Home Tags RC5

Tag: RC5

After NSA hacking exposé, CIA staffers asked where Equation Group went...

CIA hackers wasted no time analyzing the blunders made by their NSA counterparts.

#Shadowbrokers hack could be Russia’s DNC counter-threat to NSA

Claimed NSA hacker outfit Equation group confirmed to be breach victim. One of the most interesting hacks in recent memory is almost certain to be a compromise of infrastructure operated by an ultra-elite hacking group thought to be the United States' National Security Agency. The breach involves the public release of more than 300 files that showcase a host of exploits against companies including Cisco and Fortinet, plus tools known to be part of the National Security Agency's arsenal. Initial analysis by the likes of Kaspersky Labs, NSA whistleblower Edward Snowden, and a host of independent security researchers shore up claims by a hacking group calling itself Shadow Brokers that the exploits and toolsets it hopes to auction for millions of dollars in Bitcoins are legitimate Equation group weaponry. Kaspersky Labs last year revealed the Equation group to be almost certainly a state-sponsored actor and, according to deep analysis of its activities, highly likely to be a wing of the National Security Agency given a series of very striking operational and technical similarities. It is a group that until February last year had conducted global hacking campaigns of the highest sophistication in complete stealth including interdiction attacks and persistent hard disk firmware re-writing using a suite of unique malware families. Its attacks had gone unnoticed for more than 14 years. Now the same Kaspersky Labs analysts who revealed Equation group confirm it has been compromised in the Shadow Brokers breach. "This code similarity makes us believe with a high degree of confidence that the tools from the ShadowBrokers leak are related to the malware from the Equation group," researchers from Kaspersky Labs' GReAT research team say. The team's confirmation is based on "highly specific crypto implementations" which link the files in the online dump to those found as part of the February Equation Group research. That encryption uses an unusual implementation of negative RC5 and RC6 algorithms.

Both Equation Group files and those in the online dump use a subtract operation with the constant 0x61C88647 which speeds certain hardware. "The dumped files contains some 20 different compiled versions of the RC5 / RC6 code in the Equation group malware," Kaspersky researchers say. Separate security research efforts have confirmed some of the exploits contained in the sample dump. Take that The breach, if Kaspersky's analysis is correct, does not mean the NSA has been hacked or compromised in a traditional sense. Rather it appears likely the hack is a 2013 compromise of a command and control server which harboured the dumped tools and exploits, a feat which intelligence boffins say is not uncommon. Analysis of time stamps shore up the argument.

The last known file access date of around June to October 2013 coincides with the time Snowden fled the US to reveal the extent of the NSA's global spying apparatus. The former NSA analyst explains that the agency may have cycled servers used in offensive operations after he fled out of caution, an act that would have cut off any attacker with a foothold in command and control boxes. The compromise of NSA intelligence command and control servers is uncommon but not unheard of in intelligence circles, says Snowden and other security figures, but the publication of the files found within, known as take, is unprecedented. Veiled threat Snowden suggests the auction is a ruse, and attackers are using the dump as a warning shot to the NSA. Any compromise of civilian or military infrastructure that is subsequently linked to the breached command and control server will be tied to the NSA, the theory goes. This could be a veiled threat by Russia to the NSA should it retaliate for the Democratic National Committee attacks, Snowden suggests. Attribution is a difficult game, much troubled by false flag operations and the difficulties of linking a single compromise to a real world identity. But linking the Equation group attack to Russia is not fanciful, because the attack requires a large amount of resources and expertise. You'd also need to be highly-motivated to pull it off. The auction, as most attempts to sell breached data go, has fallen flat.

About $70 was raised of the ceiling-less goal put in the tens of millions of dollars. That failure would mean little to an attacker motivated by something other than cash. ® Sponsored: 2016 Cyberthreat defense report

Confirmed: hacking tool leak came from “omnipotent” NSA-tied group

reader comments 31 Share this story The leak over the weekend of advanced hacking tools contains digital signatures that are almost identical to those in software used by the state-sponsored Equation Group, according to a just-published report from security firm Kaspersky Lab. "While we cannot surmise the attacker's identity or motivation nor where or how this pilfered trove came to be, we can state that several hundred tools from the leak share a strong connection with our previous findings from the Equation group," Kaspersky researchers wrote in a blog post published Tuesday afternoon. The finding is significant because it lends credibility to claims made by a mysterious group calling itself ShadowBrokers. When members of the previously unknown group claimed in a blog post that they hacked Equation Group and obtained never-before-seen exploits and implants it used, outsiders were understandably skeptical.

The publication of state-sponsored hacking tools is an extremely rare if not unprecedented event that is sure to catch the attention of leaders all over the world.The connection linking more than 300 computer files in the ShadowBrokers archive to Equation Group is found in a common implementation of the RC5 and RC6 encryption algorithms.

Among other things, the leaked ShadowBroker files use the negative constant -0x61C88647 instead of the more standard 0x61C88647 to speed up subtraction operations. Kaspersky researchers scoured 20 different compiled versions of RC5/6 code in Equation Group malware and found functionally identical code, leaving little doubt that there was a clear connection between the two. In Tuesday's blog post, Kaspersky researchers wrote: Comparing the older, known Equation RC6 code and the code used in most of the binaries from the new leak we observe that they are functionally identical and share rare specific traits in their implementation. Enlarge In case you’re wondering, this specific RC6 implementation has only been seen before with Equation group malware.

There are more than 300 files in the ShadowBrokers’ archive which implement this specific variation of RC6 in 24 different forms.

The chances of all these being faked or engineered is highly unlikely. This code similarity makes us believe with a high degree of confidence that the tools from the ShadowBrokers leak are related to the malware from the Equation group. While the ShadowBrokers claimed the data was related to the Equation group, they did not provide any technical evidence of these claims.

The highly specific crypto implementation above confirms these allegations. As Ars reported last year, Equation Group ran one of the most advanced hacking operations ever discovered, as evidenced by its almost superhuman technical feats, painstaking work, and nearly unlimited resources.

The use of zero-day exploits later used in both the Stuxnet worm that disrupted Iran's nuclear program and the Flame malware platform targeting the Middle East demonstrated that Equation Group had clear connections to the National Security Agency or a related US hacking arm. Kaspersky's analysis now suggests Equation Group has suffered a significant breach by a group, possibly linked to Russia, that is determined to publicly discredit the hacking operation.
Stick around—much more will play out before this story is over.

'Strong Connection' Between Files Leaked By ShadowBrokers & The Equation Group

Researchers from Kaspersky Lab, which exposed the so-called Equation Group two years ago, say several hundred of the hacking tools leaked online have ties to the nation-state gang. The team of researchers at Kaspersky Lab who initially exposed the so-called Equation Group in 2015 today confirmed that several hundred of the purported tools leaked online have ties to that sophisticated hacker group. The researchers found that a rare deployment of RC5/RC6 encryption in the files dumped online this week by the so-called "ShadowBrokers" matches that of the Equation Group. Kaspersky Lab has never confirmed Equation Group is the NSA -- it does not confirm attribution of groups -- but security experts say the two are one in the same. ShadowBrokers claimed to have in its possession stolen Equation Group tools and files, which it has offered for sale online.
Security experts for the past couple of days have been debating the authenticity of the leak, as well as just who may be behind it -- not to mention just how and when the National Security Agency (NSA) could have been breached. "This code similarity makes us believe with a high degree of confidence that the tools from the ShadowBrokers leak are related to the malware from the Equation Group. While the ShadowBrokers claimed the data was related to the Equation Group, they did not provide any technical evidence of these claims.

The highly specific crypto implementation above confirms these allegations," the Kaspersky Lab researchers wrote in a blog post today. More than 300 of the files dumped by ShadowBrokers use the RC6 crypto implementation associated with the Equation Group. "There are more than 300 files in the Shadowbrokers’ archive which implement this specific variation of RC6 in 24 different forms.

The chances of all these being faked or engineered is highly unlikely," the researchers said.  Former NSA analyst Blake Darche, who has been studying the leak, says the tools appear to be legitimate.

Darche, CTO and co-founder of Area 1, says the backdoors and exploits in the dump include a tool called SecondDate that runs on Cisco PIX631 firewalls. Kelly Jackson Higgins is Executive Editor at DarkReading.com.
She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ...
View Full Bio More Insights

The Equation Giveaway

Rare implementation of RC5/RC6 in ‘ShadowBrokers’ dump connects them to Equation malware August 13, 2016 saw the beginning of a truly bizarre episode.

A new identity going under the name ‘ShadowBrokers’ came onto the scene claiming to possess files belonging to the apex predator of the APT world, the Equation Group [PDF].
In their initial leak, the ShadowBrokers claimed the archive was related to the Equation group, however, they didn’t provide any technical details on the connections. Along with some non-native rants against ‘Wealthy Elites’, the ShadowBrokers provided links to two PGP-encrypted archives.

The first was provided for free as a presumptive show of good faith, the second remains encrypted at the time of writing.

The passphrase is being ‘auctioned’, but having set the price at 1 million BTC (or 1/15th of the total amount of bitcoin in circulation), we consider this to be optimistic at best, if not ridiculous at face value. The first archive contains close to 300MBs of firewall exploits, tools, and scripts under cryptonyms like BANANAUSURPER, BLATSTING, and BUZZDIRECTION. Most files are at least three years old, with change entries pointing to August 2013 the newest timestamp dating to October 2013. As researchers continue to feast on the release, some have already begun to test the functional capabilities of the exploits with good results. Having originally uncovered the Equation group in February 2015, we’ve taken a look at the newly released files to check for any connections with the known toolsets used by Equation, such as EQUATIONDRUG, DOUBLEFANTASY, GRAYFISH and FANNY. While we cannot surmise the attacker’s identity or motivation nor where or how this pilfered trove came to be, we can state that several hundred tools from the leak share a strong connection with our previous findings from the Equation group. The Devil’s in the Crypto The Equation group uses the RC5 and RC6 encryption algorithms quite extensively throughout their creations. RC5 and RC6 are two encryption algorithms designed by Ronald Rivest in 1994 and 1998.

They are very similar to each other, with RC6 introducing an additional multiplication in the cypher to make it more resistant.

Both cyphers use the same key setup mechanism and the same magical constants named P and Q. The particular RC5/6 implementation from Equation group’s malware is interesting and deserves special attention because of its specifics.
Inside the Equation group malware, the encryption library uses a subtract operation with the constant 0x61C88647.
In most publicly available RC5/6 code, this constant is usually stored as 0x9E3779B9, which is basically -0x61C88647.
Since an addition is faster on certain hardware than a subtraction, it makes sense to store the constant in its negative form and adding it instead of subtracting.
In total, we’ve identified 20 different compiled versions of the RC5/6 code in the Equation group malware. Encryption-related code in a DoubleFantasy (actxprxy32.dll) sample In the screenshot above, one can observe the main loop of a RC6 key setup subroutine extracted from one of the Equation group samples.

The ShadowBrokers’ free trove includes 347 different instances of RC5/RC6 implementations.

As shown in the screenshot below, the implementation is functionally identical including the subtraction of the inverted constant 0x61C88647. Specific RC6 implementation from “BUSURPER-2211-611.exe” (md5: 8f137a9100a9fcc8b512b3729878a373 Comparing the older, known Equation RC6 code and the code used in most of the binaries from the new leak we observe that they are functionally identical and share rare specific traits in their implementation. In case you’re wondering, this specific RC6 implementation has only been seen before with Equation group malware.

There are more than 300 files in the Shadowbrokers’ archive which implement this specific variation of RC6 in 24 different forms.

The chances of all these being faked or engineered is highly unlikely. This code similarity makes us believe with a high degree of confidence that the tools from the ShadowBrokers leak are related to the malware from the Equation group. While the ShadowBrokers claimed the data was related to the Equation group, they did not provide any technical evidence of these claims.

The highly specific crypto implementation above confirms these allegations. More details about the ShadowBrokers leak and similarities with Equation group are available to Kaspersky Intelligence Services reports’ subscribers.

For more information, email <intelreports@kaspersky.com>

RC5

RC5 is a family of cryptographic algorithms invented by Ronald Rivest in 1994. It is a block cipher of variable block length and encrypts...