Donate for the Cryptome archive of files from June 1996 to the present

6 January 2012

RSA Reverse Malware Analysis Points to RU

Date: Thu, 05 Jan 2012 16:35:31 -0800
From: "J. Oquendo" <joquendo[at]>
Subject: RSA - Hackers and Predator Drones

A few months ago, I did a down and dirty reverse analysis of the RSA compromise and posted a video of it. In my video, after dissecting, scouring through many lists (some private) that deal with malicious networks (think lists like Shadowserve,, etc), I concluded that the RSA attack was somehow connected more to the "Russian Business Network" than to China. Many scoffed at it. Lo and behold, the predator drone incident... (My original RSA reverse malware analysis)

Quoting from Cryptome's iran-rsa-cipher.htm:

"There was a report today that the Russians helped Iran intercept the drone:

The Russian claim could be a cover-up of an RSA decrypt"

More quoting from Cryptome:

"Have you heard anything additional about Iran's spoofing of GPS to misdirect the stealth drone to land it where they wanted?

Military-band GPS (M-code) is protected against spoofing by the RSA cipher.

In admitting that they spoofed military GPS are they admitting to the world that they've cracked RSA?

ComodoHacker claimed he had also broken into EMC's RSA servers, and he claimed to be in pursuit of a cryptanalytic attack against RSA.

Just wondering if you'd heard anybody else mention RSA in regards to Iran's GPS spoofing.

If they really did spoof GPS to misdirect the drone they would have had to have broken red-key mode M-code GPS, which is the military GPS signal used in classified hardware (black-key mode is used in unclassified hardware).

They could have done this in two ways: 1) by fast-factoring large semiprimes that are the basis of RSA, or 2) by stealing the secret red key."



J. Oquendo

"It takes 20 years to build a reputation and five minutes to
ruin it. If you think about that, you'll do things
differently." - Warren Buffett

42B0 5A53 6505 6638 44BB 3943 2BF7 D83F 210A 95AF