US going nuclear on cyber warfare with dedicated Manhattan Project

23 Feb 2015

Kaspersky Lab has uncovered an advanced hacking group, allegedly within the US National Security Agency (NSA), that has been arming the US’ cyber arsenal to better attack in future.

Similar to the original Manhattan Project, which gathered the best scientists around and saw the western superpower develop the world’s first ever atomic bomb at the close of WWII, again the US is working behind the scenes to strengthen it’s defences by increasing its attacking capabilities.

Kaspersky last week reported on a whole suite of majorly advanced Trojans linked back to the ‘Equation Group’ – which could merely be a wing of NSA – which is far more sophisticated than anyone could have expected.

Tracing its origins back as far as 2001 (and alluding that it could go as far back as 1996), Kaspersky found numerous pieces of malware, some powerful enough to reprogramme the hard drive firmware of over a dozen different hard drive brands, including Seagate, Western Digital, Toshiba, Maxtor and IBM.

“This is an astonishing technical accomplishment and is testament to the group’s abilities,” says Kaspersky. Marrying into Microsoft updates or distributed via innocent but targetted USB sticks, the projects had until now remained secret as they were very slowly and cautiously rolled out.

Indeed they were only discovered by Kaspersky’s detailed investigations of Stuxnet, announcing to the world its discoveries at the company’s annual summit in Mexico last week.

Slowly, slowly catchy monkey

The Equation Group’s suite of tools can begin to infect machines in very clandestine ways. “In the first stage,” explains Kevin Poulsen in Wired, “the agency might compromise a web forum or an ad network and use it to serve a simple ‘validator’ backdoor to potential targets.”

From here the Trojan establishes if the machine is of interest or not. Then a more sophisticated piece of malware comes into play, and it’s incredibly advanced. Indeed, Kaspersky has never seen the likes before.

“It uses a well-engineered piece of software called a bootkit to control the operating system from the ground up,” says Poulsen. “It hides itself encrypted in the Windows registry, so that anti-virus software can’t find it on the computer’s disk. It carves out its own virtual file system on your machine to store data for exfiltration.”

It can update itself, can encorporate many plug-ins, it can even self destruct if needed.

“The group is unique almost in every aspect of their activities,” Kaspersky concludes. “They use tools that are very complicated and expensive to develop, in order to infect victims, retrieve data, and hide activity in an outstandingly professional way.”

Indeed last week’s original announcement of this group suggested its immense power, but these details still catch the eye.

“What is America’s overarching strategy to protect ourselves from the rapidly emerging technological threats we face?” asked Marc Goodman in a Medium article last month as he called for action on cyber threats.

“We simply do not have one — a serious problem we may live to regret,” he mused. But now we know…

Manhattan Project‘s first atomic bomb explosion image, via Shutterstock

Gordon Hunt was a journalist with Silicon Republic

editorial@siliconrepublic.com