[cryptography] [Cryptography] Equation Group Multiple Malware Program, NSA Implicated

ianG iang at iang.org
Tue Feb 17 06:35:36 EST 2015

On 17/02/2015 00:58 am, Jerry Leichter wrote:
> On Feb 16, 2015, at 3:39 PM, John Young <jya at pipeline.com
> <mailto:jya at pipeline.com>> wrote:
> Kaspersky Q and A for Equation Group multiple malware program, in use early
>> as 1996. NSA implicated.
>> https://securelist.com/files/2015/02/Equation_group_questions_and_answers.pdf
>> <https://t.co/bByx6d25YF>
>> Dan Goodin: How “omnipotent” hackers tied to NSA hid for 14 years­and
>> were found at last
>> http://ars.to/1EdOXWo <http://t.co/0n1D05GOFN>
> Two articles that are well worth reading.
> Back in the 1980's, I knew a bunch of the security guys at DEC.  While
> this was a much less threatening time, even the DEC internal network of
> that period saw attacks here and there.  What the security guys said was
> that they had all kinds of attacks that they would find, analyze, and
> lock out. But there was this residual collection of "ghosts":  They'd
> see hints that something kind of attack had taken place, but they
> couldn't find any detailed trace of how, where, or by whom.  The guys
> doing it could get in and out and at most leave a bit of an odd,
> unexplainable event behind.  They assumed it was government attackers,
> but could never prove anything.
> It should be no surprise that this kind of thing has been going on for
> years.  The first papers on attacks on and defenses of computer systems
> from a military point of view go back to the 1970's.  (The Air Force
> took the early lead - or perhaps they just let more out.)  For a while,
> some of this work was in the open; the famous Rainbow Series of reports
> was one result.  But then it all went dark - a fact that's now obvious
> in retrospect, though I don't recall anyone commenting on it at the
> time.  (One wonders if this was the result of the NSA taking over fully.)
> With unlimited funding and years of practice, these guys are way ahead
> of the rest of us.

Back in late 2000s, there was a surge in interest in APTs and the 
industrial-military contractors went on a shopping spree looking for 
cyber-warriors.  At the time I discounted it as yet another hype thing, 
but it seems that it happened, and we're now in a cyber-arms race.

> Here's an interesting comparison.  Most academic cryptographers believe
> that the NSA has lost its lead:  While for years they were the only ones
> doing cryptography, and were decades ahead of anyone on the outside, but
> now we have so many good people on the outside that we've caught up to,
> and perhaps even surpassed, the NSA.  I've always found this reasoning a
> bit too pat.  But getting actual evidence has been impossible.

I'd rather say it this way:  we have circumstantial evidence that we are 
at about the same level for all practical purposes and intents.  As far 
as we are concerned.

There's a bit of a difference.  I'd say they are still way ahead in 
cryptanalysis, but not in ways that seriously damage AES, KECCAK, etc.

In contrast, I'd say we are somewhat ahead in protocol work.  That is, 
the push for eg CAESAR, QUIC, sponge construction, is coming from open 
community not from them.  In the 1990s we infamously blundered by 
copying their threat model;  now no longer, we have enough of our own 
knowledge and deep institutional experience to be able to say that's 
garbage, our customers are different.  And our needs are pushing the 
envelope out in ways they can't possibly keep up with.

Although, I could be wrong here - Equation team reports from Kaskersky 
didn't say much about the protocols they were using to exfiltrate, just 
that they had a fetish for Ron's ciphers.

> So now we have some evidence from a closely related domain.  It's not as
> if the world isn't full of people attacking software and hardware, for
> academic fame, for money, just for the hell of it.  And yet here we have
> evidence that the secret community is *way* out ahead.  Sure, there are
> papers speculating about how to take over disk drive firmware.  But
> these guys *actually do it*, at scale.
> Should we be so confident that our claims about cryptography are on any
> firmer ground?

In sum, I'd say they are ahead in the pure math, but you'd be hard 
pressed to find an area where it mattered.

E.g., as Peter & Adi and I are infamously on record for saying [0], the 
crypto isn't what is being attacked here.  It's the software engineering 
and the crappy security systems.


[0] http://financialcryptography.com/mt/archives/001460.html

More information about the cryptography mailing list