Researchers Tie Regin Malware To NSA, Five Eyes Intel Agencies 95
Trailrunner7 writes Researchers at Kaspersky Lab have discovered shared code and functionality between the Regin malware platform and a similar platform described in a newly disclosed set of Edward Snowden documents 10 days ago by Germany's Der Spiegel. The link, found in a keylogger called QWERTY allegedly used by the so-called Five Eyes, leads them to conclude that the developers of each platform are either the same, or work closely together. "Considering the extreme complexity of the Regin platform and little chance that it can be duplicated by somebody without having access to its source codes, we conclude the QWERTY malware developers and the Regin developers are the same or working together," wrote Kaspersky Lab researchers Costin Raiu and Igor Soumenkov today in a published report. (Here is the Spiegel article.)
Google cache (Score:2, Funny)
HTTP URL not working. Use HTTPS URL:
https://threatpost.com/researchers-link-regin-to-malware-disclosed-in-recent-snowden-documents/110667
Re: (Score:3, Funny)
HTTP URL not working. Use HTTPS URL:
https://threatpost.com/researchers-link-regin-to-malware-disclosed-in-recent-snowden-documents/110667
That's just the NSA tap getting overloaded, it'll clear up on it's own. ;)
It was known before.. (Score:4, Informative)
According to this article [sans.edu], Regin has been known for some time.
Fox IT, which was hired to remove Regin from the Belgian phone company Belgacom's website, didn't say anything about what it discovered because it "didn't want to interfere with NSA/GCHQ operations."
Comment removed (Score:4, Interesting)
Re: (Score:3)
Re: (Score:1)
It needed to be replaced with something less detectable.
Re: (Score:3)
It depends on where some gov backed malware is found, who is hired to remove it and who can ensure any code found in the wild is not passed to antivirus, spyware and malware protection teams for further global study and public discussion.
A nation would allow its own private sector or academic teams to find the malware networking, create an expert team for the study and removal only to be told it would be done by a domestic intelligence organiz
Outstanding achievement for Computer Science (Score:5, Interesting)
Now our Malware/Virus software engineers are practicing reuse. Excellent development practice out there folks! Keep Reusing that code!
Actual Conspiracy (Score:4, Insightful)
Re: (Score:2)
Well the CFAA [wikipedia.org] gets used and abused quite a bit. I'm sure it's applicable here. The problem is proving who the perps are who wrote the stuff and catching them. Since you're implying the US government or some of its allies then let's suppose that you could provide evidence at trial that they actually wrote it and used it to hack your system. The simple response by government lawyers would be "national security" in which case they have a better than 90% chance of getting the judge to agree and your evidenc
Re: (Score:2)
I was going to respond that while it may be "criminal", it's not a crime, but you got to that at the end.
NSA = No Sales for Americans (Score:1)
NSA = No Sales for Americans
Re: (Score:3)
Nations will just revert to paper, number stations and one time pads. Couriers, cults, faith, background investigations that interview friends, generations of family, teachers in person.
Other nations have systems and trusted staff to revert back to. Expecting junk computer networks to just keep producing real global intelligence was a wonderful boondoggle over decades.
The "most advanced espionage malware platforms ever studied" would then
Real shocker (Score:5, Interesting)
And I thought it was IS/Russians/NKoreans/Aliens, because US and allies hold moral highground and would never initiate actions which they themselves consider to be acts of war, right?
http://www.wsj.com/articles/SB... [wsj.com]
After all, it's ok if they do it. It's only bad if terrorists, communists and perverts do it.
Crying wolf and all that.
Re: (Score:2)
After all, it's ok if they do it. It's only bad if terrorists, communists and perverts do it.
Crying wolf and all that.
I think you mean "pot calling kettle and all that".
Re: (Score:1)
I have to take with a grain of salt the claims made by a company headed by someone who studied at a school which was essentially a KGB recruitment camp, using documents leaked by a traitor who is being harbored by a hostile government and who is trotted out as a propaganda piece when it suits the aims of the de facto dictator of that adversary.
Edward Snowden should be given the US Presidential Medal of Freedom but that would require the US Government admitting its bad acts. Not going to happen even with a constitutional scholar lawyer in the Oval Office.
Re: (Score:2, Insightful)
A traitor to a corrupt, immoral, self-serving government, and a hero to the people for whom the Constitution still has some meaning.
Your pal Hitler was big on medication. No wonder you recommend it.
Re: (Score:3)
Re: (Score:2)
You and your "hero" don't seem to either understand or support democratic governance.
Re: (Score:2)
Were I in his shoes, the most damning evidence I had would be held back as leverage to ensure no one in the US Government did anything stupid. A digital dead mans switch if you will. Easy enough to bundle with the original encrypted files, just encrypt the crazy stuff with a secondary key. If you end up in an "accident" or going missing, the key gets distributed and the fun really starts.
Boils down to how badly the Government wants to get th
Re: (Score:2)
Why would he tell the world? It's not the world he wants to keep in check.
Basically he would be trying to blackmail the government into inaction - and the whole point of blackmail is that you keep your mouth shut so long as the target does what you want. If he's employed such a strategy then I would expect that certain key individuals have received packets of especially damning information about themselves, along with a promise that should anything happen to him that information will become public.
Re: (Score:2)
You seem to be building the case that he was a traitor, and embracing it.
Re: (Score:3)
...when Snowden is going to wake up with a bullet in his head...
Edward Snowden has released all of his information to news agencies. They are the ones now releasing this information. Snowden could die tomorrow and it wouldn't make a difference. The US government likely knows this, so there is no point in going after him. They may be lawless, but I don't think they would try to get him just for revenge.
Re: I wonder... (Score:1)
My friend, revenge ain't a big enough word. ;) If you don't imagine that there are people who would go after him, understand that you are mistaken.
Re:I wonder... (Score:5, Insightful)
Revenge wouldn't be the point - the point would be to send a clear message to future patriots that might try a similar stunt. Revenge would just make it more satisfying to do so.
Re: (Score:2)
Revenge wouldn't be the point - the point would be to send a clear message to future patriots that might try a similar stunt. Revenge would just make it more satisfying to do so.
Yeah, maybe. I'd think that if they wanted to do that, they'd have done it already. But maybe they just haven't had the opportunity. Seems to me the horse is out of the barn.
Re:I wonder... (Score:4, Insightful)
Sure this horse is out of the barn, but there's lots of horses - that's why you want to make sure the others all hear the first one screaming as it's being eaten by cougars.
I can think of only a few reasons why it hasn't been done:
- To be truly effective it must be obvious that the US/NSA was behind it, and there may well be a fear that employing extra-legal methods to send that message would generate the public backlash that has thus far failed to manifest. A martyr can be far more powerful than a man.
- Given that he is under Russian protection, any such action could be taken as a direct assault on Russia, and in the current international political climate that might be regarded as too great a risk to take. They seem to be positioning themselves as the spokesman of a new global power structure - no sense in ceding them any more moral high ground than they've already got.
- The guilty parties still have some scruples (hey, nobody values their scruples like the man who doesn't have many)
Re: (Score:2)
Lots of horses? I don't think so. Truly exceptional turncoats like that are once or twice in a generation.
Snowden is wanted as a fugitive from justice. He has refuge in Russia. That's about all there is to it, your theatre aside.
Re: (Score:2)
Possibly so - but if one man gets away with it relatively unscathed, that may embolden the next. Also you have to consider that thanks to exponential population growth modern generations involve a *hell* of a lot more individuals than anything even a few hundred years ago - what was once would have been "once every few generations" rarity can now be reasonably expected to occur many times per generation. Hell, we've already had both Snowden and Manning within a relatively brief window.
Re: (Score:2)
Lots of horses? I don't think so. Truly exceptional turncoats like that are once or twice in a generation.
Snowden is wanted as a fugitive from justice. He has refuge in Russia. That's about all there is to it, your theatre aside.
Yes, we call it political refugees. People who flee and are granted amnesty because they would be prosecuted if they returned to the totalitarian hellhole from where they fled.
Re: (Score:1)
Yeah, maybe. I'd think that if they wanted to do that, they'd have done it already. But maybe they just haven't had the opportunity. Seems to me the horse is out of the barn.
Seems to me that the CIA is not quite as omnipotent as their propaganda claims. Julian Assange has not had serious appendicitis, let alone a tragic heart attack nor freak accident, and we all know exactly where he is. How many years did it take to track down OBL, while he sat eating take-out in the suburbs?
No, I think it's pretty clear that the CIA have trouble finding their asses with both hands. Most of the time that doesn't matter too much, because the media is happy to believe without question that t
The NSA is a spy agency (Score:5, Insightful)
It's more likely they were spying on the Regin developers, stole their code, and modified it for their own purpose.
Mod parent up Re:The NSA is a spy agency (Score:1)
Out of points or I would do it myself.
Re: (Score:1)
Stockholm's syndrome if I ever saw one...
Are you completely deluded?
Re: (Score:2)
Occam's razor says not.
Cyber terrorism ... (Score:5, Insightful)
If we did it, it's cyberterrorism. If they do it, it's law enforcement.
Assholes.
These clowns are entirely willing to undermine the security of every computer on the planet to get their grubby fingers into everything.
We need products which keep these guys out, and these guys need a serious beat down in the courts to limit what they can do. A few of them probably should be hung for treason.
Morally, every black hat should be targeting these agencies to cause as much damage to them as possible -- because the damage they're doing to our freedoms is immeasurable.
Thanks, America, for leading the charge in fucking up the planet.
Re:Cyber terrorism ... (Score:4, Insightful)
We won't be around for much longer.
Politically, economically and socially deterioration is setting in. This must be like what it was in Rome's last days.
I was hoping we'd go the way of Great Britain. When they stopped being the World power, the average UK citizen's standard of living went up.
If we the US were to give up the Carter doctrine, pull out of the Middle East and every where else we have US troops guarding oil supplies, we'd have a much more peaceful planet - gas, OTOH, would go through the roof and our "way of life" of cheap gasoline and perpetual war would end. And unfortunately, too many Americans would rather be at perpetual war and terrorized than have more expensive gas for their pickup trucks and SUVs.
tl;dr: we Americans are a very short sighted and stupid people.
Re: Cyber terrorism ... (Score:5, Interesting)
It's not self-loathing, it's loathing of tyranny -- a fine, patriotic American tradition.
Re: (Score:2)
Maybe you could be so kind as to point out the "tyranny" being "loathed" in that post?
Re: (Score:2)
I've done so on numerous occasions, which you ignore because you're a fascist. Fuck off and die.
Re: (Score:3, Interesting)
You're mad because all the software available to use is security swiss cheese, and there's nothing you can do about it. But your anger is misplaced. It should be directed at Linus and other "white hat" software developers who *could* write secure software but do not. Linux could be designed so that each app only has access to its own files, not complete user-level access. The kernel could be written in a safe language (a Rust-like language), where minor mistakes wouldn't let hackers take over the whole
Re: (Score:1)
A few of them probably should be hung for treason.
That may (or not) be a bit excessive, but it'd be hard to (legally) accomplish.
Bring back tar and feathers, I say.
Re: (Score:2)
Thanks, America, for leading the charge in fucking up the planet.
Slight misnomer there. England is leading the charge, the US just likes where they are going and stays in close step.
WE don't need new products (Score:2)
The peasants need to standup and say enough is enough.
Re: (Score:2)
If we did it, it's cyberterrorism. If they do it, it's law enforcement.
Assholes.
They are part of the government, you are an individual citizen. Do you somehow not see the difference? Is this a difficult point for you?
When was the last time that you personally passed a zoning ordinance and fined people for not obeying it?
When was the last time that you personally arrested and imprisoned someone after their appeal to your personal court failed?
When was the last time that you imposed and collected taxes?
Does any of this ring a bell?
A few of them probably should be hung for treason.
Until you can reliably discern the difference between t
When will there be justice? (Score:5, Insightful)
How long is it going to take before the American people get fed up with this. The NSA is obviously an out of control agency and has been for years. The people in charge need to start spending LONG prison sentences for their crimes against humanity. And before people start screaming "Think about the terrorists" remember that those in charge (both the NSA, FBI and others) have deliberately chosen to ignore gathered intell about actual terrorist threats (such as 911 and the Boston Marathon bombers). This should prove to everyone that the government considers their own citizens as more of a threat than foreign terrorists.
Re:When will there be justice? (Score:4, Insightful)
How long is it going to take before the American people get fed up with this. The NSA is obviously an out of control agency and has been for years. The people in charge need to start spending LONG prison sentences for their crimes against humanity. And before people start screaming "Think about the terrorists" remember that those in charge (both the NSA, FBI and others) have deliberately chosen to ignore gathered intell about actual terrorist threats (such as 911 and the Boston Marathon bombers). This should prove to everyone that the government considers their own citizens as more of a threat than foreign terrorists.
Yeah, but most people don't see it that way. They may not like what the government is doing, but they still buy the terrorism angle. This type of thing isn't what gets people fed up enough to really do something. That comes with hunger or widespread violence, and we should all hope it doesn't get that bad.
Re:When will there be justice? (Score:5, Interesting)
General Alexander lied to Congress, denied NSA was spying on millions of Americans, pretended the NSA didn't have the technical ability. Has he been punished? Has he been found in contempt of Congress?
No, he retired, set up a private company which banks pay tens of millions of dollars for some vague service, and the CTO of the NSA is involved as a consultant. In other words this is some NSA front company most likely. Yet another way for NSA to escape legal bounds.
Tempora, the UK's massive full-take surveillance system, that the NSA queries using its UK base to avoid any legal questions in the US. The one they use to spy on British politicians, press and activists with the help of GCHQ (aka traitors to their democracy). Has any GCHQ staff been prosecuted for that? Quite the opposite, their agents in the Lords are busy trying to amend bills to make it legal!
So who exactly is going to punish the NSA? Because everyone of those politicians is in the database, and politicians who step out of line find their private lives leaked to the press.
UKIP MPs are the being targetted now, with their phone calls over the years, leaked. Who records phone calls of people just in case they become political MPs, then selectively leaks the most embarrassing ones? GCHQ and NSA, that's who.
So no good people will make their way up the political ladder and no fix is possible.
Re: (Score:2)
Their elected representatives are to blame. They don't put real pressure on them to clean up their act. And how could they? Considering what it takes to have a career in politics, surely the NSA has too much dirt on each of them. So they occasionally put on a show but that's the extent of it.
Re: (Score:3)
How long is it going to take before the American people get fed up with this. The NSA is obviously an out of control agency and has been for years. The people in charge need to start spending LONG prison sentences for their crimes against humanity. And before people start screaming "Think about the terrorists" remember that those in charge (both the NSA, FBI and others) have deliberately chosen to ignore gathered intell about actual terrorist threats (such as 911 and the Boston Marathon bombers). This should prove to everyone that the government considers their own citizens as more of a threat than foreign terrorists.
Is this shown on the news? Have CNN spent a whole 2 days on it like they have a current blizzard of new york? or previously Inflategate? Nope So why whould the unwashed masses be upset if the fucking media is failing to report on it. It's not a blizzard, sports cheating or a plane crash so they are oblivious. We that read slashdot hear about stuff like this all the time. DEA cameras, NSA GCHQ etc. The greater "American people" do not. So they cannot be outraged over something that the media is not r
When in doubt, call it a "Snowden document" (Score:1)
I am starting to smell bullshit here. When a reporter needs to make a scoop, all they seem to have to do is just say they pulled out a "Snowden document", and presto, a story. Especially if they feel they need to stir up some anti-American sentiment, which I'm sure some people or countries would love right about now.
When I took journalism classes in college, anyone writing something and ascribing it to a document that cannot be proven; merely alleged... that would ensure I got an "F" for the coursework.
Re: (Score:3)
Exactly what are you angry about? The article under discussion is from Kaperski researchers who are describing a relation they discovered between two different strains of malware. One of the strains of malware happened to be mentioned in a der Spiegel article about a recent Snowden revelation, but that is it.
So be precise: who is claiming something based on an unproven document? What is it that they are claiming? Where do they do that?
A call for Write Protect (Score:5, Interesting)
It is time ro return to the Write Protect Switch. Passwords are no longer effective in preventing firmware alterations by hostile organizations.
For those old enough to remember them, changing a BIOS required an EPROM burner and UV eraser. Changing CMOS settings required setting the write protect jumper.
Early infections were restricted to Write Enabled floppies, hard drives for machines with them, and everything else was write protected.
It is time to return to write protected firmware requiring physical access to alter.
Our complacency with remote management is showing the error of our ways as we are compromised.
Re: (Score:2)
For those old enough to remember them, changing a BIOS required an EPROM burner and UV eraser. Changing CMOS settings required setting the write protect jumper.
Well, I had an IBM PC-1, and yes and no respectively.
Clearing CMOS settings is still done with a jumper. I do wish that all flash BIOS devices had a write protect jumper, though, and it would cost little to add them.
Re: (Score:2)
Some clones not only has the reset/erase jumper, but also has a CMOS write enable. Without it, the CMOS settings could not be altered. Changing the hard drive was one of the few reasons for enabling a write.
Re: (Score:2)
Trust as in how do you know jumping through those hoops stops the NSA? Maybe the use the secret courts to require a backdoor, maybe they alter the chips themselves.
The NSA etc needs a clear directive by the president and congress that this is not ok. As long as they get only a minor slap of do not do that again it will not stop.
Re: (Score:2)
Re: (Score:2)
Yup. Changing a bios required physically taking the old one out and popping in a new eprom. At 17, I doubt the NSA cared less about my original IBM PC that came with a cassette tape drive (I couldn't afford single sided floppy drives until a little later..let alone a hard drive until I was 18.
Re: (Score:3)
The problem is that convenience got ahead of security. Until the hit on Sony, the biggest threat to companies was hardware failure. So, companies went with SAN installations that had RAID6, async replication via WAN, snapshots, multiple tiers, and deduplication. More backups needed? Add more drives, maybe a controller.
Tape (and also optical, although optical has not kept up with the times when it comes to storage) became something considered a dinosaur.
This model worked perfectly when the bad guys were
found in a keylogger called QWERTY (Score:2)
Re: (Score:2)
I worked with a guy who brought one of those one day to the office. It was very funny couple of days watching him try and use that thing. Of course his retorts of "oh it's better!" "more efficient!" "easier to use!" all went by the wayside when he eventually threw it away.
Researchers Tie Regin Malware To [...] Intel (Score:2)
That's why I use AMD.