6 January 2012
RSA Reverse Malware Analysis Points to RU
Date: Thu, 05 Jan 2012 16:35:31 -0800
From: "J. Oquendo" <joquendo[at]e-fensive.net>
Subject: RSA - Hackers and Predator Drones
A few months ago, I did a down and dirty reverse analysis of the RSA compromise
and posted a video of it. In my video, after dissecting, scouring through
many lists (some private) that deal with malicious networks (think lists
like Shadowserve, BadIP.info, etc), I concluded that the RSA attack was somehow
connected more to the "Russian Business Network" than to China. Many scoffed
at it. Lo and behold, the predator drone incident...
(My original RSA reverse malware analysis)
Quoting from Cryptome's
"There was a report today that the Russians helped Iran intercept the drone:
The Russian claim could be a cover-up of an RSA decrypt"
More quoting from Cryptome:
"Have you heard anything additional about Iran's spoofing of GPS to misdirect
the stealth drone to land it where they wanted?
Military-band GPS (M-code) is protected against spoofing by the RSA cipher.
In admitting that they spoofed military GPS are they admitting to the world
that they've cracked RSA?
ComodoHacker claimed he had also broken into EMC's RSA servers, and he claimed
to be in pursuit of a cryptanalytic attack against RSA.
Just wondering if you'd heard anybody else mention RSA in regards to Iran's
If they really did spoof GPS to misdirect the drone they would have had to
have broken red-key mode M-code GPS, which is the military GPS signal used
in classified hardware (black-key mode is used in unclassified hardware).
They could have done this in two ways: 1) by fast-factoring large semiprimes
that are the basis of RSA, or 2) by stealing the secret red key."
SGFA, SGFE, C|EH, CNDA, CHFI, OSCP, CPT, RWSP, GREM
"It takes 20 years to build a reputation and five minutes to
ruin it. If you think about that, you'll do things
differently." - Warren Buffett
42B0 5A53 6505 6638 44BB 3943 2BF7 D83F 210A 95AF