
“Equation Group” ran the most advanced hacking operation ever uncovered - privong
http://arstechnica.com/security/2015/02/how-omnipotent-hackers-tied-to-the-nsa-hid-for-14-years-and-were-found-at-last/
======
yeahyeah
This is exactly what the NSA should be doing. Everyone (rightfully IMO)
complains about overly broad data collection happening within the USA, but
here (as with stuxnet) you have the exact opposite, a targeted foreign
activity conducted with care and targeting. I know it's not for everyone (not
least because not everyone is in the states, huh), and it could be considered
a bad precedent, but it's not like Iran asked our permission before they
launched their nuclear program, or other states are actually waiting on the
US's example to have their own intelligence services do their jobs. If you
hold that something like 9/11 should be prevented, and that (actual) WMD
programs should be stalled, then it follows that this is a fine way to go
about it.

~~~
doczoidberg
I am from germany and I hope most of americans don't have this point of view.

1\. give up freedom for some stupid terrorist attacks? why should we? We've
lost the keystone of freedom when we do this and they have already won.

2\. Do you really think these extensive intelligences do stop terror? (maybe
they do sometimes, but terrorists will find new ways)

3\. IS and others are the result of the Iraq war which was a offensive war
from the US justified by a lie (Sadam had no weapon of mass destruction). Do
you still think that America is the world police? The reputation of the US has
gone rapidly down in the last decade. For the most here in germany the US are
not the good ones any more. Other countries have their own way of life.
America has to accept that.

~~~
andrewfong
> "give up freedom for some stupid terrorist attacks?"

What level of freedom is lost here? We're NOT talking about mass surveillance
generally but the targeted access described by the OP. It's the difference
between the police parking a van outside a suspected gang hideout (hopefully
after getting a warrant), and parking a van outside every home in America.
Most Americans are OK with the former and NOT OK with the latter. And, IMHO,
that's a valid trade-off to make in a democratic society.

You might object to a particular surveillance target (Merkel), which is
understandable. But would you object to spying on Putin? I suspect even
Germany (especially Germany) would be okay with the NSA conducting targeted
surveillance of senior members of the Russian military with ties to Eastern
Ukraine.

In an ideal world, there would be no surveillance or any surrender of liberty
in any scenario. But the world is not ideal and compromises are made. Germany
is not immune to this. Case in point: Hate speech is illegal in Germany, which
is understandable given German history, but a violation of free speech rights
in the U.S. The challenge is not to reject all infringements of freedom
wholesale but to identify where lines can be drawn between what can be
tolerated and what must not.

~~~
logn
They excluded a few countries and two usernames. Medium-level infection
reached 18 countries.

I think it's foolish to defend alleged NSA operations when the NSA won't even
acknowledge such operations.

If the government wants to have a debate about the rules of digital warfare
(or a particular war), then let's. If they don't, then why should we defend
their secret tactics? We have no idea what the motives and objectives are of
these operations. And we have little knowledge about how they've affected
people, innocent or otherwise.

Your casual analogy to parking vans outside homes seems reasonable. Until you
consider what that actually means in our real life. For instance, vans outside
homes has been a large part of the war on drugs which has imprisoned a
staggering number of black youth. What do you think is the analogous fallout
of this malware? Drone strikes? Defend those.

~~~
anologwintermut
The notation that a debate on the rules of digital warfare will do anything is
questionable.

Arms control limitations (SALT,START), the hague convention, etc, work because
there are means of verifying countries adhere to what they agree on (and
ostensibly punishing those who don't).

Given the difficulty of attributing cyber attacks (e.g. Sony), much less cyber
espionage, there's little reason to think this is possible in this case. And
that's just for direct action.

If we're talking about tactics and capabilities, it's impossible. How are you
going to make sure there aren't 30 people somewhere writing malware for a
government? You can't, at least absent far more invasive spying or some kind
of DRM that makes writing malware illegal.

~~~
logn
My point was mostly that I will not defend secret war/aggression/cybercrime
especially in light of recent history. I'm surprised so many people here
defend this malware claiming that it's (1) justified and (2) targeted. Since,
we have no idea what it's for and it's heavily infected 18 countries. I'd
guess they also support targeted torture and rectal hydration too. Just as
long as it's not citizens. Except for just the really bad citizens.

~~~
trynumber9
No one in this thread has said they support torture. This malware has nothing
g to do with torture. What was the point of that fake argument? Supporting
targeted malware is not supporting torture.

~~~
logn
There was some sarcasm in my comment above and I didn't fully detail what I
meant.

The point was that something doesn't become ok just because it's targeted at
non-citizens or the targets are more limited than simply everyone. (Unless
other context can justify it... but we're being kept in the dark). It's still
dragnet surveillance. Similarly torture is wrong and no amount of "targeting"
can change that. So I think there's a disconnect in people who oppose mass
surveillance but approve of this. I presume many people ok with this malware
are opposed to torture; it wasn't to be taken literally.

~~~
LLWM
Surveillance is situationally justifiable. Torture is not. This isn't a
complex problem.

~~~
logn
I think that surveillance and dragnet surveillance are fundamentally different
and not comparable.

~~~
LLWM
If so, then it's hard to imagine how you could distinguish between those in
such a way that labels the methods described in the article as dragnet
surveillance, rather than non-dragnet.

------
wongarsu
>It's just about impossible for an outsider to reverse engineer a hard drive,
read the existing firmware, and create malicious versions.

It's hard, but it isn't like this hasn't been done before:
[http://spritesmods.com/?art=hddhack&page=3](http://spritesmods.com/?art=hddhack&page=3)

And to be honest, I think what they call "about impossible" is just a question
of investing enough time and having a somewhat decent understanding of
microprocessors and reverse-engineering. I'm not trying to downplay Equation
Group's achievement, but it feels like arstechnica is starting to exaggerate
here.

~~~
damurdock
The whole "embedded programming is scary and impossible" sentiment seems to be
pretty common these days. I mean, it's impressive, but well within the reach
of an interested nation-state or even a skilled hobbyist like Sprite_tm.

It seems like the prevalence of modified router firmwares (and botnets based
on them) should make it clear that firmware modification is A Thing That
Happens(TM).

~~~
tptacek
Anyone who thinks this kind of work requires nation-state backing should look
at the (hobbyist!) projects to jailbreak the Xbox, X360 and PS3. Low-level
kernel- and hypervisor- programming in which obstacles are casually overcome
by dropping zero-day memory corruption bugs in core libraries that would be
worth tens of thousands of dollars today just from bounty programs, deploying
crypto bugs that make "custom RC5" and "thousands of iterations of SHA1" look
like the shoplifted- from- Schneier technique that it appears to actually be
(TEA hash collision, ECDSA nonce repeats, &c).

And these were, more or less, student side projects.

~~~
javajosh
That doesn't mean that it's easy, it just means that hacking a PS3 is _highly
motivating_. Making some lame centerfuge explode half-way around the world is
high on patriotism (I guess) but short on lols.

~~~
wongarsu
He didn't say that it's easy, just that it isn't so hard that you need nation-
state backing to do it. Judging purely from their capabilities, Equation Group
could be a small group of college graduates who make a living with hacking and
don't settle for the low-hanging fruit.

Of course the other evidence strongly suggests that this group is NSA-
employed, but the real reason why their malware is so much more sophisticated
than anything else out there isn't that nation states have staggering amounts
of resources, it's simply that normal malware doesn't need to be
sophisticated.

~~~
cocoablazing
You are saying that you think it is reasonable that a small group of "college
graduates" have created and executed a global espionage campaign against
airgapped military targets using software that makes previous nec plus ultra
NSA cyberweapons look obsolete.

------
ptwiggens
The update confirms it is the NSA.

It is incredible, even the most generous estimation of the NSA's capabilities
before the Snowden disclosures now look conservative. This is the stuff
conspiracy theories are made of.

~~~
AlyssaRowan
UR = UNITEDRAKE ("Regin", basically?). And that'd probably be rmgree5@nsa.gov:
that's the format their addresses are in.

This does seem to be, broadly-speaking, NSA's top-dollar brand-new 0-day-laden
(at the time) malware, that they use to launch their less shiny stuff, which
is more awkward and a massive overfunded modular boondoggle. This does not
seem to be as freely shared around with the "Five Eyes".

By the way, there are innocent machines _in the US_ infected with this thing,
at this very moment. Anyone care to explain that?

The hard-drive component should be completely detectable, _if_ you don't boot
from it, based on the (small, sadly incomplete) fragment of (Cortex-M0?) stuff
I've seen. Power-cycle it, send an ATA reset, read the MBR _and following
sectors_. Look out for the NIC "option rom" persistence module, too - you may
be well-advised to do it from something really exotic that doesn't run x86,
just in case! (Independent hackers are running (µ)Linux on hard disks now, so
it's not surprising a huge agency able to spend billions of dollars of tax
money funding contractors on tiny pieces of this project got something of a
head start!) Not sure of a good way to detect it in software, but it's not
perfect, so it probably can be redpilled somehow.

Watch for "CD-ROM"s that unexpectedly have ATIPs, I guess?

~~~
wongarsu
Detecting an infected hard drive in software would be the usual malware arms
race: you find some characteristic of it, they improve the firmware.

But if we start to systematically check for it, it should be easy to discover
via hardware debugging. Find the JTAG interface on the hard disk controller
(or whatever debugging interface the specific processor uses), dump the
firmware and compare it to firmware dumps from other hard drives of the same
model. I don't see how they could fool that process (given that you have a
clean machine to read out the firmware).

Of course to be thorough you would have to check pretty much the firmware of
every component of the computer.

~~~
CPLX
> dump the firmware and compare it to firmware dumps from other hard drives of
> the same model

And then ponder the unstated assumption that said other hard drives may or may
not have been exploited already. Dealing with a state level actor is hard, in
the "trusting trust" sense.

~~~
XorNot
Well update your threat model appropriately. What are the realities if they've
somehow hit _every single hard disk_ in the US? What is the likelihood this
level of subterfuge can be maintained? How many people are involved?

Just because you can imagine it doesn't suddenly make it _practical_ , and it
certainly doesn't mean they're going to burn that capability outing some guys
porn habits either.

~~~
CPLX
> What are the realities if they've somehow hit every single hard disk in the
> US?

Who knows. The problem is you're not so concerned with "every single" hard
drive in the US, but you may well be concerned with the other one you wish to
use as a benchmark.

When you're dealing with things like hardware being compromised on the way
from the plant to the store, or (as mentioned) a burned CD being compromised
in the mail, and other things that really only governments can do, it changes
the whole nature of the threat model.

------
grandalf
I think the lesson here is not so much that governments can do this, but that
entities with extremely large budgets are implementing broad, interconnected
initiatives like this.

I think realistically any entity with over $20M could participate meaningfully
in these kinds of exploits. The key is that in order to be useful many
overlapping initiatives need to exist.

It seems like exploiting things like firmware would be pretty easy: You just
get a member of your team who is a bit overqualified to apply for a job at the
target company. A relatively small team could accomplish this in a few years,
aided by the scarcity of top tier engineering talent.

The hard part is the social aspect of the attacks, but a single clever
individual can come up with many.

~~~
RockyMcNuts
well, in TFA it's a little easier for the NSA than embedding a mole, NSA just
tells WD they want to buy drives, but need to audit all the source code
including firmware for security issues, then modifies firmware, then
intercepts hardware orders from targets and replaces them with ones with
compromised firmware.

~~~
grandalf
True, but I think it makes more sense to look at these tactics in the most
general way possible. Firms could be doing them, as could much smaller
governments.

Most press about itesec is focused on individual vulnerabilities and the
tactics used in specific exploits. What we're seeing is tremendous "long game"
strategic sophistication. Stuxnet was one example of using many attack vectors
to eventually achieve a goal and these revelations suggest that was just the
beginning.

Sure, intercepting the mail could be difficult, but all it takes is a few
compromised UPS drivers and warrants are no longer needed.

------
gnu8
We should all be aware of the fact that these people are the enemy. They don't
do these things to "protect freedom", they do them to destroy freedom.

Most of the people on Hackernews are uniquely placed to resist. Secure your
software. Refuse to cooperate unless legally compelled. Analyze and publish
any evidence of government attacks.

If you work for the NSA, understand this: you aren't American. You are the
Internet Daesh. You will lose.

~~~
rifung
In what way are people who work for the NSA not American? They are literally
working to protect American citizens from violence. While you may not agree
with their methods, saying you are somehow "more" American than they are, let
alone that they aren't American at all is a huge stretch.

I think I'm too young and naive to really form a good opinion on what they are
doing, but I do know that I definitely haven't done anything I can remember
for the sake of this country. Maybe they're being harmful, maybe not, I don't
know, but at the very least I like to think they are trying to be helpful.

~~~
tomelders
So it's a good thing they're spying on that poster child of terrorist anarchy;
Angela Merkel?

~~~
ars
Why should terrorism be the only reason to spy on someone?

Traditionally you spied on your friends to see what they were really thinking
vs what they were saying.

------
datashovel
I would like to ask anyone reading this to hypothesize with me. What if the US
government was broadly and knowingly corrupt? How comfortable would you feel
knowing that they had such broad and powerful technical capabilities? How
would you fight against such a machine, to uproot the corruption?

I'm in awe of these technical feats, but also cautious about the implications
of an all-knowing, all-powerful government presence who can infringe on your
basic rights at-will.

~~~
Cthulhu_
It's not a what-if actually, the US government - or at least the higher-ups,
like the senate - are bought by those with money. And buying votes / power /
votes is the core principle of corruption.

~~~
datashovel
I didn't want to sound too presumptuous when I wrote the comment, but I would
agree the current state of things is far from ideal.

------
Iknowitall
What is the NSA is doing here is more subtle and I do not think they fully
realize it. They are heavily financing and accelerating the speed of damages
that people on the dark side can do. They are "inspiring" a bunch of curious
teenagers (in the best case) or a bunch of cyber criminals (in the worst case)
to create another malware like that. They are putting out there first of all
the ideas, second the conviction that it is possible to do so, and third
sample code to study, improve and deploy. This race to being the "smarter" spy
is unfortunately leading us in a very risky world to live in. A lose-lose
preposition. The press and the antivirus researchers are also not being too
smart here to make this public available.

~~~
Iknowitall
By the way, would you put a bunch of secret technology (maybe a new bomb)
partially hidden in a manhole in the middle of the street, just in case a spy
passing by needs to use it? That is pretty much what they are doing here...
code is easy to move around and to copy. Today (or in relatively short amount
of time) who wants that code bad enough will be able to find it. That
technology that took yeas and million of dollars to develop is now available
to the bad guys. Face palm!

------
rosenjon
Based on the article, are we to presume that this only affects tech in hostile
countries? Or are they doing this to US-based equipment as well?

Seems like this will backfire spectacularly when foreign countries and
companies stop buying American made tech for fear of these hardware backdoors.
Spectacularly irresponsible.

~~~
jrochkind1
Wait, is Mexico a "hostile country"?

~~~
leroy_masochist
Their central government is not hostile to the United States; cartels and
certain cartel-influenced local governments certainly are.

~~~
jrochkind1
There are of course entities hostile to the United States in every country,
including the United States.

------
ForHackernews
This is pretty intense malware, but at some level it's reassuring how
narrowly-targeted these attacks seem to be. Arguably, this is what the NSA is
_supposed_ to be doing: targeted attacks against key systems in hostile
nations, not mass dragnet-surveillance of everyone on the Internet.

~~~
letstryagain
Hostile nations now include Belgium and the UK apparently

------
ingler
I don't know what's more disturbing: the fact that US government does this
with impunity or the fact that a sizable group of technically competent
citizens defends it.

~~~
pgwhalen
I think the "sizable group of technically competent citizens" realizes that
espionage between nation-states is as old as nation-states themselves, and
that because of the nature of humanity, it's not going away anytime soon.

~~~
ingler
It's also where the money is. Getting paid to do the wrong thing is also an
old trait of humankind.

Remember Google's original motto? Whatever happened to that?

------
logicallee
do we really need to encourage people to go into this line of work with
language like this:

>A long list of almost superhuman technical feats illustrate Equation Group's
extraordinary skill, painstaking work, and unlimited resources.

with the effort these people spend contributing next to zero value in the
world (strongly negative value if you add up all the energy wasted on all
sides including their 'enemies'; if all these sides spent the same resources
on positive constructive research instead, we would be ahead). This genius
could be applied to making a compiler/interpreter that just does what you're
trying to do, regardless of whether you're a programmer.

it's a binary choice: have these people perform 'superhuman' feats of self-
destruction and obfuscated encryption and finding zero-days....

... or give humanity the tools that every one of the seven billion people on
it can instantiate any idea in seconds and have it actually be correctly
interpreted and done.

Resources are spent tricking people so they don't notice something. Where are
the resources being spent helping people do what they're trying to?

The example I always go to is: since the creation of the United States, how
much inter-state (Iowa and Massachusetts) spying, warmaking, border control,
etc, is wasted?

Could this have something to do with its performance over the last couple of
centuries?

I think of these types of programs as 'welfare for geniuses'. give them an
office and something to do.

but for God's sake, spit them out again. The optimal amount of state spying
is, let's face it, much closer to zero than its current levels.

Spend on enough universal education that everyone shares values and nobody is
destructive; put the rest into fundamental research and development.

I don't mind that the government exists to do research, employ people, and
keep the world safe. But put some limits on it, and please don't encourage
this with language like I quoted at the top.

humanity has better things to do with its time. nobody wants to live in a
prison.

------
harkyns_castle
Might as well tattoo a UUID on our foreheads and be done with it at this rate.
God I hate hearing the apologists for the NSA in these threads. Are you so
devoid of empathy?

~~~
nhstanley
Empathy for whom? I know pacifists want to believe we live in a post-war
world, and if only we would not make guns or do the kind of things the NSA is
doing here we'll suddenly live in a perfect world—but by what fantastical
mechanism do you actually think that will happen?

~~~
harkyns_castle
The old pacifist keyword, its a bit like the communist keyword.

The only war we have at the moment is the one you (assuming you're a shill)
created and want to sustain. Because if you don't, it all falls down. Its
about the US dollar, and oil.

------
balls187
Anyone get the feeling that at this point, the NSA et al, have moved onto even
more sophisticated attacks?

~~~
leroy_masochist
Given that the unearthed program is a decade and a half old, I definitely get
that feeling.

~~~
laurent123456
I'm picturing the NSA engineers laughing at the "advanced hacking" Kaspersky
just unearthed, meanwhile working on stuff that would blow our mind and that
we'll only discover 20 years from now.

~~~
chii
i can't imagine how my mind can be blown any more than it already has.

~~~
balls187
Skynet?

------
mabbo
I'm pretty sure intercepting and screwing with mail is a felony... isn't that
a felony? How exactly can the US Government have it's employees committing
felonies with no warrants or oversight?

~~~
ForHackernews
There are likely secret warrants in FISA court.

~~~
AlyssaRowan
That doesn't really explain the US researchers infected with this.

~~~
teraflop
That's what the FISA court is for: to issue secret warrants for surveillance
of US citizens' domestic communications.

~~~
mox1
FISA is for Foreigners outside of US soil. You literally are exactly
incorrect.

~~~
etjossem
Not exactly - and that's why FISA is so controversial.

The FISA Amendment Act permits the court to issue a warrant if _either_ the
sender or recipient is a non-US citizen abroad (since the "target" can be
either party involved in the communication). Foreign nationals who are
acquired abroad as FISA targets can later enter the US and remain subject to
the warrant. And if there is uncertainty about the location or nationality of
the target, the dispute is frequently resolved in favor of the surveillance
agency.

The ACLU has fought FISA since it was enacted, as they believe it creates a
way to unconstitutionally surveil people in the United States.

------
shiven
Takeaway lesson #1: re-flash all HDDs/SSDs with verified vanilla firmware from
original manufacturer.

Lesson #2: Beware any and all data media, CDs, DVDs (Netflix? Blockbuster?
Hollywood screeners? ...?), USB drives.

~~~
rasz_pl
#1 using Jtag, nothing else will matter, and even then it will only work until
your drive is reflashed again in another attack. Best way to secure HDD would
be modifying firmware to DISABLE firmware upgrades and external access to
service area permanently. Afaik HDDs keep some executable modules stored on
HDD platters, that means 'simply' cutting WR leg on eprom chip is not enough.
We are talking quite significant firmware rewrite here.

------
nadaviv
One of the images [0] in the article identifies a C&C server used by the
attackers, technology-revealed.com. The script appears to embed an invisible
iframe pointing to a page on that domain, which probably infects the machine
using some zero-day exploit on the browser or one of its plugins. The domain
is still registered, but appears not to be running an HTTP server anymore.
Might be interesting to investigate if someone wants to look into that.

[0] [http://cdn.arstechnica.net/wp-
content/uploads/2015/02/malici...](http://cdn.arstechnica.net/wp-
content/uploads/2015/02/malicious-php-script-1280x719.jpg)

~~~
compbio
The article also mentions fanny.bmp as an NSA exploit. Here a post from 2010
[1] from someone who encountered this virus on an USB stick and saved the
virus:
[https://forum.lowyat.net/topic/1488855/all](https://forum.lowyat.net/topic/1488855/all)

------
anton000
Wasn't there a demonstration of a similar HDD exploit posted on HN earlier?

edit: found it
[https://news.ycombinator.com/item?id=8665865](https://news.ycombinator.com/item?id=8665865)

------
ChuckMcM
Interesting to compare the sophistication of this malware and physical weapon
systems such as the Tomahawk cruise missile. One video of cluster munitions
shows how the munitions try to attack armor, then vehicles, then groups of
people, and then land to become pop up landmines. [1]

One has to assume that the capabilities of the other actors is similar. Makes
for a pretty scary picture when you think about it.

[1] [https://www.youtube.com/watch?v=CY9gojFu-
_U](https://www.youtube.com/watch?v=CY9gojFu-_U)

~~~
harkyns_castle
Admittedly I've had a few beers, but what was going on there? It looked like a
chaff device or something. I didn't see the massive destruction I was hoping
for.

------
peterwwillis
I feel bad for the people that work for groups like this. Sure, you get to
hack every developed nation in the world and are privy to the most sensitive
information in the world. You're also therefore the world's largest liability,
and your life is probably very expendable compared to the data you're
retrieving. They might have a unique identity just for picking up milk.

------
rl3
I'm surprised the CPU microcode angle isn't mentioned.

~~~
teraflop
Has there ever been a non-theoretical use of microcode in malware? I would
expect it to be difficult for a lot of reasons (the maximum microcode size is
probably quite limited; the format is extremely proprietary; and there's only
so much overhead you can add at the instruction level before you start causing
a noticeable slowdown).

Also, microcode updates aren't retained when the system is powered, so you
still need to have a persistent backdoor installed at the OS level. Given
that, it's not clear what additional benefit a microcode backdoor would
provide.

~~~
kw71
If you are going to modify a BIOS, then the BIOS can apply the microcode
update. No need to tamper with OS then.

------
gloriousduke
Just think, a member of the group is probably reading this thread right now...

~~~
robertmgreen5
hahahaha...

~~~
dhimes
This made me LOL

------
n1x0n997
So there is this new shodan-like database that takes data from massive scans
of the Internet (I think?) etc... Might be worth running all C&Cs through it
to discover more domains , for example
[https://rateip.com/ipv4/190.60.202.4](https://rateip.com/ipv4/190.60.202.4)

------
rey12rey
Equation Group: Questions and Answers by Kaspersky [pdf] -->
[https://cdn1.vox-
cdn.com/uploads/chorus_asset/file/3415904/E...](https://cdn1.vox-
cdn.com/uploads/chorus_asset/file/3415904/Equation_group_questions_and_answers.0.pdf)

------
grandalf
The point isn't whether we should be surprised this is the NSA, the
interesting thing is that this layered strategy is what you do if you have
access to lots of money and talent.

------
ilitirit
How can one detect infection?

------
packetized
Scalpel, not a sledgehammer.

------
aselzer
While this is undoubtedly scary, it looks very Windows-specific and would seem
unlikely to affect a somewhat security-conscious Linux user.

Java and IE exploits, autorun files, NTFS...

> The malicious firmware created a secret storage vault that survive

> military-grade disk wiping and reformatting, making sensitive data

> stolen from victims available even after reformatting the drive and

> reinstalling the operating system.

And that's why it's possibly not the greatest idea to replace simple firmware
and drivers with small operating systems (Intel AMT, microcode, SSDs, Smart
TVs etc.).

~~~
wongarsu
I suspect that most of their targets use Windows, so we have more malware
samples from Windows hosts. The article specifically mentions that they
heavily suspect that a Mac malware exists, yet they haven't found it yet.
Consequently we don't know which exploits they use to get on Macs. They also
talk about a wide range of servers being infected, only attacking Windows
servers would be very limiting.

My best guess is that if you are a target, using Linux makes their work harder
but not impossible. They had over a decade to figure this out and
vulnerabilities in Linux software are found all the time.

~~~
aselzer
The site shows a PHP script targeting vbulletin. Obviously there are lots of
ways of attacking servers, especially if they run PHP applications and such.

There was once a PDF exploit for iOS that made it possible to jailbreak the
phone (or run any code) if the user opened a PDF, so the PHP program could
have been redirecting to something like this.

Linux malware would probably have a much lower effectiveness / $, so it
doesn't pay off for them.

------
thejaredhooper
What's worse is the fact that this would be more terrifying if this weren't an
action to the NSA's credit. Chinese, British, and Russian governments also
have the capability of developing intrusive malware at such a scale.

I see that this is confirmed as the NSA, but the world has been awfully silent
on the intrusiveness of Chinese malware practices. You can not travel safely
in China without your domestic devices being breached, yet we don't hear about
large-scale projects from their government, which also possesses "near
limitless resources" at their disposal.

I just think it's interesting there's so much attention on the NSA.

~~~
sumitviii
People would be angry even if they didn't know that Equation Group was part of
the NSA.

------
oglees
Absolutely! I live in Bulgaria, Eastern Europe, a poor, small country, which
has been accepted in NATO and the European Union, but still is hosted by the
past-Soviet`s secret intelligence services of Moscow, which are now illegal,
but has agents and the absolute power over the legal secret services in
Bulgaria. The surveillance is much larger, than in the USA, but all the info
goes to Moscow.

So, what are you troubling about, when NSA is pure American, and has the
purpose to protect you from the legions of Russian, Chinese hackers -
officially military, or just playing and stilling criminals, and all the
Islamic recruiters, who are trying to recruit American citizens for their
Jihad against The Civilization...

I don`t understand, are you stupid, people, or what? NSA has the duty to
protect you, and you are acting as children, whom parents has been installed a
security program on your PC, to protect you from pedophiles... It`s the same
case with the NSA surveillance!

------
adambatkin
We definitely throw our weight around and interfere with Iran's domestic
affairs. But this is definitely a case of "we think our morals are better than
yours" (and we have bigger guns so we're gonna enforce those morals).

The Iranian government funds terrorist groups around the world, and has called
for the destruction of certain other countries. So yeah, if we have the
ability to stifle them (particularly their nuclear ambitions) I say we go for
it.

I do feel bad for many of the Iranian people. Many of them do not like their
government and are therefore held hostage by the events around them, which
they have no control over, and may disagree with.

~~~
Ar-Curunir
Hmm, and what about the Saudi government that actually does fund terrorist
activities and opposes almost everything that America claims to stand for?

America is fine with propping up that regime, so why is Iran an issue, when
from everything that I've read and experienced (12 years in the Middle East)
there have been no implications of Iran in modern terrorist activities?

What moral have high ground can you take then?

~~~
somebehemoth
"when from everything that I've read and experienced (12 years in the Middle
East) there have been no implications of Iran in modern terrorist activities?"

\- Iran does not recognize Israel.

\- Iran supplies political support and weapons to Hamas,[14] an organization
classified by Israel, the United States, Canada, the European Union and Japan
as a terrorist organization. Mahmoud Abbas, President of the Palestinian
National Authority, has said "Hamas is funded by Iran. It claims it is
financed by donations, but the donations are nothing like what it receives
from Iran".[15] From 2000 to 2004, Hamas was responsible for killing nearly
400 Israelis and wounding more than 2,000 in 425 attacks, according to the
Israeli Ministry of Foreign Affairs. From 2001 through May 2008, Hamas
launched more than 3,000 Qassam rockets and 2,500 mortar attacks into
Israel.[16]

\- Iranian proxies killed an estimated 1,100 US troops in Iraq.[35] In
addition, insurgents supported by Iran reportedly committed acts of
terrorism.[34][36][37]

Lots more here: [http://en.wikipedia.org/wiki/Iran_and_state-
sponsored_terror...](http://en.wikipedia.org/wiki/Iran_and_state-
sponsored_terrorism)

I am not claiming these are all fact, but I think there is little doubt that
they are at least "implications" as you put it.

(edited for formatting.)

~~~
discardorama
> \- Iran does not recognize Israel.

Neither does Saudi Arabia! Why does it even matter, since 32 countries do not
recognize Israel; including huge US beneficiaries like Afghanistan, Bangladesh
and Pakistan?

> From 2000 to 2004, Hamas was responsible for killing nearly 400 Israelis and
> wounding more than 2,000 ...

... and in turn Israelis killed 4907 Palestinians and wounded 8611? If the
number of killed is a factor in determining one's "terroristness", then surely
you can't claim that Israel is a victim here! Just last year, in Operation
Protective Edge, 73 Israelis were killed and 664 wounded; whereas 2100
Palestinians were killed and 11000 wounded:
[http://www.jewishvirtuallibrary.org/jsource/History/casualti...](http://www.jewishvirtuallibrary.org/jsource/History/casualtiestotal.html)

> Iranian proxies killed an estimated 1,100 US troops in Iraq.

... and Saudi proxies killed nearly 4000 on 9/11 !

~~~
colordrops
I can't help but think that many of the people posting on these boards are
either shills or have psychological disorders, because they ignore completely
obvious facts like the ones you point out and continue to hold onto their
views. That type of willful blind spot is not tolerated with other subjects
here on Hacker News.

~~~
olympus
There are political differences to be expected, but let me try to explain why
the USA is willing to rub elbows with the Saudis and not with Iran. My
credentials are this: I spent 6 months working on strategy in the CENTCOM AOR
bitching about every single country in the Persian/Arabian Gulf every single
day. The choice is one of picking the lesser of two evils. The USA has a great
interest in keeping and increasing its geopolitical influence in the Middle
East (Israel is not included in this region even though we have to plan for
their actions). The two main regional powers in the Middle East are Saudi
Arabia and Iran. We used to be friendly with both countries back in the 1970s
but Iran had a revolution and the Ayatollah didn't want anything to do with
us, and it remains that way today. Although the current President of Iran
(Rouhani) has mentioned that he would like to improve relations with the USA,
he is not the boss regardless of how many people voted for him; the Ayatollah
is the Supreme Leader and he still openly calls for the death of Israel and
the USA. So we obviously can't be friends with Iran. That leaves us with Saudi
Arabia, and while they also sponsor terrorism, they are all we have left. We
overlook their actions, and in exchange we are allowed to keep a significant
military force there, which props up their government and provides them with a
pretty big stick when negotiating with the smaller countries in the region
(the only other stick they really have is their gargantuan oil production). So
our PATRIOT batteries protect the family of Saud from Iran, and we get to have
a little say in their goings on. It's as simple as that. Just about everybody
we deal with is a piece of scum that would like to see the USA brought down a
peg, but Saudi Arabia doesn't do it openly and they depend on our money and
protection, so we get along a little better than them. Iran openly calls for
our destruction. The last several US presidents, both Republican and Democrat
have decided that it's better for us to support Saudi Arabia than not have any
influence in the Middle East at all. The only other option is to withdraw our
forces (without Saudi Arabia's cooperation we would probably lose our basing
agreements with all the other countries in the region) and have no say
whatsoever and watch as the Middle East goes in a direction that isn't
beneficial to the USA in the slightest.

\--And to get back to the topic of the parent post, yeah, this is exactly what
the NSA is supposed to do. It is supposed to do two things: Secure the
information of the USA and its citizens, and to undermine the security of
everything else. A lot of US citizens were upset when they found out that the
NSA vacuum had gotten their information as well, and rightfully so. But the
NSA is still primarily focused on targeting external entities, and although
those entities are well within their rights to complain, don't expect the NSA
to stop just because someone didn't like it. Regardless of what a federal
judge says about collecting on US citizens, no judge will EVER tell the NSA to
stop its clandestine activities on foreign networks.

~~~
colordrops
I appreciate your informed and reasonable response, but you didn't really
address the two main points of the grandparent poster.

1\. Iran isn't really different in stance from several other countries. You
say that Iran calls for the death of Israel and America, but this isn't really
true. The one quote from Ahmadinejad that gets thrown around turned out to be
a mistranslation. And even if Iran's leadership did say such things, they are
not even close to being alone in such heavy handed rhetoric. And anyway words
shouldn't be enough to start trillion dollar wars. Otherwise Iran should have
the right to attack the US for McCain and other American politicians'
equivalently inflammatory speech.

2\. Israel is as complicit in terror as other powers in the middle east, if
not more so, but they never called out. The reasons are usually vague or
fallacious, such as them being "friends" or "like us" or the only democracy in
the middle east.

~~~
olympus
The question I was answering above was "why Saudi Arabia and not Iran? Aren't
they both bad?" Regarding your other points, I'll answer them below (and I
admit my attitude upfront on the first one, you just posted that you are
frustrated with people with a willful blind spot and then you give me #1):

1\. Iran's calling for the death of Israel and the USA is just a single missed
translation? Give me a break. A news article from five days ago: "As usual,
Iranians chanted "Death to America" and also denounced Israel."
[http://www.npr.org/blogs/thetwo-
way/2015/02/11/385396449/on-...](http://www.npr.org/blogs/thetwo-
way/2015/02/11/385396449/on-..). It's a slogan over there:
[http://en.wikipedia.org/wiki/Death_to_America](http://en.wikipedia.org/wiki/Death_to_America).
And they aren't alone in their rhetoric. North Korea says it too. And guess
what? We've isolated them as much as we can as well. The countries that are
willing to openly say "Death to America" are ones that haven't matured enough
on the world stage to realize that you should say one thing and do another.
The rhetoric alone isn't enough to start a war, but their actions aren't that
innocent. Iran's first "blue water navy" excursion was planned to sail all the
way to the coast of the USA and enter our territorial waters, just to say that
they could (but their ship didn't make it). They built a mock US aircraft
carrier and practiced shooting anti-ship missiles at it. They aren't just
talking big, they are actively posturing as the opposition to the US influence
in the region.

2\. Yeah, Israel does some stuff. The Jews have killed a lot of people (even
going back to biblical times). They usually get a pass because they are seen
as the "small fry" backed into a corner by all the Muslim countries
surrounding them. It isn't true, but that is the story that is spun. Similar
to how we treat the Saudis, we let Israel get away with a lot of things that
we should probably put a stop to--seriously, pretty much anybody with sense
can see that compromise is the best way to solve the Israel/Palestine issue,
but when two peoples hate each other that much, sometimes it's easier to watch
them punch it out. If you try to break up a fight, you risk getting punched
yourself. And besides, we don't get along with the Israelis as much as most
people think. Seriously, we share more intel with New Zealand than we do with
Israel.

~~~
saiya-jin
Subjective experience here - been in Iran (Tehran, Isfahan, Yazd and places
between those, backpacking & mountaineering). I think we all know better than
to judge whole country of 80 million based on few radicals that are
conveniently showed in TV? I have met several hundred people, most were very
fond of west, US too (that surprised me), few didn't care and there was
exactly 1 taxi driver in Isfahan, who asked me if I knew Obama - because he is
war criminal... arguably not very bright type :) Maybe my experience isn't
representative of the whole country, but few people screaming Death to america
aren't either.

We get it, you (US) want influence there, because of oil. And because of...
oil. You don't like that there is actually somebody who doesn't care that much
and isn't afraid. A bit egoistic, and I don't get what do you expect to get in
long term, except for keeping whole region unstable, with weak rulers who bow
in front of you... ah wait

