[Home]  [Headlines]  [Latest Articles]  [Latest Comments]  [Post]  [Mail]  [Sign-in]  [Setup]  [Help]  [Register] 

Russia Is the Last Remaining Christian Country

Zelensky’s Long History of Crushing Dissent

Zelensky Seeks To Ban Russian Orthodox Church In Ukraine

VIDEO: Kevin McCarthy Confronted Heading Into State Dinner Attended By Hunter Biden

This is horrifying - yeT DemocraTs will say ... “AnyThing BuT Trump!” --- Our counTry has gone drown The (uke)drain.

Sen. Cruz Outlines the Grim Outcome If Herschel Loses Georgia

Dutch Police Overturn Farmers’ Tractors with Farmers in Them –

Growing Number of GOP Leaders, Elected Officials Say It's Time for a Change in RNC Leadership

CNN Starts Layoffs And WaPo Ends Sunday Magazine Amid "Economic Headwinds"

'Lobbying Firm for Far Left Politicians': Elon Musk Rips NY Times for Silence on Twitter Censorship Story

Texas Girl, 7, Found Dead 2 Days After Being Abducted by FedEx Driver Delivering a Package to Her Home

Underdog: Stacked Up Against 11 Coyotes, Herd Dog Kills 8 to Save Sheep in Decatur Neighborhood

Winter in Central Europe and for the Dollar

Children’s Minister Arrested for 215 Counts of Child Porn Linked to Agape Boarding School

“You can’t … you’re not capable … you can only succeed if ….”

SBC President Bart Barber Says Predecessor Johnny Hunt is Unfit to Return to Ministry

Premature baby who weighed the same as a loaf of bread heads home

State Figures Provide Important Context for National Abortion Trends

MinistryWatch’s 2022 Shining Light Awards

The Woke Chokehold

Texas Abortions Drop From 2,500 to 68 in First Month After Roe Overturned

Why do Democrats refuse to treat abortion survivors? A dead baby was always the point. How you got there was just details.

Bethel Members Now Have Majority on Redding City Council

New Zealand admits it has direct access to Facebook takedown portal where it can flag content for censorship

This is how the ELCA celebrated Thanksgiving

Targeting Families: Former Sex Educator Exposes Horror Aimed at Children

Exclusionary Inclusionism

The Evil of the Political Left Is Rooted in Their Exploitation of Tragedies

BidenÂ’s hypocrisy on unions: Everyone else pays but him

Americans Can't Pay Energy Bills – Biden Gives $53M to Restore Ukraine's Energy

Large Number of Criminal Juveniles Entering US Through DACA

Zeldin RNC Bid Gains Momentum as Party Leaders Line Up Behind Him (Replace RINO Ronna Romney McDaniel)

Lawyer Who Sought to Defend Trump Dies Suddenly at 48

Florida Takes $2 Billion Away From BlackRock Due To Firm's Activist Investing Standards

DEROY MURDOCK: Electing Herschel Walker Is More Important Now Than Ever

Report, Ronna McDaniel Pulls Ground Resources from Arizona Motivated by RNC Power Challenge

Hired by the RNC, Harmeet Dhillon Teams Up with the Mitch McConnell Contracted Enforcer Who Destroyed the Tea Party

America-Last RINO Kevin McCarthy Attended State Dinner With Hunter Biden and Emmanuel Macron

What does the Bible say about cryonics or cryogenics?

(Warning this article is by a loon)By 2030, We Will be able to Prevent Most Disease And Arrive on Mars, the New Earth with No Seas

4. The Murder Rate and O.D. Rates Will Double In Most U.S. States

Zelensky Says EU's €18 Billion Aid Is What "True Solidarity" Looks Like

Oops! $20B Sent to Ukraine Is Unaccounted for

20 NATO States "Pretty Tapped Out" After Weapons Transfers To Ukraine

Two Oath Keepers, Including Founder Stewart Rhodes, Found Guilty Of Jan. 6 Seditious Conspiracy

US Tech Workers Kiss More Jobs Goodbye -The Eagle Act's Back

Democrat Adam Schiff Suggests Complying With Subpoenas is Optional, Now

Zero Republican Professors Found Across 33 Departments at Seven Universities: College Fix Analysis

Kristi Noem Bans TikTok Use On South Dakota State Devices

Arizona Official Certifies Election 'Under Duress', Says He's Under Threat of Arrest If He DoesnÂ’t Comply


Status: Not Logged In; Sign In

Computers-Hacking
See other Computers-Hacking Articles

Title: New smoking gun further ties NSA to omnipotent “Equation Group” hackers
Source: Ars Technica
URL Source: http://arstechnica.com/security/201 ... potent-equation-group-hackers/
Published: Mar 11, 2015
Author: Dan Goodin
Post Date: 2015-03-11 12:05:00 by Tooconservative
Keywords: malware, NSA
Views: 442

New smoking gun further ties NSA to omnipotent “Equation Group” hackers
What are the chances unrelated state-sponsored projects were both named "BACKSNARF"?

Researchers from Moscow-based Kaspersky Lab have uncovered more evidence tying the US National Security Agency to a nearly omnipotent group of hackers who operated undetected for at least 14 years.

The Kaspersky researchers once again stopped short of saying the hacking collective they dubbed Equation Group was the handiwork of the NSA, saying only that the operation had to have been sponsored by a nation-state with nearly unlimited resources to dedicate to the project. Still, they heaped new findings on top of a mountain of existing evidence that already strongly implicated the spy agency. The strongest new tie to the NSA was the string "BACKSNARF_AB25" discovered only a few days ago embedded in a newly found sample of the Equation Group espionage platform dubbed "EquationDrug." "BACKSNARF," according to page 19 of this undated NSA presentation, was the name of a project tied to the NSA's Tailored Access Operations.

"BACKSNARF" joins a host of other programming "artifacts" that tied Equation Group malware to the NSA. They include "Grok," "STRAITACID," and "STRAITSHOOTER." Just as jewel thieves take pains to prevent their fingerprints from being found at their crime scenes, malware developers endeavor to scrub usernames, computer IDs, and other text clues from the code they produce. While the presence of the "BACKSNARF" artifact isn't conclusive proof it was part of the NSA project by that name, the chances that there were two unrelated projects with nation-state funding seems infinitesimally small.

The code word is included in a report Kaspersky published Wednesday detailing new technical details uncovered about Equation Group. Among other new data included in the report, the timestamps stored inside the Equation Group malware showed that members overwhelmingly worked Monday through Friday and almost never on Saturdays or Sundays. The hours in the timestamps appeared to show members working regular work days, an indication they were part of an organized software development team. Assuming they worked a regular 8 to 5 workday, the timestamps show the employees were likely in the UTC-3 or UTC-4 time zone, a finding that would be consistent with people working in the Eastern part of the US. The Kaspersky report discounted the possibility the timestamps were intentionally manipulated, since the years listed in various executable files appeared to match the availability of computer platforms the files ran on.

Previously found evidence suggesting a possible connection to the NSA included the Equation Group's aptitude for conducting interdictions that in 2009 placed highly advanced malware on a CD-ROM sent to a prestigious researcher who attended a scientific conference. That interdiction was similar to an NSA-sponsored one detailed in documents leaked by former NSA subcontractor Edward Snowden that installed covert implant firmware on a Cisco Systems router as it was being shipped to its unwitting customer. Still other ties included zero-day vulnerabilities shared between Equation Group malware and the NSA-led Stuxnet worm that sabotaged Iranian uranium enrichment efforts in 2009 or so. The countries that were and were not targeted are also consistent with Equation Group being a US-sponsored project.

Most of the new details included in Tuesday's report will be of interest only to hard-core researchers. Still, they only bolster previous findings that Equation Group was hands down the world's most advanced hacking operation ever to come to light. Whereas before the sprawling Equation Drug platform was known to support 35 different modules, Kaspersky has recently unearthed evidence there are 115 separate plugins. The architecture resembles a mini operating system with kernel- and user-mode components alike. Readers can expect more revelations to come as researchers continue to analyze new samples and further examine the malware that has already come to light.


Poster Comment:

Well, well, well. Those nice Russian fellows at Kaspersky are helping us learn more about NSA's hidden partnerships. We should write Vlad a thank-you note. (1 image)

Post Comment   Private Reply   Ignore Thread  


[Home]  [Headlines]  [Latest Articles]  [Latest Comments]  [Post]  [Mail]  [Sign-in]  [Setup]  [Help]  [Register] 

Please report web page problems, questions and comments to webmaster@libertysflame.com