Why the ‘Equation Group’ Spying Program Should Make Us Proud

If, of course, it was the NSA

The NSA is a reviled institution for their contemporary spying practices. If only they stuck to their old guns. (Photo: Getty)
The NSA is a reviled institution for their contemporary spying practices. If only they stuck to their old guns. (Photo: Getty)

Learning about NSA spying programs is generally terrifying. Still to this day, Glenn Greenwald is trickling out leaked information from the Snowden revelations, and just today, Al Jazeera announced that they have major NSA news on the way.

But every once in a while, the U.S. government reminds us that it can totally nail it in terms of running a spy program.

Earlier this week, the world learned of the godfather of cyber-espionage programs. The ‘Equation Group,’ as its discoverer Kaspersky Labs calls it, is sort of an Illuminati Death Star puppeteer of spy programs two decades old and almost certainly run by the NSA.

So why shouldn’t we be reviled that the U.S. government could possibly run such a pervasive and persistent surveillance program? Well, given that the U.S. will almost always run some sort of spy program, there are three main reasons why this is exactly the kind of program the NSA should be running, instead of the broad domestic surveillance they’ve developed in recent years:

1. It’s targeted surveillance

The thing most people hate about the NSA isn’t just that it operates in secret, or that they have so much influence over our foreign affairs, but that they manage to sweep up millions of innocent Americans in their surveillance programs.

But the malware created by the Equation Group targets individual computers and networks, and is often hand delivered to targets the group has already deemed interesting targets. From what Kaspersky labs could determine, only a few individuals were targeted by the Equation Group’s attacks.

“The Equation group uses several malware platforms to conduct highly targeted cyber-espionage attacks,” Costin Raiu, Director of the Global Research and Analysis Team at Kaspersky Lab, told the Observer. “I would even say that the attackers work with a surgical precision.”

As American cryptographer Bruce Schneier wrote in his popular cybersecurity blog last week, we’ve come to regard the NSA as over-reaching because in order to run a broad operation, it requires us all to give up a little bit of our security. The Equation Group was focused on severely penetrating and undermining a few powerful targets, not chipping away at as many parties as possible.

“[I]t’s the sort of thing we want the NSA to do,” Mr. Schneier wrote. “It’s targeted. It’s exploiting existing vulnerabilities. In the overall scheme of things, this is much less disruptive to Internet security than deliberately inserting vulnerabilities that leave everyone insecure.”

2. The target isn’t us

Whether or not you think that the U.S. government should be conducting surveillance operations at all, most of us can agree on one thing: We don’t want them surveilling any and every innocent American they can.

According to Kaspersky’s sample of infected hard drives, it seems that the Equation Group was focused mainly on targets that are key to America’s foreign interests—namely Iran, Russia, Pakistan, China, Syria and Afghanistan. The U.S., by comparison, had a low rate of malware infection.

The 500+ hard drives found by Kaspersky to be compromised by the equasion group were found in 30 different countries. (Photo: Kaspersky)
The victim map was constructed from a sample of over 500 compromised hard drives. (Photo: Kaspersky)

And unlike the way our Defense Department uses drones to visibly monitor civilian populations in the Middle East, the Equation Group’s targets were mostly in fields relevant to national security interests, like infrastructure and research. Here’s the list Kaspersky gave us of the variety of targets:

  • Governments and diplomatic institutions
  • Telecommunication
  • Aerospace
  • Energy
  • Nuclear research
  • Oil and gas
  • Military
  • Nanotechnology
  • Islamic activists and scholars
  • Mass media
  • Transportation
  • Financial institutions
  • Companies developing cryptographic technologies

“As we understand, only a few individuals were targeted,” Mr. Raiu said.

3. It’s the project we always wanted

As Wired pointed out last week, we’ve been clamoring for a so-called “Manhattan Project for cybersecurity.” Well, if that’s what we wanted, this might have been it.

While the President has been totally unable to articulate any clear, effective plan to counter future cyber-threats, the Equation Group has been running an effective offense for almost two decades, representing some of the most sophisticated surveillance programs we’ve ever seen.

From Wired:

The US has made the strategic choice to put its resources into engineering better attack tools and an infrastructure to support them. In a way it’s a smart choice. It’s a truism that the cyber battlefield is asymmetric—a defender has to get it right every time, while an attacker only has to succeed once. If the US spends a billion dollars in cyber defense, it will still be vulnerable. But spend it on cyber attack, and you get the most advanced computer espionage and sabotage tools that history has ever seen. It all makes sense in a 1970s Rand-Corporation-nuclear-game-theory kind of way.

Now, it has to be said again that we can’t be sure that the NSA is behind the Equation Group. Kaspersky Labs refuses to name an actor or confirm the deliberations by journalists and other analysts. But given the targets of the attacks, the sophistication of the program, and the links between the Equation Group and other programs that have already been tied to NSA activity—here’s looking at you, Stuxnet and Flame—it’s difficult to draw any other conclusion.

If only all of our spy programs were so organized, targeted, sophisticated and, in a strange way, ethical. Why the ‘Equation Group’ Spying Program Should Make Us Proud