Kaspersky recently uncovered Equation Group, a nasty cybercrime operation that embeds malware in hardware all around the world. It's hard to detect. Once malware is installed, it's difficult to get rid of. Even reinstalling the operating system doesn't help. The only way to extinguish the it once and for all, is to destroy your hard drive.
If this secret operation is so advanced, are Bitcoin companies vulnerable?
“Yes, Bitcoin organizations could definitely be subject to an Equation style attack.” said Ken Miller, former risk management for PayPal and current COO for Gem. The cyber-crime group has targeted personal hardrives as well as larger servers, he explained. Most Bitcoin institutions rely on single-signature schemes, as opposed to the more secure multi-signature, and this could be a vulnerability.
“So consequently, a hacker would only need to defeat 'password' like protections in order to gain access via a customer's device or a machine and move funds out of bitcoin wallets.”
Bitcoin exchanges store most of their bitcoins (95% or so) in offline cold storage, while the rest is stored in hot wallets that are vulnerable to attacks. So, for example, when the BitStamp exchange was hacked earlier this year, the issue was with the hot wallet. Most of BitStamp’s bitcoins were safe in cold storage, which was untouched. But Miller says that the 3-5% of online and vulnerable bitcoins will become much more valuable in absolute terms. If hacked, only bigger exchanges like Coinbase would be able to “sustain” that level of loss.
But while Equation Group style attacks could hypothetically affect bitcoin, Miller doubts that is the group's intention.
The Equation Group has been hidden for at least 14 years and could be the most advanced malware operation ever uncovered. Kaspersky released a 32-page paper summarizing its discoveries. While they didn't name the NSA outright, the security organization made a strong case that an intelligence agency was behind the operation.
In a mini-mystery, Kaspersky tried for weeks to decipher arabic plaintext before it went to Twitter for help. Some password cracking experts figured out the arabic plaintext, which means “unregistered” in English. It turned out that the group only targeted particular users, leaving the “unregistered” users unaffected by the attack. The puzzle showcases the Equation Group's “surgical precision” and uncanny ability.
Miller said to take the Kaspersky Lab report with a “slight” grain of salt—it's a Russian organization pointing a finger at the U.S. after all. The Economist issued similar warnings, mentioning that the security outfit has a financial interest in pushing rumors of security vulnerabilities.
Nevertheless, in 2010 the firm uncovered the worm Stuxnet, designed by the NSA to take out Iranian nuclear plants. “Some computer-security firms cry wolf to attract attention; Kaspersky’s wolves have often proved to be real,” the article concluded.
While Equation Group is likely not targeting bitcoin, the advanced operations they describe could serve a warning for the future. Miller explained:
“All that said, bitcoin could be a target down the road for something massive like this, and has obviously been a target for less-sophisticated attacks, and the mass use of single-signature key management makes it an attractive option for organized crime, which often is run out of Russia, eastern Europe, and SE Asia.”
Did you enjoy this article? You may also be interested in reading these ones: