Tag Archives: Stuxnet

Advanced Cybercrime Gang ‘Equation’ Closely Linked to NSA

Malware Targeted Foreign Industry, Governments

by Jason Ditz, February 16, 2015

Over the weekend, it was reported that the NSA was scrambling to get ready for a new “leak” about their operations, which was uncovered by a “non-US” cybersecurity company. Today, Russian-based Kaspersky Labs unveiled a huge cache of information about a cybercriminal gang they are calling “Equation,” and which appears to be tightly connected to the NSA itself.

Kaspersky Labs released a 44-page report on Equation (pdf), which describes the group’s suite of malware, used to steal information from industries, corporations, governments, and even some individuals, as the most advanced on the planet.

Indeed, Equation’s malware is so successful and so hard to detect, that Kaspersky believes they’ve been in existence since 2001, or possibly as far back as 1996, and they are only now getting a glimpse into their existence.

Equation’s suite is said to be extremely modular, with initial Trojans being installed simply to see if the targeted computer’s user might be of interest, and if so depositing payloads of highly advanced software into the operation system, which is almost impossible to detect.

Though Kaspersky Labs declined to conclusively link them to the NSA in the report, the connection is impossible to deny, as the early Equation worms appear to be the basis for the Stuxnet worm, which US officials have openly admitted was government handiwork.

Equation’s delivery system also appears to have relied on it being quasi-governmental in some cases, intercepting shipments of commercial software being sent to potential targets of interest and replacing the installation CDs with infected alternatives. Kaspersky had examples of infected Oracle software CDs that were apparently created by Equation and delivered to customers instead of the actual CDs.

The malware identified infects Windows systems, and appears to successfully target all known modern versions of the Microsoft operating system. The report also notes some of the malware makes reference to Macintosh OSX versions of the malware, though none has yet been conclusively seen in the wild.

The malware embeds itself within the operating system, the registry, and into the firmware of the physical hard drives themselves, making it virtually impossible to detect and similarly difficult to remove. The use of hard drive firmware as a method of attack by the NSA had been previously reported, but the sophistication of the attacks are surprising many.

Is the Stuxnet Leaker A Snowden or a Spy?

Cathy-ReisenwitzCBS News is reporting that a retired U.S. Marine, Gen. James Cartwright, is being investigated for leaking information regarding the 2010 cyberattack on Iran’s nuclear facilities involving the Stuxnet computer virus, which Wired described as “world’s first real cyberweapon.” But as the Obama administrations continues its war on whistleblowers, it’s time to call into question why informing citizens of what their government is doing is considered a crime.

The Stuxnet virus was created and deployed, most believe by the U.S. and Israel, with the intention of disrupting 1,000 Iranian nuclear centrifuges.


The New York Times, and subsequently other newspapers, published extensive details about the attack and the Obama administration acted swiftly, launching a leak investigation to determine who provided the secret information.

Most would agree that the U.S. government has the right to hold some information secret in the name of national security. However, oversight is essential to keeping government activity within its constitutional bounds. This is impossible when no one knows what the government does, including Congress. As the spying scandals revealed by leaker Edward Snowden brought to light, the NSA has repeatedly lied to Congress about the scope of its surveillance.

Some will say, as House Minority Leader Nancy Pelosi, D-Calif., and Rep. Paul Ryan, R-Wis. have said of Snowden, that leakers should be prosecuted because they broke the law. But if distributing information considered secret or confidential without the permission of the holder of the information is unlawful, all government whistleblowers break the law.

Prosecuting whistleblowers is a massive threat to transparency, and therefore to limited government. As such, the burden of proof should be on the government to demonstrate how revealing the details of Stuxnet, after its release, harmed national security.

*Contributor’s views are those of their own.