Kaspersky Takes Us Into the Belly of the Equation Beast

If you’ll remember back a few weeks ago, we dropped a report on what could potentially be one of the most devious tools in the whole belt of what the NSA has to offer.

After spending over a year tracking the movements of a group that the researchers at Kaspersky Lab only refer to as “The Equation Group”, the anti-virus vendor came clean with their investigation into an organization which had been trolling the net for a very specific set of targets (almost always high-profile members of prolific terrorist circles), who were responsible for coordinating some of the largest attacks we’ve seen over the past ten years.

The Equation Group was tasked with keeping a close eye on their movements and communications, using highly advanced styles of malware that far exceeded anything else the security community has seen to date.

Stuxnet and Flame, both of which took the infosec world by storm in 2010, couldn’t even hold a candle to the programs and executables that Kaspersky found wrapped up in this web, developed by some of the top engineers with what seemed like a limitless amount of resources to aid in its stealthy mission over the past 14 years, and counting.

We say ‘and counting’ as apparently earlier this week Kaspersky discovered another piece of the code which could supposedly strengthen the link between the actions of The Equation Group and the Snowden leaks.

A small string of ASCII (American Standard Code for Information Interchange) characters, “BACKSNARF_AB25”, bears an eerie resemblance to a separate program found in 19 pages of undated presentations linked to the SPINALTAP operation used to track priority targets as they moved from one country to the next.

Image Credit: Kaspersky

Photo: Kaspersky Lab

Although that may not seem like enough to pin the actions of the Equation Group square on the NSA’s shoulders, BACKSNARF is only one of several different code names that were found buried both in the official leaks and the root structure of programs utilized by the Equation Group.

The best we can surmise from Kaspersky’s reticence to name the NSA as the true culprit behind the Equation Group likely ties back to the possible legal implications of making the connection.

Without enough hard proof to definitively link the rogue agency to this particular set of hacks, the US government could sue the anti-virus outfit, or worse.

So instead, they’re simply going to release their findings cold, with a very large wink and a nudge attached which suggests that someone with state-sponsored capabilities and intricate knowledge of current encryption standards are backing the mysterious hacking organization named in their findings.

No matter what you believe, it’s clear that operations like EquationDrug are some of the most advanced, intricate, and focused malware campaigns we’ve seen to date. They feature incredibly complex code that could have only been written by the ultra-elite of the security world, and have showcased possibilities in the realm of Internet security that specialists could only dream of.

We’re sure this won’t be the last we hear of the Equation Group, so stay tuned to VPN Creative for all the latest updates as they develop.