[cryptography] Equation Group Multiple Malware Program, NSA Implicated
iang at iang.org
Mon Feb 16 16:26:40 EST 2015
On 16/02/2015 20:39 pm, John Young wrote:
> Kaspersky Q and A for Equation Group multiple malware program, in use early
> as 1996. NSA implicated.
Once we take the brave step of downloading the pdf, it adds yet another
indication  that the NSA is engaged in undeclared war against all and
any cryptographic suppliers:
Victims generally fall into the following categories:
* (usual industrual suspects...)
* Companies developing cryptographic technologies.
16. What kind of encryption algorithms are used by the EQUATION group?
The Equation group uses the RC5 and RC6 encryption algorithms quite
extensively throughout their creations. They also use simple XOR,
substitution tables, RC4 and AES.
RC5 and RC6 are two encryption algorithms designed by Ronald Rivest in
1994 and 1998. They are very similar to each other, with RC6 introducing
an additional multiplication in the cypher to make it more resistant.
Both cyphers use the same key setup mechanism and the same magical
constants named P and Q.
The RC5/6 implementation from Equation group’s malware is particularly
interesting and deserves special attention because of its specifics.
(followed by discussion of an optimisation found that also allowed some
degree of tracking to other APT groups.)
More information about the cryptography