It is widely known that the National Security Agency houses an impressive cyber force with the capacity to bypass the digital defenses of private individuals, enterprises, and even foreign governments – a force powerful enough to draw criticism from the American public and American allies. A recent report from Russian researchers has provided more specific information vis-à-vis the technical capabilities of NSA.
Kaspersky Lab, a software security maker based in Moscow, published a report titled Equation Group: Questions and Answers on February 16th. The report identifies a cyber force – dubbed The Equation Group – that “is probably one of the most sophisticated cyber attack groups in the world.” The group has been engaged in cyber espionage for more than a decade, and it has several signature malware platforms in its arsenal.
Analysis of infections associated with The Equation Group revealed that most victims are located within Iran, Pakistan, Russia, Afghanistan, China, India, or Mali. Victims typically are governmental, financial, and security organizations. The Kaspersky report also indicates that Stuxnet is likely attributable to The Equation Group.
Although Equation Group: Questions and Answers stops short of identifying NSA, it does not take an expert to recognize the agency as a likely suspect. According to Reuters, a former NSA employee confirmed the hypothesis that the NSA is behind the Equation Group, and the employee confirmed that the spying programs in the report are extremely valuable to the agency.
Some of the technical analysis offered by the report could help enterprises identify the presence of malware deployed by The Equation Group, which could undermine the NSA’s cyber espionage efforts abroad. It remains to be seen whether this report could also lead to more negative attention from the media for the agency.