Later On

A blog written for those whose interests more or less match mine.

More information on the Regin malware/spyware

leave a comment »

First, the British version of NSA, GCHQ, has made use of the malware, which again is a trail that leads to NSA as the author. Joseph Cox writes at Motherboard:

One of the most sophisticated pieces of malware ever seen has been discovered by researchers. Dubbed Regin, the tool has reportedly been spying on telecoms companies, governments, businesses, and individuals for at least the past six years, and appears to have been used by the UK’s intelligence services.

Security company Symantec announced the existence of Regin yesterday, and the researchers say it is a “​groundbreaking and almost peerless” piece of malware “whose structure displays a degree of technical competence rarely seen.”

The architecture is the hallmark of Regin: each stage of the malware is stored surreptitiously in the section that precedes it. These unload bit by bit, with five stages in total, culminating in an attacker being able to monitor nearly everything carried out on a target device.

In this regard, Symantec compared Regin to the infamous Stuxnet malware, which also had a multi-stage approach. Costin Raiu, director of the Global Research and Analysis Team at security firm Kaspersky Lab agreed with the comparison. “It’s a very good analogy,” he told me, but also pointed out some of the key differences. Kaspersky had also been working on researching the Regin malware, according to a blog post published after Symantec’s white paper, and provided some additional insights.

Stuxnet was designed to infiltrate and ultimately tamper with the Iranian nuclear programme. For this, it was given the power to self-replicate, move from one computer to another, and infect USB sticks, which would then be carried into the facility. From here, Stuxnet would attempt to override the centrifuges crucial to Iran’s nuclear enrichment plants.

Regin doesn’t do any of these things. It works as quietly as possible, granting attackers access to computer systems so they can monitor, not break them. “The main focus of Regin would be surveillance, while Stuxnet was designed for sabotage,” Raiu said. . .

Continue reading.

And The Intercept has an article:

Complex malware known as Regin is the suspected technology behind sophisticated cyberattacks conducted by U.S. and British intelligence agencies on the European Union and a Belgian telecommunications company, according to security industry sources and technical analysis conducted by The Intercept.

Regin was found on infected internal computer systems and email servers at Belgacom, a partly state-owned Belgian phone and internet provider, following reports last year that the company was targeted in a top-secret surveillance operation carried out by British spy agency Government Communications Headquarters, industry sources told The Intercept.

The malware, which steals data from infected systems and disguises itself as legitimate Microsoft software, has also been identified on the same European Union computer systems that were targeted for surveillance by the National Security Agency.

The hacking operations against Belgacom and the European Union were first revealed last year through documents leaked by NSA whistleblower Edward Snowden. The specific malware used in the attacks has never been disclosed, however.

The Regin malware, whose existence was first reported by the security firm Symantec on Sunday, is among the most sophisticated ever discovered by researchers. . .

Continue reading.

Written by LeisureGuy

24 November 2014 at 2:23 pm

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.