Advertise On EU-Digest

Annual Advertising Rates

11/24/14

Internet: Symantec Discovers ‘Regin’ Spy Code Lurking on Computer Networks - Nicole Perlroth

Security researchers say they have discovered a sophisticated piece of malicious code spying on researchers, governments, businesses, and critical telecommunications infrastructure since 2008.

The malware, called Regin, was first discovered by Symantec, the antivirus company, which released a white paper describing its findings on Sunday. On Monday, The Intercept, a digital magazine started by the journalist Glenn Greenwald, reported that the Regin malware is part of a decade-long joint operation by the National Security Agency and its British counterpart, the Government Communications Headquarters, or G.C.H.Q. The Intercept report is based in part on disclosures from former N.S.A. contractor Edward J. Snowden.

“In the world of malware threats, only a few rare examples can truly be considered groundbreaking and almost peerless,” Symantec wrote. “What we have seen in Regin is just such a class of malware.”

Symantec found evidence that the malware has been used on targets in 10 countries, primarily Saudi Arabia and Russia, as well as Pakistan, Afghanistan, India, Mexico, Ireland, Belgium and Austria. The Intercept reported Monday that the malware had been used to spy on companies in the European Union, notably Belgacom, a partly state-owned Belgian phone and Internet provider.

The Regin malware is highly customizable, researchers said, and can be tweaked to include new features and capabilities, depending on the target. Symantec’s researchers estimate that it likely took months “if not years” to develop and said the malware’s “authors have gone to great lengths to cover its tracks.”

The researchers believe the malware was first used to spy on individuals in 2008, until it was “abruptly withdrawn” in 2011. The Intercept reported that the malware was used to infect a Belgacom server in 2010.

Then, last year, Symantec said the authors started using a new version of the same malware to spy on a variety of victims. Among them: academic researchers, individuals and small businesses, companies in the airline, energy and hospitality sectors as well as telecom companies, in what researchers believe was an attempt to gain access to telephone calls routed through their call centers.

Regin is undeniably a spy tool, based on its functions, the researchers said. It is configured to grab screenshots and take over a computer mouse’s point-and-click function. It can also grab passwords, monitor network traffic and gather information from the computer’s memory. It can scan for and retrieve deleted files.

Beyond those basic functions, its capabilities vary from target to target. In one case, Symantec’s researcher found that Regin had been tweaked to sniff traffic sent to mobile telephone base station controllers. In another case, it had been customized to parse mail from Microsoft’s Exchange email databases.

The Intercept reported Monday that the tool was part of a joint N.S.A.- G.C.H.Q. program, codenamed “Operation Socialist.”

Vanee Vines, a N.S.A. spokeswoman declined to comment on what the agency called “speculation.”
“The discovery of Regin serves to highlight how significant investments continue to be made into the development of tools for use in intelligence gathering,” Symantec researchers said.
Read more: Bits - Business, Innovation, Technology, Society

No comments: