Revelation of Secret Spyware Could Hamper US Espionage Efforts

February 21, 2015

WASHINGTON — The revelation of secret technology that buries spyware into computer hard drives could be a blow to espionage efforts by the U.S. National Security Agency, intelligence analysts say.

Kaspersky Lab, a Moscow-based security software manufacturer, recently reported it found computers in 30 nations infected with spying programs.

The nations include Iran, Russia, Pakistan, Afghanistan and China. The targets included government and military institutions, as well as telecommunications companies, banks, energy companies and nuclear researchers, Kaspersky said in its report.

Kaspersky Lab has revealed Western cyber-espionage operations in the past.

The company did not publicly identify the country behind the spying campaign, saying the malware had been placed by what it called the “Equation Group.”

However, Western news organizations reported this was a thinly veiled reference to the U.S. National Security Agency.  The NSA is the leading U.S. agency responsible for gathering electronic intelligence.

Paul Rosenzweig, an expert on information technology and a visiting fellow at the Heritage Foundation, said the report would compromise NSA’s mission.

“This will significantly disrupt ongoing activity and will harm foreign intelligence gathering,” said Rosenzweig. “This is part and parcel of a foreign campaign to delegitimize NSA.”

A spokeswoman for the NSA said the agency was aware of the Kaspersky report, but would not comment on it publicly.

Kaspersky said the spying campaign is closely linked to Stuxnet, a cyber-weapon that attacked Iran’s nuclear enrichment program. Kaspersky and many other cyber-espionage experts say Stuxnet was run by the U.S. and Israel.

A former NSA employee told Reuters that Kaspersky’s analysis was correct and that people still in the spy agency valued these espionage programs as highly as Stuxnet.

Kaspersky’s report said the ability to hide spying software deep within hard drives gives the agency the ability to eavesdrop on the majority of the world’s computers.

The report said thousands, or perhaps tens of thousands of computers have been infected since 2001. The malware is beyond the reach of most security controls and antivirus products, Kaspersky said, making it nearly impossible to identify.

“It means that we are practically blind and cannot detect hard drives that have been infected by this malware,” said Costin Raiu, a lead researcher for Kaspersky.

“Is anybody safe anymore?” That was the reaction to the report by Bill Supernor, the chief technology officer for KoolSpan, a U.S. company providing secure voice and text systems for mobile phones.

KoolSpan sells more products overseas than in the U.S. “Customers already suspicious of U.S. products will now be even more concerned that firms have been compromised,” Supernor said. “If this is the U.S. doing this to our adversaries we are seriously shooting ourselves in the foot,” he said.

The Kaspersky report said the Equation Group used a variety of means to spread spy programs. They included compromising jihadi websites, infecting USB sticks and CDs, and developing computer worms.

George Smith, a senior fellow at, said the report represented “a black eye for the U.S. government because it undermines trust on the global networks.”

“It makes it hard to argue for proper rules of conduct in cyber space because there are now no boundaries,” Smith said.

U.S. President Barack Obama discussed cyberattacks in general terms in a recent interview with Re/code, an online computer industry publication.

“This is more like basketball than football, in the sense that there’s no clear line between offense and defense,” said Obama. “Things are going back and forth all the time.”