cryptogon.com

news – analysis – conspiracies

• Home
• About
• Archives
• Contact
• Support Cryptogon
• Story Suggestions

New Smoking Gun Further Ties NSA to Omnipotent “Equation Group” Hackers

March 11th, 2015

Via: Ars Technica:

Researchers from Moscow-based Kaspersky Lab have uncovered more evidence tying the US National Security Agency to a nearly omnipotent group of hackers who operated undetected for at least 14 years.

The Kaspersky researchers once again stopped short of saying the hacking collective they dubbed Equation Group was the handiwork of the NSA, saying only that the operation had to have been sponsored by a nation-state with nearly unlimited resources to dedicate to the project. Still, they heaped new findings on top of a mountain of existing evidence that already strongly implicated the spy agency. The strongest new tie to the NSA was the string “BACKSNARF_AB25” discovered only a few days ago embedded in a newly found sample of the Equation Group espionage platform dubbed “EquationDrug.” “BACKSNARF,” according to page 19 of this undated NSA presentation, was the name of a project tied to the NSA’s Tailored Access Operations.

“BACKSNARF” joins a host of other programming “artifacts” that tied Equation Group malware to the NSA. They include “Grok,” “STRAITACID,” and “STRAITSHOOTER.” Just as jewel thieves take pains to prevent their fingerprints from being found at their crime scenes, malware developers endeavor to scrub usernames, computer IDs, and other text clues from the code they produce. While the presence of the “BACKSNARF” artifact isn’t conclusive proof it was part of the NSA project by that name, the chances that there were two unrelated projects with nation-state funding seems infinitesimally small.

2 Responses to “New Smoking Gun Further Ties NSA to Omnipotent “Equation Group” Hackers”

1. williamspd says:

   March 11, 2015 at 4:57 pm

   Of course, there is nothing preventing a group from developing malware and leaving clues in it that point to a different source. The reasoning behind why you’d do such a thing is more complex, but not so undesirable that you’d never do it.

   Commentators are being awfully complicit by just taking this stuff at face value, and not considering the other possibilities. The BACKSNARF string may be evidence of an NSA project; or the amazing coincidence of two unrelated projects with identical names purely by chance…. but in between those two options there is always deliberately misleading misinformation. If I was developing malware, I would totally leave somebody else’s fingerprints in it, apparently by accident…

2. Kevin says:

   March 11, 2015 at 6:05 pm

   Hmm…

   S.P.E.C.T.R.E.?

Sign in | Register

The New Zealand Copyright Act 1994 specifies certain circumstances where all or a substantial part of a copyright work may be used without the copyright owner's permission. A "fair dealing" with copyright material does not infringe copyright if it is for the following purposes: research or private study; criticism or review; or reporting current events. If you are a legal copyright holder, or a designated agent for such, and you believe a post on this website falls outside the boundaries of "fair dealing," and legitimately infringes on your or your client's copyright, please contact Kevin Flaherty. Cryptogon contains both original material and material from external sources. Original material: Copyright Kevin Flaherty. Material from external sources: Copyright the respective owners / authors.

Design by Andreas Viklund | Ported by Matteo Turchetto