ars technica: Dan Goodin
The leak over the weekend of advanced hacking tools contains digital signatures that are almost identical to those in software used by the state-sponsored Equation Group, according to a just-published report from security firm Kaspersky Lab.
“While we cannot surmise the attacker’s identity or motivation nor where or how this pilfered trove came to be, we can state that several hundred tools from the leak share a strong connection with our previous findings from the Equation group,” Kaspersky researchers wrote in a blog post published Tuesday afternoon.
The finding is significant because it lends credibility to claims made by a mysterious group calling itself ShadowBrokers. When members of the previously unknown group claimed in a blog post that they hacked Equation Group and obtained never-before-seen exploits and implants it used, outsiders were understandably skeptical. The publication of state-sponsored hacking tools is an extremely rare if not unprecedented event that is sure to catch the attention of leaders all over the world.
The connection linking more than 300 computer files in the ShadowBrokers archive to Equation Group is found in a common implementation of the RC5 and RC6 encryption algorithms. Among other things, the leaked ShadowBroker files use the negative constant -0x61C88647 instead of the more standard 0x61C88647 to speed up subtraction operations. Kaspersky researchers scoured 20 different compiled versions of RC5/6 code in Equation Group malware and found functionally identical code, leaving little doubt that there was a clear connection between the two.
In Tuesday’s blog post, Kaspersky researchers wrote:
Comparing the older, known Equation RC6 code and the code used in most of the binaries from the new leak we observe that they are functionally identical and share rare specific traits in their implementation.
In case you’re wondering, this specific RC6 implementation has only been seen before with Equation group malware. There are more than 300 files in the ShadowBrokers’ archive which implement this specific variation of RC6 in 24 different forms. The chances of all these being faked or engineered is highly unlikely.
This code similarity makes us believe with a high degree of confidence that the tools from the ShadowBrokers leak are related to the malware from the Equation group. While the ShadowBrokers claimed the data was related to the Equation group, they did not provide any technical evidence of these claims. The highly specific crypto implementation above confirms these allegations.