Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 15 submissions in the queue.
posted by LaminatorX on Tuesday February 17 2015, @11:54AM   Printer-friendly
from the nothing-to-hide dept.

Dan Goodin of Ars Technica writes about a newly-discovered hacking platform recently revealed by Kaspersky.

They are labeling the operators 'Equation Group,' and multiple zero-day exploits in the malware kit appear to be related to those which were used by Stuxnet to hack Iran's Natanz nuclear facility in 2010. It is by far the most advanced malware ever discovered, going so far as to flash malicious firmware on the hard disks of no fewer than 12 vendors. Much of the malware was distributed through usual channels such as Java vulnerabilities or ad networks, but it was even found on CDs which were mailed to attendees of a conference in Houston in 2009 which were intercepted and modified to deliver the malicious payload.

The sophistication of the operations and the malware itself leave little doubt that Equation Group is is a state-sponsored organization. The scariest part of it might be that the operation is over 14 years old and unfortunately, much of the malware is yet to be reverse-engineered. Kaspersky has been reaching out to white hats for further assistance in determining the nature and capabilities of the software.

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 4, Interesting) by Kilo110 on Tuesday February 17 2015, @12:51PM

    by Kilo110 (2853) Subscriber Badge on Tuesday February 17 2015, @12:51PM (#146084)

    I got the same feeling while reading this as when I originally read the snowden leaks. It's not a good feeling.

    How does one even guard against this kind of stuff? I imagine stopping use of Windows is a good first step. But what then?

    Starting Score:    1  point
    Moderation   +2  
       Interesting=2, Total=2
    Extra 'Interesting' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   4  
  • (Score: 5, Informative) by pkrasimirov on Tuesday February 17 2015, @12:58PM

    by pkrasimirov (3358) Subscriber Badge on Tuesday February 17 2015, @12:58PM (#146087)

    And then you get hit by Intel AMT [wikipedia.org]. Linux won't help on that.

    • (Score: 3, Informative) by Anonymous Coward on Tuesday February 17 2015, @01:06PM

      by Anonymous Coward on Tuesday February 17 2015, @01:06PM (#146093)

      Also, if your hard drive is infected (and possibly already was before you got it), it will get control before you even decide what operating system to run. It can deliver arbitrary code to be run before the actual boot code. For example a blue pill. [wikipedia.org]

  • (Score: 2) by c0lo on Tuesday February 17 2015, @12:59PM

    by c0lo (156) Subscriber Badge on Tuesday February 17 2015, @12:59PM (#146088) Journal

    How does one even guard against this kind of stuff?

    Elementary, my dear Watson, use either:

    1. a pocket calculator; or
    2. a NSA computer
    --
    https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
    • (Score: 0) by Anonymous Coward on Tuesday February 17 2015, @04:56PM

      by Anonymous Coward on Tuesday February 17 2015, @04:56PM (#146177)

      Youll need to develope a HDD firewall.

  • (Score: 3, Interesting) by epitaxial on Tuesday February 17 2015, @02:56PM

    by epitaxial (3165) on Tuesday February 17 2015, @02:56PM (#146129)

    If you're that scared then try running non x86 hardware. Use an old UltraSparc with OpenBSD or an IBM Power desktop or Itanium running OpenVMS. At that point they'd have to write software unique to your configuration. Or go back to Smith Corona like the Russians.

  • (Score: 2) by Freeman on Tuesday February 17 2015, @05:28PM

    by Freeman (732) on Tuesday February 17 2015, @05:28PM (#146196) Journal

    Use one computer on the Internet. Keep another computer off the Network. Air Gap = Somewhat More Secure. At the least they don't have 24/7 access to your "secure" stuff. You can keep your computer up-to-date with Anti-Virus Updates and other Updates by Burning the Files to CD/DVD/Blu-Ray Disc. Sure, there could be "Ways" to get something off the computer that isn't connected to the Network, but most of those would require you to be a Specific Target. You're probably screwed no matter what, if you are a specific target and you have no idea they are coming.

    --
    Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"