'Equation Group' spyware highly effective, culprit hard to identify
A recently-discovered spying software hidden in computers around the world which targets foreign governments and financial institutions is sophisticated enough to get virtually all types of information, without exactly knowing who the culprit is, experts have told Sputnik.
"You can get pretty much anything [with the spying software], it's a highly effective, highly specialized program that's been running for years and we're only just finding out about it," Principal Security Researcher at CloudFlare Marc Rogers told Sputnik on Tuesday.
"This is potentially a joint program with different groups working together and much in the same way that malware authors share their code," Rogers explained.
Earlier in the week Kaspersky Lab, a Moscow-based antivirus Internet security software company, discovered that the spying software operated by a hacker group that they call the "Equation Group" has infected over 500 computers in over 30 countries including Iran, Russia, Pakistan, China, Syria and Afghanistan.
Kaspersky Lab did not link the Equation Group to any country, but indicated that there were links between the recently found malware and Stuxnet, a worm, allegedly used by the US National Security Agency (NSA) to infiltrate the Iranian nuclear reactor systems in 2010.
The US National Security Agency has been under scrutiny since 2013, following NSA whistleblower Edward Snowden's revelations of the agency's massive surveillance programs operating without a warrant and its sifting through databases in search of information on private US and foreign citizens, as well as that of leaders of allied countries.
"On something like this [Kaspersky Lab having identified spying software] there's never a chance that you're going to get a hundred percent attribution," Malware Research Analyst at Tenable Network Security Kenneth Bechtel told Sputnik on Tuesday.
"You're going to get some indicators, you're going to have some collateral evidence, something that points this way and points that way…but we can never be 100 percent sure," Bechtel added, mentioning, however, that he does not think small groups have the capabilities and the expertise to carry out such operations.
"It would have to be someone with backing and dedicated programmers, quality assurance, the whole nine yards," the analyst said.
According to Kaspersky Lab, the victims of the spying software are primarily members of governments, telecommunications, energy field, nuclear research, Islamic activists, financial institutions and cryptography companies.
The experts told Sputnik that the spying software has likely been around for up to ten years, but only now researchers were finally able to detect it, which means more such viruses could still be out there.
"There have probably been threats like this around for at least a decade," Rogers said, explaining that "antivirus companies have evolved now and they've gone to a point where they're able to detect these previously unknown threats using new techniques", which has led to the new spyware discoveries.
Rogers predicted that researchers are bound to find new spying software programs in the coming months and years.