Wednesday, February 18, 2015

A Manhattan Project for Cybersecurity: Invocation of the Legendary Programs

""A Google search on “cyber Manhattan Project” brings up results from as far back as 1997—it’s second only to “electronic Pearl Harbor” in computer-themed World War II allusions. In a much-circulated post on Medium last month, futurist Marc Goodman sets out what such a project would accomplish. “This Manhattan Project would help generate the associated tools we need to protect ourselves, including more robust, secure, and privacy-enhanced operating systems,” Goodman writes. “Through its research, it would also design and produce software and hardware that were self-healing and vastly more resistant to attack and resilient to failure than anything available today.”
These arguments have so far not swayed a sitting American president. Sure, President Obama mentioned cybersecurity at the State of the Union, but his proposal not only doesn’t boost security research and development, it potentially criminalizes it. At the White House’s cybersecurity summit last week, Obama told Silicon Valley bigwigs that he understood the hacking problem well—“We all know what we need to do. We have to build stronger defenses and disrupt more attacks”—but his prescription this time was a tepid executive order aimed at improving information sharing between the government and industry. Those hoping for something more Rooseveltian must have been disappointed.
On Monday, we finally learned the truth of it. America already has a computer security Manhattan Project. We’ve had it since at least 2001. Like the original, it has been highly classified, spawned huge technological advances in secret, and drawn some of the best minds in the country. We didn’t recognize it before because the project is not aimed at defense, as advocates hoped. Instead, like the original, America’s cyber Manhattan Project is purely offensive.
This revelation came by way of the Russia-based anti-virus company Kaspersky. At a conference in Cancun this week, Kaspersky researchers detailed the activities of a computer espionage outfit it calls the “Equation Group,” which, we can fairly surmise from previous leaks, is actually the NSA’s Tailored Access Operations unit. NSA’s cyber capabilities have been broadly known since the German news magazine Der Spiegel published a leaked 50-page catalog of NSA spy gear and malware in late 2013. But the one-page catalog descriptions didn’t convey the full flavor of the NSA’s technology. For that, somebody had to actually get their hands on that technology—capture it in the wild—and take it apart piece by piece, which is what Kaspersky did.
The result is impressive. The company has linked six different families of malware—“implants,” as the NSA calls them—to the Equation Group, the oldest of which has been kicking around since 2001. The malware has stayed below the radar in part because the NSA deploys it in limited, cautious stages. In the first stage, the agency might compromise a web forum or an ad network and use it to serve a simple “validator” backdoor to potential targets. That validator checks every newly infected computer to see if it’s of interest to the NSA. If not, it quietly removes itself, and nobody is the wiser.
Only if the computer is a target of interest to the NSA does the validator take the next step and load a more sophisticated implant from a stealth NSA website like or That’s where it gets interesting. The top tier of NSA malware discovered by Kaspersky is a generation ahead of anything previously reported in the wild. It uses a well-engineered piece of software called a bootkit to control the operating system from the ground up. It hides itself encrypted in the Windows registry, so that anti-virus software can’t find it on the computer’s disk. It carves out its own virtual file system on your machine to store data for exfiltration.
There are update mechanisms, dozens of plug-ins, a self-destruct function, massive code obfuscation, hundreds of fake websites to serve as command-and-control. One of the NSA’s malware plug-ins can even reprogram your hard drive’s firmware, allowing the implant to survive a complete disk wipe—a feat that’s been demonstrated by computer scientists under laboratory conditions but never before seen in the wild. “The group is unique almost in every aspect of their activities,” Kaspersky concludes. “They use tools that are very complicated and expensive to develop, in order to infect victims, retrieve data, and hide activity in an outstandingly professional way.”"

Registry Continues:
Post a Comment

All My Verses Chemistry 4 Conscious Eggs ********* ALCHemYEGG AUMniVERSE