Egyptian government institutions may have lost information to spies, according to a new report by the Russian cybersecurity firm Kaspersky Lab. It has found evidence of surveillance in more than 30 countries around the globe, including Iran, Pakistan, China, Russia, Egypt and Afghanistan. The Russian firm presented its findings in Mexico last week. The findings drew parallels between the spyware implants investigated in the report and techniques used in Stuxnet, a computer worm that disabled around 1,000 centrifuges in Iran's nuclear programme back in 2010. The Stuxnet programme was operated by Israel and the US, according to reports in the New York Times. Multiple media outlets around the globe have drawn the conclusion that the United States's National Security Agency (NSA) is also behind the Equation Group, the Kaspersky Lab's name for the new group of spyware implants. The media department at Kaspersky Lab explained to the Weekly that the firm has not been able to determine the spyware's origin and does not want to reveal additional information to the press. However, this has not stopped speculation that the NSA may be involved. An unnamed NSA employee reportedly told Reuters that Kaspersky's analysis is correct, and that people in the NSA value these spying programmes as much as Stuxnet. Kaspersky Lab told the Weekly that military institutions in Egypt and some other organisations inside the country were among the victims of the spyware, but did not clarify what had been targeted. The report states that Egypt is among medium-affected countries, with Russia, Iran, Pakistan, Afghanistan, India, China, Syria and Mali all being targeted more than Egypt. Specific targets included government and military institutions, telecommunication companies, banks, energy companies, nuclear researchers, the media and Islamist activists. Equation Group is the name used by Kaspersky Lab for seven different spy systems. These reportedly infect the codes operating the hard discs of computers and have been found in products made by Samsung, Western Digital, Seagate, Maxtor, Toshiba and Hitachi. The companies have either denied knowledge of the spyware or have declined to comment, according to media outlets. According to the New York Times, Kaspersky Lab's founder, Eugene Kaspersky, explained in Mexico that some of the implants were buried so deeply in computer systems that they prep the hardware before the operating systems start. This makes it almost impossible for antivirus systems and security controls to detect them, and many of the tools can work on computers even when they are not connected to the Internet. As the systems infiltrate the computers, the attackers can hide from antivirus programmes and even obtain information from a hard drive after it has been wiped. “If the malware gets into the hardware, it is able to resurrect itself forever,” Costin Raiu, a Kaspersky threat researcher, said in the report, according to the New York Times. “It means that we are practically blind and cannot detect hard drives that have been infected with this malware,” he said. Speaking in Mexico, Kaspersky said that the Equation Group has been infecting computers since 2001, and some such infections could be ongoing. The report comes after widespread and substantive reports of NSA spying activities. In June 2013, whistle-blower Edward Snowden revealed that the agency had been spying on private communications on the Internet and phones. Among individuals targeted were foreign leaders and politicians. The NSA has declined to comment on the new accusations, according to Reuters. While reports on NSA activities continue to emerge, Kaspersky Lab says it is trying to contact parties affected by the recently discovered Equation Group spy systems. The writer is a freelance journalist.
