If ‘BACKSNARF’ Doesn’t Prove That the Equation Group is Part of the NSA, Nothing Will

You guys have to get better at choosing code names

When the first reports were released the NSA told the Observer that they couldn't confirm or deny anything. (Photo: Getty)

When the first reports were released the NSA told the Observer that they couldn’t confirm or deny anything. (Photo: Getty)

Last month, Kaspersky Labs dug up one of the most sophisticated hacking groups ever discovered, an operation they dubbed the “Equation Group.” At the time, no one would definitively say whether it was the NSA, least of all the Moscow-based Kaspersky, which still has not outright pointed the finger at the U.S..

But even now— and in a new report published this morning—the Kaspersky team is digging up more info that makes the Venn Diagram between the NSA and the Equation Group look more like a lovely, single circle.

While analyzing an Equation Group program called EquationDrug, they stumbled on a coding artifact called “BACKSNARF,” a name that appears in a list of programs from an already-leaked internal NSA presentation—Ars Technica calls this piece the “smoking” gun to tie the two operations together.

And in a simply hilarious revelation, the report analyzed the timestamps on Equation Group activity, and the labor of their espionage reflects a well-balanced workday beginning at about 8 a.m. Eastern, with an early break for lunch at 11 a.m. before a productive afternoon.

On top of what we already knew about the Equation Group, it’s nearly impossible to believe that anybody but the United States government is even capable of having created such a sophisticated, targeted spying operation.

So, in order for this not to be the NSA, there would have be another program that checks the following boxes:

  • The program is also a two-decade old cybersecurity operation
  • The program is run by a nation-state actor (read: government-level hacking)
  • The developer is English speaking, and works a nine-to-five on the east coast
  • The program targets nations relevant to United States foreign interests
  • The program can intercept United States mail en route without detection
  • The developers randomly chose the name “BACKSNARF” as a code-word

If that last one sounds too silly to be realistic, that’s because it likely is.

If ‘BACKSNARF’ Doesn’t Prove That the Equation Group is Part of the NSA, Nothing Will