“How do I stop this virus?” Equation Group victim pleaded for online help

A day after security Kaspersky Lab researchers detailed a state-sponsored hacking campaign with ties to Stuxnet, an online posting has been spotted in which one of the victims pleaded for help.

"How do I stop this virus infecting my computer?" someone with the username dkk wrote in a forum in July 2010. "You insert the USB thumbdrive, the computer gets infected. Even when the patches has been applied, and autorun and autoplay has been turned off. The weirdest thing of all is, there is in fact no autorun.inf on the root of the infected USB drive."

He went on to say the USB drive contained seven files all ending in *.lnk, along with a file called fanny.bmp. Sadly, no one ever responded.

Read 5 remaining paragraphs | Comments

Password cracking experts decipher elusive Equation Group crypto hash

Unraveling a mystery that eluded the researchers analyzing the highly advanced Equation Group the world learned about Monday, password crackers have deciphered a cryptographic hash buried in one of the hacking crew's exploits. It's Arabic for "unregistered."

Researchers for Moscow-based Kaspersky Lab spent more than two weeks trying to crack the MD5 hash using a computer that tried more than 300 billion plaintext guesses every second. After coming up empty-handed, they enlisted the help of password-cracking experts, both privately and on Twitter in hopes they would do better. Password crackers Jens Steube and Philipp Schmidt spent only a few hours before figuring out the plaintext behind the hash e6d290a03b70cfa5d4451da444bdea39 was غير مسجل, which is Arabic for "unregistered". The hex-encoded string for the same Arabic word is dbedd120e3d3cce1.

"That was a shock when it popped up and said 'cracked,'" Steube told Ars Monday evening. He is the developer behind the free Hashcat password-cracking programs and an expert in password cracking.

Read 6 remaining paragraphs | Comments