[Cryptography] Equation Group Multiple Malware Program, NSA Implicated

Jerry Leichter leichter at lrw.com
Mon Feb 16 19:58:29 EST 2015 

On Feb 16, 2015, at 3:39 PM, John Young <jya at pipeline.com> wrote:
Kaspersky Q and A for Equation Group multiple malware program, in use early
> as 1996. NSA implicated.
> 
> https://securelist.com/files/2015/02/Equation_group_questions_and_answers.pdf 
> 
> Dan Goodin: How “omnipotent” hackers tied to NSA hid for 14 years­and were found at last 
> 
> http://ars.to/1EdOXWo
Two articles that are well worth reading.

Back in the 1980's, I knew a bunch of the security guys at DEC.  While this was a much less threatening time, even the DEC internal network of that period saw attacks here and there.  What the security guys said was that they had all kinds of attacks that they would find, analyze, and lock out. But there was this residual collection of "ghosts":  They'd see hints that something kind of attack had taken place, but they couldn't find any detailed trace of how, where, or by whom.  The guys doing it could get in and out and at most leave a bit of an odd, unexplainable event behind.  They assumed it was government attackers, but could never prove anything.

It should be no surprise that this kind of thing has been going on for years.  The first papers on attacks on and defenses of computer systems from a military point of view go back to the 1970's.  (The Air Force took the early lead - or perhaps they just let more out.)  For a while, some of this work was in the open; the famous Rainbow Series of reports was one result.  But then it all went dark - a fact that's now obvious in retrospect, though I don't recall anyone commenting on it at the time.  (One wonders if this was the result of the NSA taking over fully.)

With unlimited funding and years of practice, these guys are way ahead of the rest of us.

Here's an interesting comparison.  Most academic cryptographers believe that the NSA has lost its lead:  While for years they were the only ones doing cryptography, and were decades ahead of anyone on the outside, but now we have so many good people on the outside that we've caught up to, and perhaps even surpassed, the NSA.  I've always found this reasoning a bit too pat.  But getting actual evidence has been impossible.

So now we have some evidence from a closely related domain.  It's not as if the world isn't full of people attacking software and hardware, for academic fame, for money, just for the hell of it.  And yet here we have evidence that the secret community is *way* out ahead.  Sure, there are papers speculating about how to take over disk drive firmware.  But these guys *actually do it*, at scale.

Should we be so confident that our claims about cryptography are on any firmer ground?
                                                        -- Jerry


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150216/780d6bca/attachment.html>

More information about the cryptography mailing list