‘By no means definite NSA behind 'Equation Group' attacks’

Reuters / Sergei Karpukhin
There are compelling similarities in terms of the modules and naming of previous cyber-attacks attributed to the NSA, and in the latest attacks revealed by Kaspersky Lab, internet security analyst Marc Rogers told RT.

Russian security software maker Kaspersky Lab said in a report released Monday that it’s been monitoring a group of hackers who have attacked government and military institutions since 2001 and have used tools similar to those of the NSA.

RT:People have made a link between the NSA and these revelations. Should we really be surprised?

Marc Rogers: I don’t think so. If you look at the earlier attacks that were attributed to the NSA in that part of the world, Stuxnet for example, it is pretty clear that something that sophisticated did not come out of a vacuum. There must have been earlier iterations and other things. And this looks to be an earlier iteration of this exact type of attack. There are very compelling similarities in terms of the modules and in terms of the naming. It is by no means definitive that it was the NSA behind it. But it certainly looks interesting.

READ MORE: ‘Equation Group’ hackers attacked 30+ nations with NSA-style tech

RT:What is the hackers’ main purpose behind the recent attack?

MR: I think it is pretty clear it is intelligence gathering. From the looks of it these guys had distributed this malware pretty far and wide but they tailored it so it only became active when it hit the machines they were really interested in. So I think these guys were looking to distribute something that would spread all over the world, and whenever it found someone that they were interested in, it would then activate and start providing intelligence.

RT:The hack targeted not only financial systems but also government and military facilities around the world. What was the particular aim behind hacking these kinds of institutions?

MR: I think it depends on each individual target. For example in terms of science they are going to be looking at innovation, things like cryptography that may be making it difficult for them to analyze stuff. They were definitely targeting nuclear scientists with some of their other stuff keeping an eye on the nuclear programs that was going on in those countries. And also keeping an eye on people I think they considered to be of interest, who might be either intelligence assets or people who might be working on projects that they were interested in.

RT:It sounds a little bit like science fiction, should ordinary people be worried about this surveillance operation?

MR: I don't thinks so. Certainly not with this particular attack because they were careful to put in controls that only made it become active when they hit someone they were interested in. But what was concerning to me was they did not limit the way it was distributed. So it was actually spreading everywhere. In fact it was increasing at a rate; I think they said something around 2,000 new infections a month. So that is quite substantial. And when a weapon like this is kind of spreading wholesale, that I think is some cause for concern. I don't think that an average consumer should get out of bed and panic about this, but it is certainly something where people should be saying – hey you guys better work to keep this stuff in check.

RT:How come this spying operation was discovered after 14 years?

MR: I think, unfortunately it is kind of a testament to the fact that we only just started to get good at capturing some of this more advanced threats. Traditionally our anti-spy systems work based on signatures. Both signatures are taken from the malware that we caught. So it is kind of a chicken and egg scenario. You have to have it in order to create a signature for it and without that signature, you can't catch it. But these days the anti-virus companies are getting better at scanning these new threats and coming up with techniques at catching things, they don't have signatures for. And this led us to catching this.

The statements, views and opinions expressed in this column are solely those of the author and do not necessarily represent those of RT.