6 January 2012

RSA Reverse Malware Analysis Points to RU

Date: Thu, 05 Jan 2012 16:35:31 -0800

From: "J. Oquendo" <joquendo[at]e-fensive.net>

Subject: RSA - Hackers and Predator Drones

A few months ago, I did a down and dirty reverse analysis of the RSA compromise and posted a video of it. In my video, after dissecting, scouring through many lists (some private) that deal with malicious networks (think lists like Shadowserve, BadIP.info, etc), I concluded that the RSA attack was somehow connected more to the "Russian Business Network" than to China. Many scoffed at it. Lo and behold, the predator drone incident...

http://www.infiltrated.net/rsa-comp-analysis/ (My original RSA reverse malware analysis)

Quoting from Cryptome's iran-rsa-cipher.htm:

The Russian claim could be a cover-up of an RSA decrypt"

More quoting from Cryptome:

Military-band GPS (M-code) is protected against spoofing by the RSA cipher.

In admitting that they spoofed military GPS are they admitting to the world that they've cracked RSA?

ComodoHacker claimed he had also broken into EMC's RSA servers, and he claimed to be in pursuit of a cryptanalytic attack against RSA.

Just wondering if you'd heard anybody else mention RSA in regards to Iran's GPS spoofing.

If they really did spoof GPS to misdirect the drone they would have had to have broken red-key mode M-code GPS, which is the military GPS signal used in classified hardware (black-key mode is used in unclassified hardware).

They could have done this in two ways: 1) by fast-factoring large semiprimes that are the basis of RSA, or 2) by stealing the secret red key."