Researchers from Moscow-based Kaspersky Lab have uncovered more evidence tying the US National Security Agency to a nearly omnipotent group of hackers who operated undetected for at least 14 years.
"Equation Group" ran the most advanced hacking operation ever uncovered.
"BACKSNARF" joins a host of other programming "artifacts" that tied Equation Group malware to the NSA. They include "Grok," "STRAITACID," and "STRAITSHOOTER." Just as jewel thieves take pains to prevent their fingerprints from being found at their crime scenes, malware developers endeavor to scrub usernames, computer IDs, and other text clues from the code they produce. While the presence of the "BACKSNARF" artifact isn't conclusive proof it was part of the NSA project by that name, the chances that there were two unrelated projects with nation-state funding seems infinitesimally small.
The code word is included in a report Kaspersky published Wednesday detailing new technical details uncovered about Equation Group. Among other new data included in the report, the timestamps stored inside the Equation Group malware showed that members overwhelmingly worked Monday through Friday and almost never on Saturdays or Sundays. The hours in the timestamps appeared to show members working regular work days, an indication they were part of an organized software development team. Assuming they worked a regular 8 to 5 workday, the timestamps show the employees were likely in the UTC-3 or UTC-4 time zone, a finding that would be consistent with people working in the Eastern part of the US. The Kaspersky report discounted the possibility the timestamps were intentionally manipulated, since the years listed in various executable files appeared to match the availability of computer platforms the files ran on.
No comments:
Post a Comment