Slashdot Mirror
Researchers Tie Regin Malware To NSA, Five Eyes Intel Agencies
Trailrunner7 writes Researchers at Kaspersky Lab have discovered shared code and functionality between the Regin malware platform and a similar platform described in a newly disclosed set of Edward Snowden documents 10 days ago by Germany's Der Spiegel. The link, found in a keylogger called QWERTY allegedly used by the so-called Five Eyes, leads them to conclude that the developers of each platform are either the same, or work closely together. "Considering the extreme complexity of the Regin platform and little chance that it can be duplicated by somebody without having access to its source codes, we conclude the QWERTY malware developers and the Regin developers are the same or working together," wrote Kaspersky Lab researchers Costin Raiu and Igor Soumenkov today in a published report. (Here is the Spiegel article.)
HTTP URL not working. Use HTTPS URL:
https://threatpost.com/researchers-link-regin-to-malware-disclosed-in-recent-snowden-documents/110667
According to this article, Regin has been known for some time.
Fox IT, which was hired to remove Regin from the Belgian phone company Belgacom's website, didn't say anything about what it discovered because it "didn't want to interfere with NSA/GCHQ operations."
Now our Malware/Virus software engineers are practicing reuse. Excellent development practice out there folks! Keep Reusing that code!
Harrison's Postulate - "For every action there is an equal and opposite criticism"
It would seem our governments are at minimum committing the crime of conspiracy to break into US (and UK, Aussie, etc) citizens computers, if they are helping out foreign governments. They may have made themeselves immune for their own actions, but I highly doubt that immunity extends to helping foreign governments break into your own citizens computers. I have not researched this though. Just thought some people with more knowledge might chime in. If it is not illegal, it really needs to be illegal.
Join the IParty!
And I thought it was IS/Russians/NKoreans/Aliens, because US and allies hold moral highground and would never initiate actions which they themselves consider to be acts of war, right?
http://www.wsj.com/articles/SB...
After all, it's ok if they do it. It's only bad if terrorists, communists and perverts do it.
Crying wolf and all that.
...when Snowden is going to wake up with a bullet in his head...
It's more likely they were spying on the Regin developers, stole their code, and modified it for their own purpose.
If we did it, it's cyberterrorism. If they do it, it's law enforcement.
Assholes.
These clowns are entirely willing to undermine the security of every computer on the planet to get their grubby fingers into everything.
We need products which keep these guys out, and these guys need a serious beat down in the courts to limit what they can do. A few of them probably should be hung for treason.
Morally, every black hat should be targeting these agencies to cause as much damage to them as possible -- because the damage they're doing to our freedoms is immeasurable.
Thanks, America, for leading the charge in fucking up the planet.
Lost at C:>. Found at C.
Out of points or I would do it myself.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
How long is it going to take before the American people get fed up with this. The NSA is obviously an out of control agency and has been for years. The people in charge need to start spending LONG prison sentences for their crimes against humanity. And before people start screaming "Think about the terrorists" remember that those in charge (both the NSA, FBI and others) have deliberately chosen to ignore gathered intell about actual terrorist threats (such as 911 and the Boston Marathon bombers). This should prove to everyone that the government considers their own citizens as more of a threat than foreign terrorists.
I am starting to smell bullshit here. When a reporter needs to make a scoop, all they seem to have to do is just say they pulled out a "Snowden document", and presto, a story. Especially if they feel they need to stir up some anti-American sentiment, which I'm sure some people or countries would love right about now.
When I took journalism classes in college, anyone writing something and ascribing it to a document that cannot be proven; merely alleged... that would ensure I got an "F" for the coursework. However, I took journalism when you couldn't pull "anonymous sources" out of your ass to "prove" your point either.
It is time ro return to the Write Protect Switch. Passwords are no longer effective in preventing firmware alterations by hostile organizations.
For those old enough to remember them, changing a BIOS required an EPROM burner and UV eraser. Changing CMOS settings required setting the write protect jumper.
Early infections were restricted to Write Enabled floppies, hard drives for machines with them, and everything else was write protected.
It is time to return to write protected firmware requiring physical access to alter.
Our complacency with remote management is showing the error of our ways as we are compromised.
The truth shall set you free!
People everywhere in the world are trying to avoid buying U.S. products because of many kinds of secret U.S. government actions, not just surveillance.
NSA = No Sales for Americans
The peasants need to standup and say enough is enough.
by TheSpoom (715771) Uncaring Linux user here. I have nothing to add to this but please continue. *munches popcorn*
if other countries placed malware on their computer systems? It is nothing short of an attack on sovereign countries, and the world needs to stand up and turn their backs on the US until they are willing to fall in line.
Codes? Serious? You do realise that this site is slightly nerdy, and most users have an above average education? Codes? I think you meant CODE! I seriously think you accidentally added the 's' by mistake. Either that, or you don't know the difference between a count noun and a mass noun. Yet somehow I doubt you would refer to an organizations rule book as a "Codes of conduct", or talk about a company "dress codes". You wouldn't refer to a nation's legal statutes as their "Penal Codes". Yet the author of the blurb takes great pleasure in fucking up here. It's my nit, and I'm picking it. When I was in university and turning in papers (even in C.S.), you would be rebuked and thought of as a dumb-ass if you referred to computer software as 'codes'. Trying to ftfy.
What a relief! So if I use Dvorak I'm safe, right?
All the codes on all the boxen!
There is a reason we need 100% free software and not this half baked "open source" thing. "Open source" is how proprietary software sneaks in and that's bad. Really bad from a privacy and security perspective. While free software isn't enough to safeguard us all bets are off the second you let proprietary applications in. Nobody intelligent techy person would argue against "once infected all bets are off". Well, that's true for proprietary software too.
We can point to a heck of a lot of examples of government spyware or those acting on the behalf of rouge corporations utilizing non-free bits to extract untold amounts of information. From non-democratic states creating proprietary keyboard drivers necessary for there own regions languages spying on the citizens of the state to backdoors in proprietary bits of android phones from telecommunications giants in bed with the US government (contracts and whatnot).
Not only can corporations and the government(s) track where your going (ie GSM modem firmware and by design of the technology itself), but they can also read your emails, log your keystrokes, and even blackmail you without any forensics "expert" being the wiser. Computer forensics was already a joke- but we're wrongly imprisoning people on the flimsiest of of the most unreliable "evidence".
If your not aware the Free Software Foundation is pushing for the release of code at a hardware level. Not only do they want you to be able to control your applications- but they want you to be able to control your devices too. From drivers to firmware. They have analyzed (for non-free bits, not specifically for security, but its a big start) a number of drivers and firmwares for various chips found in hardware and certified a number of devices as being 100% free software. Check out the Respect Your Freedom certification program @ fsf.org/ryf and help stop big brother.
Is this why Flash Player has endless security fix?
That's why I use AMD.
Get free satoshi (Bitcoin) and Dogecoins
NT