Ars Technica reports that Kaspersky Labs have released further details tying the NSA to a group of expert hackers dubbed "Equation Group".
The Kaspersky researchers once again stopped short of saying the hacking collective they dubbed Equation Group was the handiwork of the NSA, saying only that the operation had to have been sponsored by a nation-state with nearly unlimited resources to dedicate to the project. Still, they heaped new findings on top of a mountain of existing evidence that already strongly implicated the spy agency. The strongest new tie to the NSA was the string "BACKSNARF_AB25" discovered only a few days ago embedded in a newly found sample of the Equation Group espionage platform dubbed "EquationDrug." "BACKSNARF," according to page 19 of this undated NSA presentation [PDF], was the name of a project tied to the NSA's Tailored Access Operations.
Similarities have been noted in the procedures and capabilities of Equation Group and those detailed in Edward Snowden's disclosures concerning the NSA, most notably the the ability to interdict hardware and software during shipping to be replaced with duplicates infected with highly sophisticated malware. The article also points to timestamp analysis that indicates the authors of the captured malware worked regular office hours: 8-5, Monday-Friday in the UTC-3 and UTC-4 time-zones. The Kaspersky report discounted intentional manipulation of these timestamps and suggests that Equation Group are located in the eastern United States.
Related Stories
Recently, we have reported several claims (here, here, and here) made by the Russian security software manufacturer Kaspersky Lab that they have discovered 'evidence' of NSA involvement in malware. Now, Bloomberg claims that the Moscow-based computer security company has effectively been taken over by the FSB. Company founder Eugene Kaspersky was educated at a KBG-run school, which was never a secret, but the new report describes a much more current and intimate connection.
Kaspersky Lab is denying the allegations, as one might expect, and counter with the statement:
It's not as though the US has clean hands in all of this. The CIA has funded the development of security software firms like FireEye, Veracode, and Hytrust though its In-Q-Tel investment fund, and American firms have been noticeably silent when it comes to investigating suspected US state-sponsored malware.
We are unlikely to hear the truth from either side, nor should we realistically expect a confession from the NSA or the FSB. Nevertheless, it is possible that the security industries on both sides are 'guilty' of looking after their respective government's interests and what we are seeing is just another day in the world of intelligence collection and cyber-security, the world of claim and counter-claim.
[Editor's Comment: Typo fixed at 15:39 UTC]
(Score: 1, Interesting) by Anonymous Coward on Thursday March 12 2015, @11:42PM
How can one know that this "evidence" wasn't specifically planted to mislead people into coming to those conclusions? How can one be sure that these aren't red herrings?
(Score: 3, Insightful) by buswolley on Friday March 13 2015, @12:27AM
To what end? By the Russians? Maybe.. A long-term plan to lead to distrust of the Americans? Maybe. For an upcoming hack-attack, so that blame can be applied to Americans? Maybe? By the NSA? Why?
I don't know. The NSA rather no one talked about them as a first principal...I think.
Down that road, and we've already lost...our sanity I mean. America was better when the rest of the world wasn't that important to us.
subicular junctures
(Score: 4, Interesting) by SlimmPickens on Friday March 13 2015, @12:46AM
So was the rest of the world.
(Score: 3, Interesting) by buswolley on Friday March 13 2015, @01:02AM
Considering it was WWW I and WWW II that really pulled America out onto the world scene, are you sure that your quip is justified? Those were horrors beyond America has ever committed abroad.
subicular junctures
(Score: 0) by Anonymous Coward on Friday March 13 2015, @01:04AM
I guess I was feeling W happy there
(Score: 2) by aristarchus on Friday March 13 2015, @01:23AM
WWW? Isn't it usually just Web2.0?
(Score: 5, Interesting) by SlimmPickens on Friday March 13 2015, @01:38AM
Considering it was WWW I and WWW II that really pulled America out onto the world scene, are you sure that your quip is justified? Those were horrors beyond America has ever committed abroad.
Before I say any more, I'm grateful for what USA has done for the world, for example every American chucks in $5 or so per year for Hubble, and that data is freely available to all. I don't think America is evil.
But USA has been having wars ever since, and surpassed any particular atrocity with sheer quantity. Plus has some doozies like bombing Japan when they were (arguably) about to surrender. Just think of how many times the US gone up against a regime they put in power. It's hard to even remember all the failings of US foreign policy.
My country, Australia, is no better.
(Score: 4, Interesting) by buswolley on Friday March 13 2015, @01:48AM
Re: Japan. Maybe they surrender. Maybe they require many many American deaths in an invasion. Note: They were asked to surrender, and they did not. After the first bomb they were asked to surrender again. Still no. Second note: The daily WWII bombing raids which dropped conventional bombs onto cities were similarly destructive....just not as flashy/nerdy.
I recently watching a brief history of the U.S. and it is really interesting how much the U.S. has changed since its founding. Disturbing really.
subicular junctures
(Score: 3, Interesting) by demonlapin on Friday March 13 2015, @02:28AM
(Score: 5, Informative) by Anonymous Coward on Friday March 13 2015, @03:03AM
> Re: Japan. Maybe they surrender. Maybe they require many many American deaths in an invasion.
You are pretty cavalier with that coulda-woulda-shoulda crap.
Here's some expert opinions:
Admiral Nimitz:
"The atomic bomb played no decisive part, from a purely military standpoint, in the defeat of Japan..."
Admiral William F. Halsey, Jr., Commander U.S. Third Fleet:
"The first atomic bomb was an unnecessary experiment ... It was a mistake to ever drop it ... It killed a lot of Japs, but the Japs had put out a lot of peace feelers through Russia long before."
Rear Admiral L. Lewis Strauss, special assistant to the Secretary of the Navy from 1944 to 1945 (and later chairman of the Atomic Energy Commission):
"[the atomic bomb] was not necessary to bring the war to a successful conclusion..."
Ernest J King commander in chief of the U.S. Fleet and chief of Naval Operations:
"...had we been willing to wait, the effective naval blockade would, in the course of time, have starved the Japanese into submission..."
Admiral Leahy, President's chief of staff, Also the top official presiding over the Joint Chiefs of Staff and the Combined U.S.-U.K. Chiefs of Staff:
"The use of this barbarous weapon at Hiroshima and Nagasaki was of no material assistance in our war against Japan. The Japanese were already defeated and ready to surrender. . . ."
And that's just people from the Navy. There were lots of top officers in the Army and Air Force who also thought it was completely unnecessary and a terrible decision to nuke Japan. For example according to diaries and letters, General MacArthur privately told many people that he was appalled by the bombing of Hiroshima. Even Eisenhower publicly said "it wasn't necessary to hit them with that awful thing."
(Score: 1, Informative) by Anonymous Coward on Friday March 13 2015, @03:56AM
Hindsight, I'd suggest. But since you brought up some evidence, let me cite Wikipedia:
Wikipedia: The United States strategic bombing of Japan took place between 1942 and 1945. In the last seven months of the campaign, a change to firebombing resulted in great destruction of 67 Japanese cities, as many as 500,000 Japanese deaths and some 5 million more made homeless.
"The firebombing of Tokyo on the night of March 9-10, 1945 touched off the wave of firebombing that destroyed 64 Japanese cities and culminated in the atomic bombing of Hiroshima and Nagasaki. While Hiroshima and Nagasaki have been deeply engraved on the consciousness of humanity and commemorated in monuments, museums, films, novels and textbooks, the firebombing and napalming of civilians of many other Japanese and Asian cities has largely disappeared from consciousness, except for the victims. ------The bombing of March 9-10 took the lives of 100,000 Tokyoites and leveled sixteen square miles of the city in the most devastating raid in human history to that time ."
Wikipedia: In August 1945, during the final stage of the Second World War, the United States dropped atomic bombs on the Japanese cities of Hiroshima and Nagasaki. The two bombings, which killed at least 129,000 people, remain the only use of nuclear weapons for warfare in history.
Conventional: 500,000
Nuclear: 129,000
Perhaps America only needed a month more of conventional bombing before Japan stood down. I'm not entirely sure that would have meant less death.
(Score: 2, Informative) by Anonymous Coward on Friday March 13 2015, @04:12AM
> Perhaps America only needed a month more of conventional bombing before Japan stood down.
"..had we been willing to wait, the effective naval blockade would, in the course of time, have starved the Japanese into submission..."
Wait, not fire bomb, just wait.
> Hindsight, I'd suggest.
No. not hindsight, current knowledge at the time.
Brigadier Gen. Carter W. Clarke, the officer in charge of preparing MAGIC intercepted cable summaries in 1945:
"we knew we didn't need to do it, and they knew that we knew we didn't need to do it, we used them as an experiment for two atomic bombs. "
Assistant Secretary of War John J. McCloy regarding Army Chief of Staff General George C. Marshall's opinion at the time:
"General Marshall was right when he said you must not ask me to declare that a surprise nuclear attack on Japan is a military necessity. It is not a military problem."
(Score: 2) by TLA on Friday March 13 2015, @04:52PM
bear in mind the conventional firebombing involved thousands of aircraft dropping thousands of bombs. Hiroshima and Nagasaki involved maybe a dozen aircraft and precisely two payloads.
Excuse me, I think I need to reboot my horse. - NCommander
(Score: 1, Informative) by Anonymous Coward on Friday March 13 2015, @12:00PM
hey were asked to surrender, and they did not. After the first bomb they were asked to surrender again. Still no.
When they did surrender it was the allies who agreed to the terms the Japanese had been offering since before the first bombing, specifically - the retention of the institution of the emperor. MacArthur himself believed maintaining the imperial institution was necessary to maintain order because it was central to the function of the japanese society.
(Score: 2) by art guerrilla on Friday March 13 2015, @02:48PM
japan WAS trying to surrender, it is just that WE were (PURPOSEFULLY) being intransigent in making it an unconditional surrender, where they could not keep their emperor, etc...
there was NO MILITARY REASON to bomb them, other than to 'test it out', and scare the russkies, etc...
there was ESPECIALLY no reason to bomb NON-MILITARY targets/cities as we did...
the oft-quoted 'oh, we'd lose a zillion soldiers taking japan...', was bullshit when it was promoted as a spurious reason to bomb them...(AFTER the fact)
(not to mention -again- a war krime: there is NO excuse for killing CIVILIANS to limit the casualties of soldiers...)
it WAS/IS a war krime, plain and simple...
(but war krimes are for the losers...)
(Score: 0) by Anonymous Coward on Friday March 13 2015, @03:34PM
I guess I am a little forgiving about decisions made in that World war against a nation siding with Germany and attacking us at Pearl Harbor. That was a hell of a war and lots of mean ugly sinful things were done. Bombing cities was the order of the day on all sides. Precision warfare was not feasible then like it is todays with guided missiles.
Perhaps the U.S. didn't need to drop The Bomb, or to do further fire-raids. I think what some are arguing for here is:
a)the A-bomb was not a worse atrocity than the fire-bombing of Tokyo, for example, or any other fire-bombing European cities by any side in WW II, and
b) don't fucking mess with the U.S. of fucking A.
(Score: 4, Interesting) by PartTimeZombie on Friday March 13 2015, @01:49AM
No, it was American expansionism a generation earlier than WWI that pulled America onto the world scene. The 1898 Spanish-American War.
America began an era of colonial conquest including the Philippine–American War. If you want to talk about horror, you should start there.
(Score: 1, Informative) by Anonymous Coward on Friday March 13 2015, @02:34AM
Fair. no.
You compare the Spanish-American war with WORLD WAR I and II? Seriously, the World in WORLD WAR was there for a reason, and that is all on Europe and Asia.
Not to mention the constant warring between Japan and china through the years, Britain and France in the 16,17,18th centuries.
The U.S. is not sinless, but.
Hell. For an unmatched world power, the U.S. has been hella restraint-restraint.
Middle east a problem? Givem the Japan treatment? No? Hella restraint-restraint.
(Score: 4, Interesting) by bob_super on Thursday March 12 2015, @11:44PM
At this point, compiling your own FPGA is about the only way you can be sure that there are no backdoors in your hardware.
I just need a license for the same Linux version for Zynq used by the military contractors...
(Score: 0) by Anonymous Coward on Thursday March 12 2015, @11:48PM
How can one know that the atoms of their FPGA have not been backdoored?
(Score: 0) by Anonymous Coward on Friday March 13 2015, @09:09AM
If they can backdoor atoms, then we live in the Matrix, and thus not even refraining from using any computer at all will help you in that case.
(Score: 2) by tibman on Friday March 13 2015, @12:41AM
Or buying an ancient processor and building a computer from discrete parts (or as many as possible!).
SN won't survive on lurkers alone. Write comments.
(Score: 2) by bob_super on Friday March 13 2015, @12:56AM
Sure, but I got past my ASCII porn phase, and I would also prefer to keep my GigE ports for backups...
(Score: 4, Insightful) by TLA on Friday March 13 2015, @12:14AM
question is, is it an exploited vulnerability or is it an intentional backdoor?
Only the hairdresser knows for sure.
Excuse me, I think I need to reboot my horse. - NCommander
(Score: 0) by Anonymous Coward on Friday March 13 2015, @12:15AM
How can one know if the hairdresser actually knows for sure?
(Score: 2) by TLA on Friday March 13 2015, @12:18AM
you don't trust your hairdresser with national secrets yet you'll trust him to be that close to your ear with a pair of sharp scissors?
Excuse me, I think I need to reboot my horse. - NCommander
(Score: 2) by bob_super on Friday March 13 2015, @12:18AM
How can the hairdresser know that he knows for sure?
(Score: 0) by Anonymous Coward on Friday March 13 2015, @12:21AM
How can one know that the hairdresser who thinks she's a woman know that she's actually a woman and not just a gender-bent man?
(Score: 2) by TLA on Friday March 13 2015, @12:22AM
ooh, now we're getting meta... too tomatoey for my palate. :)
Excuse me, I think I need to reboot my horse. - NCommander
(Score: 0) by Anonymous Coward on Friday March 13 2015, @09:11AM
How can you be sure that he is a hairdresser, after all?
(Score: 2, Insightful) by Anonymous Coward on Friday March 13 2015, @12:20AM
It seems if you put a backdoor into the systems...there is no escaping who put it there.
That is why the governments use vulnerabilities...there is no finding who put it there.
(Score: 0) by Anonymous Coward on Friday March 13 2015, @03:06AM
anybody check that PDF for backdoors?
-Kaiser Söze
(Score: 0) by Anonymous Coward on Friday March 13 2015, @07:08AM
Sorry for the dose of paranoia.
I personally am glad I have a backdoor instead of holding on TIGHT and being a total shitbag.
(Score: 1, Insightful) by Anonymous Coward on Friday March 13 2015, @03:12PM
That would only be true if these guys were working 7-4 for EDT and had not set their clocks for another timezone. It looks like many were -4 tagged so probably EDT.
It is an interesting side channel of information but hardly definitive (though it is defiantly saying hey look at me). The real article that Ars glosses over and unfortunately went for the sensationalist slant. http://securelist.com/blog/research/69203/inside-the-equationdrug-espionage-platform/ [securelist.com] even talks to that setting the time is easy. The real article is actually much more technically interesting than Ars. Which in and of itself is sad statement about Ars...
It is sort of interesting the very tools people use can give them away. For example I am currently messing around with the id3v2.3 tags in my mp3 collection. There are all sorts of tags our players/rippers add into these files. The PRIV/TXXX/MCDI frames contain quite a bit of interesting info about locating the original person. Your player does not show you this info it just silently adds it in. Even if you strip out the tags there is stuff embedded right into the mp3 stream that can sort of identify your machine and the ripper. Then if you add something as simple as jpeg for the album cover it can show more info. Even the order the tags are in can give away info.
(Score: 1) by AntiAntagonist on Friday March 13 2015, @08:02PM