MalwareMustDie closes blog in NSA/CIA spy protest

News by Tom Reeve

MalwareMustDie, the white-hat security research group, has closed its blog in protest of alleged American espionage against friendly countries.

MalwareMustDie, the white-hat security research group, has closed its blog in protest of alleged American espionage against friendly countries.

MMD believes that US spy agencies have been installing backdoors on the servers of universities and other public institutions outside the United States.

Shadow Brokers, which famously hacked the National Security Agency in the US and released supposed NSA hacking tools for anyone to use, recently published files containing the IP addresses of 49 countries they claim have been hacked by the NSA.

According to the website, these hack attacks have been linked back to Equation Group, an NSA espionage group.

In October, the security researcher known as Hacker Fantastic posted an analysis claiming the dump contains 306 domains and 352 IP addresses relating to 49 countries including addresses from Russia, China, India, Sweden, and many others.

MMD had been looking at the evidence, focusing on the fact that Japan appeared to be the second-most hacked country on the list despite the fact that Japan is considered a friendly nation by the US.

A message left on the group's Twitter profile page outlined the reasons for closing the blog.

“We don't do protests, and we are not [an] organization formed for that purpose too. However, under the proof of DFIR & RE to malicious objects spotted in public network[s] shows that [the] NSA or CIA (or whatever USA entity) is/was/are exploiting, rootkit, installing trojan backdoor (READ: MAL-WARE) and forming cushion attack platform[s] in several FRIENDLY COUNTRY's university & educational networks, cable networks, public email server[s], internet provider servers, entertainment groups' servers, public NIC servers and government servers [in] an act that cannot be tolerate[d] as per it is,” the statement reads, adding: “...and whoever approved those operations must be held RESPONSIBLE for the action.”

It said: “For this reason, MMD blog is close for undefined period.”

It goes on to say that in addition to closing its blog, the group will boycott American services and products.

It then suggested – perhaps tongue in cheek – that any US citizens wishing to find out the latest information about MalwareMustDie's research should ask their spy agencies for a copy of the documents.

It concludes by saying, “What is BAD, stays BAD, no matter who you are. If we cannot do things strictly RIGHT, we NEVER can stop any WRONG or BAD things in the internet.”


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming event 

Webcast: Understanding this year's biggest adversaries - and how to combat them 

Nation-state activity, versatile, slippery strategies and Big Game Hunting - the threats are real, dangerous and ever changing. 
Brought to you in partnership with Crowdstrike