[Home]  [Headlines]  [Latest Articles]  [Latest Comments]  [Post]  [Mail]  [Sign-in]  [Setup]  [Help]  [Register] 

Today I turned 50!

San Diego Police officer resigns after getting locked in the backseat with female detainee

Gazan Refugee Warns the World about Hamas

Iranian stabbed for sharing his faith, miraculously made it across the border without a passport!

Protest and Clashes outside Trump's Bronx Rally in Crotona Park

Netanyahu Issues Warning To US Leaders Over ICC Arrest Warrants: 'You're Next'

Will it ever end?

Did Pope Francis Just Call Jesus a Liar?

Climate: The Movie (The Cold Truth) Updated 4K version

There can never be peace on Earth for as long as Islamic Sharia exists

The Victims of Benny Hinn: 30 Years of Spiritual Deception.

Trump Is Planning to Send Kill Teams to Mexico to Take Out Cartel Leaders

The Great Falling Away in the Church is Here | Tim Dilena

How Ridiculous? Blade-Less Swiss Army Knife Debuts As Weapon Laws Tighten

Jewish students beaten with sticks at University of Amsterdam

Terrorists shut down Park Avenue.

Police begin arresting democrats outside Met Gala.

The minute the total solar eclipse appeared over US

Three Types Of People To Mark And Avoid In The Church Today

Are The 4 Horsemen Of The Apocalypse About To Appear?

France sends combat troops to Ukraine battlefront

Facts you may not have heard about Muslims in England.

George Washington University raises the Hamas flag. American Flag has been removed.

Alabama students chant Take A Shower to the Hamas terrorists on campus.

In Day of the Lord, 24 Church Elders with Crowns Join Jesus in His Throne

In Day of the Lord, 24 Church Elders with Crowns Join Jesus in His Throne

Deadly Saltwater and Deadly Fresh Water to Increase

Deadly Cancers to soon Become Thing of the Past?

Plague of deadly New Diseases Continues

[FULL VIDEO] Police release bodycam footage of Monroe County District Attorney Sandra Doorley traffi

Police clash with pro-Palestine protesters on Ohio State University campus

Joe Rogan Experience #2138 - Tucker Carlson

Police Dispersing Student Protesters at USC - Breaking News Coverage (College Protests)

What Passover Means For The New Testament Believer

Are We Closer Than Ever To The Next Pandemic?

War in Ukraine Turns on Russia

what happened during total solar eclipse

Israel Attacks Iran, Report Says - LIVE Breaking News Coverage

Earth is Scorched with Heat

Antiwar Activists Chant ‘Death to America’ at Event Featuring Chicago Alderman

Vibe Shift

A stream that makes the pleasant Rain sound.

Older Men - Keep One Foot In The Dark Ages

When You Really Want to Meet the Diversity Requirements

CERN to test world's most powerful particle accelerator during April's solar eclipse

Utopian Visionaries Who Won’t Leave People Alone

No - no - no Ain'T going To get away with iT

Pete Buttplug's Butt Plugger Trying to Turn Kids into Faggots

Mark Levin: I'm sick and tired of these attacks

Questioning the Big Bang


Status: Not Logged In; Sign In

Computers-Hacking
See other Computers-Hacking Articles

Title: New smoking gun further ties NSA to omnipotent “Equation Group” hackers
Source: Ars Technica
URL Source: http://arstechnica.com/security/201 ... potent-equation-group-hackers/
Published: Mar 11, 2015
Author: Dan Goodin
Post Date: 2015-03-11 12:05:00 by Tooconservative
Keywords: malware, NSA
Views: 484

New smoking gun further ties NSA to omnipotent “Equation Group” hackers
What are the chances unrelated state-sponsored projects were both named "BACKSNARF"?

Researchers from Moscow-based Kaspersky Lab have uncovered more evidence tying the US National Security Agency to a nearly omnipotent group of hackers who operated undetected for at least 14 years.

The Kaspersky researchers once again stopped short of saying the hacking collective they dubbed Equation Group was the handiwork of the NSA, saying only that the operation had to have been sponsored by a nation-state with nearly unlimited resources to dedicate to the project. Still, they heaped new findings on top of a mountain of existing evidence that already strongly implicated the spy agency. The strongest new tie to the NSA was the string "BACKSNARF_AB25" discovered only a few days ago embedded in a newly found sample of the Equation Group espionage platform dubbed "EquationDrug." "BACKSNARF," according to page 19 of this undated NSA presentation, was the name of a project tied to the NSA's Tailored Access Operations.

"BACKSNARF" joins a host of other programming "artifacts" that tied Equation Group malware to the NSA. They include "Grok," "STRAITACID," and "STRAITSHOOTER." Just as jewel thieves take pains to prevent their fingerprints from being found at their crime scenes, malware developers endeavor to scrub usernames, computer IDs, and other text clues from the code they produce. While the presence of the "BACKSNARF" artifact isn't conclusive proof it was part of the NSA project by that name, the chances that there were two unrelated projects with nation-state funding seems infinitesimally small.

The code word is included in a report Kaspersky published Wednesday detailing new technical details uncovered about Equation Group. Among other new data included in the report, the timestamps stored inside the Equation Group malware showed that members overwhelmingly worked Monday through Friday and almost never on Saturdays or Sundays. The hours in the timestamps appeared to show members working regular work days, an indication they were part of an organized software development team. Assuming they worked a regular 8 to 5 workday, the timestamps show the employees were likely in the UTC-3 or UTC-4 time zone, a finding that would be consistent with people working in the Eastern part of the US. The Kaspersky report discounted the possibility the timestamps were intentionally manipulated, since the years listed in various executable files appeared to match the availability of computer platforms the files ran on.

Previously found evidence suggesting a possible connection to the NSA included the Equation Group's aptitude for conducting interdictions that in 2009 placed highly advanced malware on a CD-ROM sent to a prestigious researcher who attended a scientific conference. That interdiction was similar to an NSA-sponsored one detailed in documents leaked by former NSA subcontractor Edward Snowden that installed covert implant firmware on a Cisco Systems router as it was being shipped to its unwitting customer. Still other ties included zero-day vulnerabilities shared between Equation Group malware and the NSA-led Stuxnet worm that sabotaged Iranian uranium enrichment efforts in 2009 or so. The countries that were and were not targeted are also consistent with Equation Group being a US-sponsored project.

Most of the new details included in Tuesday's report will be of interest only to hard-core researchers. Still, they only bolster previous findings that Equation Group was hands down the world's most advanced hacking operation ever to come to light. Whereas before the sprawling Equation Drug platform was known to support 35 different modules, Kaspersky has recently unearthed evidence there are 115 separate plugins. The architecture resembles a mini operating system with kernel- and user-mode components alike. Readers can expect more revelations to come as researchers continue to analyze new samples and further examine the malware that has already come to light.


Poster Comment:

Well, well, well. Those nice Russian fellows at Kaspersky are helping us learn more about NSA's hidden partnerships. We should write Vlad a thank-you note. (1 image)

Post Comment   Private Reply   Ignore Thread  


[Home]  [Headlines]  [Latest Articles]  [Latest Comments]  [Post]  [Mail]  [Sign-in]  [Setup]  [Help]  [Register] 

Please report web page problems, questions and comments to webmaster@libertysflame.com