Skip to main content

Don't Panic: There's Probably Not NSA Malware on Your Computer

You might not have heard about the latest revelations about the National Security Agency (NSA) because the banner headlines lasted all of five minutes.
  • Author:
  • Updated:

You might not have heard about the latest revelations about the National Security Agency (NSA) because the banner headlines lasted all of five minutes. No one really cares any more, partly because certain reporters over-played their hands and saturated a half-a-year's worth of news cycles with articles that made so much ruckus that, combined, was reduced to white noise, and everyone other than the truly paranoid went back to blurting their private details all over various social platforms.

Regardless, there was indeed another NSA eavesdropping story that briefly made its rounds on Monday, via Reuters. The Huffington Post ran an all-caps screamer front-page headline: "EXPOSED: WORLDWIDE NSA SPYING PROGRAM," clearly suggesting that NSA has been spying on everyone including you, even though the actual article contained zero proof.

The article profiled a report by the anti-virus company Kaspersky Lab. The company described "an almost omnipotent cyberespionage organization" dubbed "Equation." Cutting to the chase, Kaspersky has been tracking a series of malware threats distributed by Equation which have infected computer hard drives in 30 nations such as Iran, Russia, Pakistan, Afghanistan, China, Mali, Syria, Yemen and Algeria. The computers are mainly used by government, military and telecom agencies, along with "Islamic activists and scholars."

Sounds scary.

First of all, it's important to provide some background on Eugene Kaspersky and his Moscow-based company. Kaspersky, among other things, has worked closely with the Kremlin against the U.S., according to WIRED magazine.

But Kaspersky’s rise is particularly notable—and to some, downright troubling—given his KGB-sponsored training, his tenure as a Soviet intelligence officer, his alliance with Vladimir Putin’s regime, and his deep and ongoing relationship with Russia’s Federal Security Service, or FSB.

Red flag, anyone?

Secondly, there's no evidence in the report or the accompanying Reuters article proving that the malware is everywhere. Again, the report specifically states "thousands" of computers out of an estimated 6.4 billion internet-connected computers worldwide, and Kaspersky's 300 million-plus customer base.

Next, Reuters mentioned two anonymous former NSA sources, one of which appeared to confirm Kaspersky's assertion that Equation malware was "linked" to an NSA program called Stuxnet, which we've known about since 2010. Stuxnet malware was used to attack Iran, apparently disrupting a portion of its nuclear capabilities. But only one of the sources explicitly linked Equation to Stuxnet.

And even if the Equation group is linked to NSA as the source suggested, isn't it the agency's mandate to conduct foreign electronic surveillance? NSA opponents are unclear in terms of how or what they expect of the agency, but in addition to clear objections to NSA's alleged spying on Americans, it seems as if opponents simply don't want NSA to do what it's supposed to do. In this case, what exactly is illegal about this program as reported? If it's a concern over the potential of NSA to turn its weapons against Americans, there's certainly been some precedent for it, but that sort of overreach has barely been reported in the last two years, post-Snowden, and when it has, it's usually in the context of stories about NSA or the FISA court self-policing and weeding it out themselves (LOVEINT, for example, was thwarted internally by NSA).

All in all, there's really nothing to see here. And it's no wonder these articles are becoming increasingly ignored: it's just one "boy who cried wolf" story after another.