Subeditor needed!
"Kaspesky claims"
"platform they was developed"
Kaspersky malware probers have uncovered a new 'operating system'-like platform that was developed and used by the National Security Agency (NSA) in its Equation spying arsenal. The EquationDrug or Equestre platform is used to deploy 116 modules to target computers that can siphon data and spy on victims. "It's important to …
Indeed.
The more interesting part is that they are now coming out with a "busted espionage suite" announcement once a month. Reverse engineering and analyzing a trojan like this takes considerable resources. Additionally, it is not something prevalent in the wild, you need to get samples from target machines. Most of these are from classified installations - you are not getting that without a collab agreement.
I smell money and I smell collaboration with interesting institutions they did not have before. This starts to get interesting and frankly, in a battle of nefariousness between Fort Meade or Glocester and Novosibirsk, I would bet on Novosibirks (or Kaluga, or Donetsk, or wherever around there). Anything else aside the salaries you get doing (anti)malware in any of the latter locations have significantly higher buying power due to the lower relative living standard so they can attract appropriate talent too. One that would not work for the equivalent of a 19k junior analyst job (actual GCSA number as advertised on el reg).
Popcorn, please. This will be worth watching.
"Reverse engineering and analyzing a trojan like this takes considerable resources. Additionally, it is not something prevalent in the wild, you need to get samples from target machines. Most of these are from classified installations - you are not getting that without a collab agreement."
It's Kaspersky. Do you really think the FSB isn't feeding them samples & money, if not expertise?
It's Kaspersky. Do you really think the FSB isn't feeding them samples & money, if not expertise?
It's a shame you haven't met Eugene Kaspersky himself, the guy is a pretty straight player (which is smart, because if you start favouring one club, the other club gets pissed off even more).
These guys DO have the resources, internally, and they've had them for years. The reason you get so much official spyware uncloaked is because there is precious little new left to do in the PC world, but an almost desperate search by governments to still find something that stays under the radar.
(all IMHO of course - this world is too shadowy to ever know things for sure, but this is my assessment).
I'll take a guess... management run Windows (evidenced by all those leaked PPT slides) and the techies are forced to use a clunky locked-down Linux distro that doesn't have all the latest security patches, let alone patches for the secret vulns NSA created/discovered. This is a government agency we're talking about.
"I'd be interested to know if internally they run Linux or the *BSDs for their own classified systems and what changes they've made to the kernel code. If these guys are this good they've probably made something virtually bullet proof."
I'd take a bet the opposite is true. The cobbler's kids are invariably the ones with no shoes.
I have always wondered about these announcements. Does Kaspersky/whoever add a rule to their virus/malware database to get rid of these things if found? I can't imagine the government would openly acknowledge the existence of the software and say "don't delete it, it helps us catch ne'er do wells" but at the same time they could lean on the anti-virus companies to produce a fake certificate that merely pretends to clean an infected system "for national security"
This post has been deleted by its author
Yeah, because in a theoretical future where even just 25% of workstations run (say, Linux), the NSA will just go "Oh well, we had a good run" and give up.
True, but given the Windows centric bent of those module listings I'd be happier to make more work for them than offer it up on a plate.
To anyone who says "Why would they be interested in you?" I offer "Who knows who they are interested in, it seems like they want to tap everything everywhere?". Mass surveillance is, after all, designed to prevent you getting any big ideas on non-conformity.
"Linux would be more fun, all the backdoors they could sneak into open source code."
Yes, it is very easy to put in backdoors if you have the source code. I have no doubt that the NSA has the source code for Windows. The flip side however is that if *everyone* has access to the source code, such backdoors are likely to be found PDQ as well, which would spell the rapid death of any distro they are found in.
We will never know whether heartbleed was an honest mistake or a vulnerability. NSA can (and probably is) inserting vulnerabilities in lots of open source stuff that can reasonably be explained away as mistakes.
Some of these will sit in the code for years until they are found. Open source has some serious weaknesses.
Check out: https://www.youtube.com/watch?v=fwcl17Q0bpk
And remember that this is from BEFORE heartbleed and some other major vulnerabilities in openssl were found. It's almost prophetic :)
>>Now the bad guys will be removing useful programs to deter crime. We certainly do not want to help the bad guys. With Russia's brutal and unacceptable imperialistic actions of recent days, we may soon learn about some of their spyware.
ProTip: They are ALL bad guys.
I've always wondered if it would be possible to a Hypervisor to produce a more advanced version of this. Wouldn't be all that difficult now that pretty much every processor supports the virtualization extensions and they can be turned on by way of UEFI. Just spoof the device IDs to the guest and re-direct all of the systems peripherals and you could get a very difficult to detect rootkit that can access whatever it wants.
The problem is when you give a group of people this much power ... the ability to snoop anywhere on anyone and not get caught ... you've given them everything. No one, not Parliament, not Congress, not the President, not the courts, dares to defy them because they control the architecture of everything that matters. They can destroy, they can promote, they can reveal, they can hide. You're now a slave.
But who are "they"? Yes, now it gets really interesting because supreme power lies in a shadowy underworld. No one knows, and no one can know what or where the real levers of power are.
You would think the politicians, the powermongers par excellance, would have thought of this and would have done something to stop it. I believe they have thought of it. I believe they know the only way to stop it is to shut off the money, but you hear few if any politicians proposing to do that. Because, well, you catch my drift?
Software QA, used to be does the software do what it is supposed to do, properly and every time. Now the QA dept. has to do de-bugging and check for software security. Usually by Monday morning, so that the Manufacturing dept. can boot it up first thing ie., install, patch whatever.