The only solution to the Equation Group is destroying your hard drive

 

The sophisticated malware and spyware used by the Equation Group — the scary-sounding cyberespionage operation exposed this week — is almost impossible to detect and even more difficult to destroy.

Kaspersky Lab, a Russian cybersecurity software maker and researcher, on Monday revealed the cyberattack operation that has infected computers globally. The NSA is almost certainly the creator of the program, which has hit government, military and utility targets in more than 30 countries.

So what is the best way to combat it?

"The best way to get rid of it is to physically destroy the hard drive," Igor Soumenkov, principal security research at Kaspersky, told Mashable.

The spyware buries itself so deep in a hard drive that even flushing the drive clean and reinstalling everything would not get rid of it. It affects the hard drives of all major manufacturers: Maxtor, Seagate, Western Digital and Samsung.

If a hard drive has the spyware embedded deep inside it, the owner is almost certainly unaware of it. The Equation Group uses at least six malware platforms, and only a highly skilled cybersecurity expert would be able to detect them. The Equation Group can infect Windows devices, some non-Windows software, hard drive firmware and even hardware, such as USB sticks or CDs.

Kaspersky Lab researchers spent two weeks attempting to crack just one cryptographic element, trying more than 300 billion guesses every second, according to Ars Technica. It was not until they crowdsourced the operation — on Twitter — that some ace password crackers were able to decode an encrypted string.

Kaspersky does not come out and say that the NSA is behind the program, but it is closely related to U.S.-developed Stuxnet, and news reports have backed up the theory. 

Do I, regular person, need to be worried about this?

That depends on how you look at it.

On the one hand, the attackers were highly precise — even "surgical," as Kaspersky's report puts it — in selecting their targets. Most of the targets are government institutions, telecommunications companies, research groups and other official organizations. There are at least 500 victims worldwide in more than 30 countries, including Russia, Afghanistan, India and China.

 

 A global map of victims of the Equation group's cyberwarfare operations.

In other words, the NSA is most likely using this as a means for international espionage, not to spy on your Amazon purchases.

At the same time, "technology democratizes," as security expert Bruce Schneier says.

"Everyone has to worry about this," Schneier says. "These techniques are used by other governments. And they will be used by criminals." 

The cyberattacks can come in physical forms. The Equation Group's malware has been distributed, in part, using physical CDs and flash drives. The Kaspersky report notes that people who attended a science conference in Houston, for example, received a copy of the conference proceedings on a CD in the mail after returning home. At some point, an interloper had installed Equation malware called Doublefantasy on the discs. By running the CDs on their computers, the victims had no idea they were permanently compromising their machines.

Sorting through it all

So what does this all mean? For one, the NSA is super good at hacking into things. But maybe in some way, however tiny, the NSA has a conscience.

"It's exploiting existing vulnerabilities," Schneier wrote on his blog. "In the overall scheme of things, this is much less disruptive to Internet security than deliberately inserting vulnerabilities that leave everyone insecure."

Some experts are still hesitant to point the figure at the NSA, which has faced a public relations nightmare ever since Edward Snowden exposed its mass surveillance of both U.S. citizens and people across the globe. The NSA has not commented on the reports.

No matter who did this, it is clear that the only way to keep precious information completely safe is to avoid using USB sticks, CDs or the Internet. Of course, we don't live in a fantasy land.

Researchers have dubbed the Equation Group the "Death Star of the Malware Galaxy." The moniker suggests that

this is the pinnacle of cyberthreats

this is the pinnacle of cyberthreats. And unlike the actual Death Star, there probably isn't a small opening that can make the whole thing explode. The Equation Group is much stronger than that.

As Ars Technica's Dan Goodin put it, the Equation Group is a "never-before-seen engineering marvel" that is able to create a "secret storage vault that survived military-grade disk wiping."

But it is out in the open now. And that, at the very least, is the first step to figuring out what to do next.

"The hope is that companies will develop techniques," Schneier said. "Now that these techniques are becoming public, the antivirus companies will be pressured to figure out how to detect and defend against it."