Slashdot Mirror
Regin Malware In EU Attack Linked To US and British Intelligence Agencies
Advocatus Diaboli writes The Regin malware, whose existence was first reported by the security firm Symantec on Sunday, is among the most sophisticated ever discovered by researchers. Symantec compared Regin to Stuxnet, a state-sponsored malware program developed by the U.S. and Israel to sabotage computers at an Iranian nuclear facility. Sources familiar with internal investigations at Belgacom and the European Union have confirmed to The Intercept that the Regin malware was found on their systems after they were compromised, linking the spy tool to the secret GCHQ and NSA operations.
I'd welcome our new overlords, but they seem to have already been here for a while.
About all that's left to comment on is Hot Grits, Natalie Portman and griping about there not being a Cowboy Neal choice any more.
I am Slashdot. Are you Slashdot as well?
That seems to be the way everything is pointing. Kind of makes me wonder what happened to that "land of the free" part of the national charactor.
On NSA website, NSA states about their values: " We will protect national security interests by adhering to the highest standards of behavior".
So how NSA would be able to explain to a child that computer virus and malware represent the highest standard of behavior.
It is probably the same as stealing money on the street from slightly overweight person and telling him/her, that you need to lose weight anyway and that the robber cares about you. If questioned, street robber will counter stating that the victim should be thankful, because in other streets (countries) you could be shot for even questioning.
Is vulnerable and weakened by NSA encryption is also "highest standard of behavior", dear beavers from NSA?
Were the anti-virus and anti-malware companies simply unable to detect this, or were they complicit in its distribution (by not reporting its presence to users)?
The real "Libtards" are the Libertarians!
Will this sophisticated malware work on anything other than Microsoft Windows:
"Symantec Security Response has not obtained the Regin dropper at the time of writing. Symantec believes that once the dropper is executed on the target’s computer, it will install and execute Stage 1. It’s likely that Stage 0 is responsible for setting up various extended attributes and/or registry keys and values that hold encoded versions of stages 2, 3, and potentially stages 4 and onwards". link
Operation Socialist
Its very much true, no one in murica likes socialism...
if for no other reason "they know whats good for them".
This thought began as a joke, but this actually does sound how something like Skynet could be born. Malware is infamous for aggressively trying to preserve itself. We all joke about how stupid the idea of programming an AI with a strong sense of self-preservation is because of the obvious dangers, but that is exactly how malware is programmed. Programming it to control industrial systems as well (giving it a "body") seems like a really bad idea, particularly if the aim is not to sabotage the infected industrial system, but to cause as much damage to the target nation as possible (a reasonable wartime goal).
Buy your next Linux PC at eightvirtues.com
... correctly.
It little behooves the best of us to comment on the rest of us.
So many ppl come here and post that Windows is not only safe, but that it is targeted because of numbers. Yet, it is obvious that NSA and GCHQ targeted Windows. Why? I doubt that it was numbers, but ease of cracking.
So, in the meantime, how many companies will start switching to *nix?
I prefer the "u" in honour as it seems to be missing these days.
I see an AC that posted pointing fingers, but this still does not have any fingers on it. All that it has is snowden making claims, but with zero proof behind it.
I prefer the "u" in honour as it seems to be missing these days.
Out of fear, we will accept that Symantec will now be so bloated that most Windows PCs will never finish booting up.
china doesn't have to resort to standalone software such as this.. they've got their paws on the internal firmware of the vast majority of network and routing gear sold worldwide.
So many ppl come here and post that Windows is not only safe, but that it is targeted because of numbers. Yet, it is obvious that NSA and GCHQ targeted Windows. Why? I doubt that it was numbers, but ease of cracking.
If your targets use Windows it would be a real stroke of genius to distribute attacks against Linux, don't you think?
Duh.
So, in the meantime, how many companies will start switching to *nix?
What is the *nix equivalent to secure boot? Signed kernel modules? What is the *nix equivalent to Measured Boot and Network Access Protection? How does an organization automatically and immediately detect and isolate potentially infected hosts?
Every operating system out there will experience exploitable vulnerabilities. Applications running on top of the operating systems will experience exploitable vulnerabilities. The most recent severe vulnerabilities that have been mass exploited are *nix vulnerabilities like Heartbleed and Shellshock. No operating system is immune.
That's why defense in depth is important. Windows starts it's defenses before boot, by using Secure Boot. This ensures that only approved bootloaders run. It prevents bootkits. Some Linux distros support a weak form of secure boot (it doesn't protect all types of resources, notably scripts and config files are not digitally signed). Windows loads all kernel components from signed "cabinet" files - protecting all assets used during boot. If a rootkit tampers with any of the files, the system will refuse to boot.
During boot, before loading *any* kernel module, Windows will compute a hash of the module and record it in the TPM hardware module along with name, size, dates and other metadata. Upon successful boot (but before other hosts will accept traffic from the system) the OS asks the TPM for a signed "health" record. The TPM will issue a signed document with all the recorded info that the host can present to a health certificate server. The health cert server can investigate the list of loaded modules and compare against known whitelists and/or blacklists. If everything checks out, the health cert server issues a certificate the booting host must use when communicating with other hosts. Unless it can present such cert, the other hosts will refuse to communicate with the host.
Does 'Nix support such security in depth?
Such targeted attacks will target whatever operating system is being used by the target. Targets must consider the possibility that any host can be breached through an application or OS vulnerability. With that recognition, they must ensure expedient diagnosis and isolation. In that area, a Windows server infrastructure can be set up to become extremely strong.
Reading slashdot one-liner: (irm http://rss.slashdot.org/Slashdot/slashdot).rdf.item | fl title,desc*
Does 'Nix support such security in depth?
It's not security in depth if only some levels are secure, since you're only as secure as your weakest link. Windows isn't secure because of how it's developed and because of how it behaves once it's booted. That the boot process is a bit more secure doesn't make Windows more secure overall.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
It's not on its technical merits, it's certainly not due the purity of its design philosophy, and nobody gives a decihoot how long some pakol-clad *buntard's lappie takes to boot.
And yet they're all so keen for us to use systemd...
Confucius say, "Find worm in apple - bad. Find half a worm - worse."
Not loading modules at all. It's just one kernel compile away. That's been done for security reasons by some people since about when this site started or before. Some people even had their stuff boot from read-only optical media to avoid such threats back when the possibility of tainted kernel modules was first discussed.
What the fuck?
No. GCHQ/NSA will choose whatever OS their fucking target is using. Ease of exploitation has nothing to do with it. They're not writing malware for shits and giggles or to steal grandmas pension. They're doing it with a specific intelligence gathering goal in mind. If it's Windows malware then it's because their fucking targets were running windows, nothing more, nothing less. It's stupid to try and turn this into a childish OS fanboy battle as the quality of an OS just isn't a factor in choosing what to target here.
I suppose you think Stuxnet targetted Windows and Siemens control systems too because they were just easier to hack too right? Ignoring the fact it was developed specifically to target Iran's nuclear program which used Windows PCs and Siemens control systems.
As far as I know, it's a Windows-only malware. There's some technical details in F-Secure's blog. Of course a Linux or FreeBSD version could also be created, as there is plenty of vulnerabilities in those operating systems too.
Assuming that NSA/GCHQ are behind this, then they will be targeting what they can and what ppl run. More than 1/3 of the servers in the world are Linux alone. Heck, Russian AND Chinese gov. has moved pretty hard to Linux. The fact that NSA/GCHQ has NOT written to that, indicates that they are going after the easy thing.
Sienmans was using windows for that. Of course, NSA/Israel targetted it. BUT, that is a SITE SPECIFIC set-up. When you have a foreign nation that makes heavy use of Linux, then you should be targeting it. Instead, NSA/GCHQ targeted windows because it is easy.
I prefer the "u" in honour as it seems to be missing these days.
The main problem about breaking ethics for a "good reason" is it paves the way for Evil.
That said, "imperialism" is a human fact: people love Greatness, no matter you are American, British, French, Russian, Spanish or Chinese.
Nations remember only the times when they reached the peak of their glory. The French remember Napoleon (despite the fact he was bitterly defeated), and I bet many Chinese think of themselves as the heirs of Genghis Khan. USA tries to follow the path of other big empires of the past... All look at the ancient Roman Empire with envy, even taking its symbols (I can see many eagles).
Greatness means power, which in turn means freedom to act as you wish. I'm afraid our brain is wired to think this way.
Why do these places get hacked like this?
Secure work done on a non-networked system.
The networked system is routed through a firewall (running on a different OS, so no Windows everywhere) where only traffic to specific locations is permitted.
If you want to visit a "suspect" site then start up a disposable VM running a different OS containing a browser, connect over a VPN to a less tightly controlled exit point, and use it then dispose of the VM when you're done.
Do everything possible to block admin/network shares, and remember - not everything needs to be connected to the internet.
End users want easy everything then complain when their easy systems are compromised.
"Assuming that NSA/GCHQ are behind this, then they will be targeting what they can and what ppl run."
Why?
"Instead, NSA/GCHQ targeted windows because it is easy."
Again, why?
Why would you target something because it's easy even though it's of absolutely no intelligence value?
While they did infect some Windows machines, it's worth noting that a lot of the malware does target Unix based operating systems running in telecom equipment. Some of it goes after the BIOS or the firmware in various bits of hardware (e.g. hard drives) too, which is pretty much impossible for any OS to defend against.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
People love greatness, and measure it in a variety of ways, including artistic and scientific achievements. Military might took a disproportionate importance simply because it used to be absolute necessity in the violent chaos of international relations. However, the age of war is ending, simply because they're too expensive and risky to wage, so we're seeing a shift in thinking - or do you think the Roman Empire would had advertised itself as "Land of the Free"?
He was a foreign warlord who conquered China, so that seems unlikely.
Right, so when people say Leonardo da Vinci was a great painter, they really mean he could kill you in 60 ways with a paintbrush?
Forget magic. Any technology distinguishable from divine power is insufficiently advanced.
-5
605413? Yes, it's a prime.
the age of war is ending, simply because they're too expensive and risky to wage
Profiting from sending other people's children (or, put another way, excess population) to die in other countries which can't meaningfully fight back doesn't sound all that risky to me.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Some of it goes after the BIOS or the firmware in various bits of hardware (e.g. hard drives) too, which is pretty much impossible for any OS to defend against.
Why should that be impossible? On most hardware it may be, but if you're lucky enough to have a system with an IOMMU, the OS should absolutely be able to defend against such attacks simply by not permitting just any jerkoff application to access the disk controller directly. Applications then have to ask the driver to mediate all transactions, and the OS is definitely in a position to then prevent firmware tampering.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Neither Saddam nor Taliban could really fight back, yet those wars ended costing the US about a trillion dollars it could ill afford to lose. Furthermore, sending "excess population" to die risks revolution or at least demonstrations, like those during Vietnam war; and speaking of Vietnam, you also risk misjudging your enemy. Finally, in a capitalist economy everyone is a potential consumer helping drive up demand (and, more cynically, a potential worker helping drive down wages), and thus corporate profits - and this includes the enemy - so while some profit from the reconstruction, most are worse off.
Wars will end because both tree-hugging hippies and Mr. Burns want them to end. Even the Military-Industrial complex is better off fighting imaginary threats, which can be scaled and steered to pocket a maximum amount of money with minimum amount of expenses.
Forget magic. Any technology distinguishable from divine power is insufficiently advanced.
All OSs have major intelligence value. The vast majority of laptops in the west run Windows or Apple.
OTOH, around the world, Windows represents less than 33% of all servers, which makes them a minority. Why would anybody target this 33%, but leave the other 66% which runs on larger sites? Because Windows is EASY to crack. Simple as that.
I prefer the "u" in honour as it seems to be missing these days.
You write of reading comprehension, yet somehow managed to miss the following in a three sentence post:
"Some people even had their stuff boot from read-only optical media"
I deliberately addressed the issue to avoid it coming up and deliberately used very simple and informal language so that it would be easy to comprehend - yet it's been missed an now there's some bleating about reading comprehension from the person that missed it. I can only assume that things have degenerated to mindless cheering for the team with your "why doesn't everyone else solve problems the same way as MS even though they did it a decade+ earlier" non-issue.
Why is it OK for you to point out that root can do anything on a *nix system yet it's somehow not OK for me to mention malware?
You know you make absolutely no sense right?
Why exactly is grandma's laptop of intelligence value. What possible benefit does having access to grandma's emails about her chess club offer the intelligence services?
I think you need to stop smoking crack and accept that you don't understand anything about intelligence gathering.