On Monday, the Russian cybersecurity firm Kaspersky Lab published evidence of a group of powerful malware programs that can lurk on hard drives for years, virtually invisible and impervious to deletion. Kaspersky calls the people who made it the Equation Group, because it is designed around extremely complicated cryptography.
In its report, Kaspersky said that Equation Group malware was discovered on personal computers in 30 countries, including Iran, Russia, Pakistan, Afghanistan, and China. The group appeared to target agencies related to militaries and governments, plus banks, energy and aerospace researchers, telecom companies, and Islamic activists.
The Equation Group seems to be funded by a nation state, though Kaspersky didn’t say which one. Since the release of the report, though, the malware suite has been widely attributed to the NSA, and Kaspersky did say that the malware suite had connections with Stuxnet, which was created by the NSA.
The malware is spread using fairly typical approaches like distributing infected hard drives or CDs, and vulnerable hard drives include those made by Seagate, Western Digital, Samsung, Toshiba, and most other popular brands. Kaspersky’s lead researcher Costin Raiu told Reuters that the Equation Group would have needed the proprietary source code underlying the hard drives to find the exploits the malware uses to infiltrate and hide. He added that the NSA has access to this information.
The Equation Group probably isn’t targeting the data of anyone you know—the malware seems to be spying on highly sensitive information. Still, it’s useful to know what you can do to protect yourself. But unfortunately, there’s really only one approach. “The best way to get rid of it is to physically destroy the hard drive,” said Kaspersky researcher Igor Soumenkov in an interview with Mashable.
If you’re really worried about your secrets getting out, you’re going to have to take a hammer to your computer.