group’s achievements are impressive, we can’t act as though we’re surprised. Yes, the United States spies on people. We knew that already. And yes, maybe they haven’t gone about it in the most ethical manner. But it’s good to know that teams like the Equation Group are out there. They build the highly targeted malware we need, and prove a catch-all approach isn’t necessary.

The Group isn’t the problem. On the contrary, it’s the solution. The problem is the NSA’s refusal to rely on its precision and instead insist that blanket surveillance is necessary. Nations will always spy on each other, but spying on citizens is a greater sin, and one now known to be avoidable.

The views expressed here are solely those of the author and do not reflect the beliefs of Digital Trends.


Russia will ‘unplug’ from the internet as part of a cyber-defense test

Authorities across Russia are planning on unplugging the country from the global internet as part of a test of its cyber defenses. The disconnection will briefly keep all internet traffic inside the country.

These are the 6 best free antivirus apps to help protect your MacBook

Malware protection is more important than ever, even if you eschew Windows in favor of Apple's desktop platform. Thankfully, protecting your machine is as easy as choosing from the best free antivirus apps for Mac suites.
Home Theater

10 apocalyptic TV shows that make the end of civilization binge-worthy

There are plenty of ways civilization can get wiped out, and it can make for some great TV. Each of these series showcases a terrifying event that changes civilization as we know it. These are the best post-apocalyptic shows on TV.

These are the must-have games that every Xbox One owner needs

More than four years into its life span, Microsoft's latest console is finally coming into its own. From Cuphead to Halo 5, the best Xbox One games offer something for players of every type.

Opera web browser targets enhanced accessibility with major redesign

The browser wars are heating up. In the latest move for Opera, a new development release pushes it even closer to Chrome with a redesign and overall goal of redefining the modern web browser. 

Breaking: Amazon won’t build headquarters in New York in face of opposition

Amazon has canceled plans for a New York City headquarters afer citizens, civic groups, and politicians pushed back on Governor Andrew Cuomo and New York City Mayor Bill de Blasio's exclamation of economic joy over Amazon's earlier…

DLSS is finally arriving in games, but how does Nvidia's super-sampling actually work?

Nvidia's new DLSS technology is exciting, but what is it and how does it work? It's not quite anti-aliasing and it's not quite super sampling. It's a little bit of both and the end results can be impressive.

A new Mac Pro is supposedly coming in 2019, but what will it be like?

Our Mac Pro 2019 rumor roundup covers all the top news, leaks, and rumors about the new Mac Pro set to be announced sometime in 2019. Here's what Apple has said, what the experts think, and what's likely to show up with the new Mac Pro.

Take to the virtual skies with these free flight simulators

You don't have to spend the entirety of your paycheck to become a virtual ace, at least when it comes to flight simulation. Our list of the best free flight simulators will let you unleash your inner Maverick.

Wage war on a budget with these fun and free first-person shooters

We all know about Halo and Call of Duty by now, but what about quality titles that won't cost you upward of $60? Check out our picks for the best free first-person shooter games from Paladins to Quake Champions.

Enjoy Windows on a Chromebook with these great tips and tricks

If you want to push the functionality of your new Chromebook to another level, and Linux isn't really your deal, you can try installing Windows on a Chromebook. Here's how to do so in case you're looking to nab some Windows-only software.

Switch your WMA files for MP3s with our quick conversion tips

The WMA codec may be great when it comes to multi-channel surround sound, but unfortunately, it falters in terms of compatibility. Check out our guide on how to convert WMA files to MP3 via web-based or desktop methods.

Looking for a new laptop? These 5 notebooks are on sale through Presidents’ Day

If you're ready to ditch your aging notebook, you can score some fantastic Presidents' Day savings right now on Microsoft's Surface Pro 6, Dell's XPS 13, HP's Spectre x360, Lenovo's Yoga C930, and Dell's G5 15 Gaming laptops.
Virtual Reality

Getting into VR is spendy. Which headset is truly worth your hard-earned cash?

Virtual reality has finally gone mainstream, but how do you find the best VR headset for you? Check out a few of our favorites, whether you want the best of the best or a budget alternative for your mobile device.