Researchers Tie Regin Malware To NSA, Five Eyes Intel Agencies

Trailrunner7 writes Researchers at Kaspersky Lab have discovered shared code and functionality between the Regin malware platform and a similar platform described in a newly disclosed set of Edward Snowden documents 10 days ago by Germany's Der Spiegel. The link, found in a keylogger called QWERTY allegedly used by the so-called Five Eyes, leads them to conclude that the developers of each platform are either the same, or work closely together. "Considering the extreme complexity of the Regin platform and little chance that it can be duplicated by somebody without having access to its source codes, we conclude the QWERTY malware developers and the Regin developers are the same or working together," wrote Kaspersky Lab researchers Costin Raiu and Igor Soumenkov today in a published report. (Here is the Spiegel article.)

It was known before..

According to this article, Regin has been known for some time.

Fox IT, which was hired to remove Regin from the Belgian phone company Belgacom's website, didn't say anything about what it discovered because it "didn't want to interfere with NSA/GCHQ operations."

Re:It was known before..

[houghi]

Way more then just the website.
More info on http://www.net-security.org/se...
Not only the website, but "26,000 systems were found to be infected: email and share point servers, as well as the technical staff's workstations."
Belgacom is the largest telecom operator and is also the largest ISP. I would guess almost all political individuals would at least use their phone system, but most likely also their internet.

Outstanding achievement for Computer Science

[Virtucon]

Now our Malware/Virus software engineers are practicing reuse. Excellent development practice out there folks! Keep Reusing that code!

Actual Conspiracy

[Strangely+Familiar]

It would seem our governments are at minimum committing the crime of conspiracy to break into US (and UK, Aussie, etc) citizens computers, if they are helping out foreign governments. They may have made themeselves immune for their own actions, but I highly doubt that immunity extends to helping foreign governments break into your own citizens computers. I have not researched this though. Just thought some people with more knowledge might chime in. If it is not illegal, it really needs to be illegal.

Real shocker

[X.25]

And I thought it was IS/Russians/NKoreans/Aliens, because US and allies hold moral highground and would never initiate actions which they themselves consider to be acts of war, right?

http://www.wsj.com/articles/SB...

After all, it's ok if they do it. It's only bad if terrorists, communists and perverts do it.

Crying wolf and all that.

The NSA is a spy agency

It's more likely they were spying on the Regin developers, stole their code, and modified it for their own purpose.

Cyber terrorism ...

[gstoddart]

If we did it, it's cyberterrorism. If they do it, it's law enforcement.

Assholes.

These clowns are entirely willing to undermine the security of every computer on the planet to get their grubby fingers into everything.

We need products which keep these guys out, and these guys need a serious beat down in the courts to limit what they can do. A few of them probably should be hung for treason.

Morally, every black hat should be targeting these agencies to cause as much damage to them as possible -- because the damage they're doing to our freedoms is immeasurable.

Thanks, America, for leading the charge in fucking up the planet.

Re:Cyber terrorism ...

We won't be around for much longer.

Politically, economically and socially deterioration is setting in. This must be like what it was in Rome's last days.

I was hoping we'd go the way of Great Britain. When they stopped being the World power, the average UK citizen's standard of living went up.

If we the US were to give up the Carter doctrine, pull out of the Middle East and every where else we have US troops guarding oil supplies, we'd have a much more peaceful planet - gas, OTOH, would go through the roof and our "way of life" of cheap gasoline and perpetual war would end. And unfortunately, too many Americans would rather be at perpetual war and terrorized than have more expensive gas for their pickup trucks and SUVs.

tl;dr: we Americans are a very short sighted and stupid people.

Re:Cyber terrorism ...

You're mad because all the software available to use is security swiss cheese, and there's nothing you can do about it. But your anger is misplaced. It should be directed at Linus and other "white hat" software developers who *could* write secure software but do not. Linux could be designed so that each app only has access to its own files, not complete user-level access. The kernel could be written in a safe language (a Rust-like language), where minor mistakes wouldn't let hackers take over the whole system. The kernel could cryptographically verify apps and modules. ...except making a safe system is too boring and inconvenient for open-source developers to do, and not demanded by customers of purchased software.

There's evil all over the world. If the systems are not built to be secure then somebody will take advantage of that. Russia or China, organized crime, dictators. You can't shame all actors and if you manage to get one to stop taking advantage then you haven't really changed anything -- your computer is still wide open to bad guys. So be mad at the programmers for being lazy and careless, because that might actually result in safer systems.

Re: Cyber terrorism ...

[mrchaotica]

It's not self-loathing, it's loathing of tyranny -- a fine, patriotic American tradition.

When will there be justice?

How long is it going to take before the American people get fed up with this. The NSA is obviously an out of control agency and has been for years. The people in charge need to start spending LONG prison sentences for their crimes against humanity. And before people start screaming "Think about the terrorists" remember that those in charge (both the NSA, FBI and others) have deliberately chosen to ignore gathered intell about actual terrorist threats (such as 911 and the Boston Marathon bombers). This should prove to everyone that the government considers their own citizens as more of a threat than foreign terrorists.

Re:When will there be justice?

[kilfarsnar]

How long is it going to take before the American people get fed up with this. The NSA is obviously an out of control agency and has been for years. The people in charge need to start spending LONG prison sentences for their crimes against humanity. And before people start screaming "Think about the terrorists" remember that those in charge (both the NSA, FBI and others) have deliberately chosen to ignore gathered intell about actual terrorist threats (such as 911 and the Boston Marathon bombers). This should prove to everyone that the government considers their own citizens as more of a threat than foreign terrorists.

Yeah, but most people don't see it that way. They may not like what the government is doing, but they still buy the terrorism angle. This type of thing isn't what gets people fed up enough to really do something. That comes with hunger or widespread violence, and we should all hope it doesn't get that bad.

Re:When will there be justice?

General Alexander lied to Congress, denied NSA was spying on millions of Americans, pretended the NSA didn't have the technical ability. Has he been punished? Has he been found in contempt of Congress?

No, he retired, set up a private company which banks pay tens of millions of dollars for some vague service, and the CTO of the NSA is involved as a consultant. In other words this is some NSA front company most likely. Yet another way for NSA to escape legal bounds.

Tempora, the UK's massive full-take surveillance system, that the NSA queries using its UK base to avoid any legal questions in the US. The one they use to spy on British politicians, press and activists with the help of GCHQ (aka traitors to their democracy). Has any GCHQ staff been prosecuted for that? Quite the opposite, their agents in the Lords are busy trying to amend bills to make it legal!

So who exactly is going to punish the NSA? Because everyone of those politicians is in the database, and politicians who step out of line find their private lives leaked to the press.

UKIP MPs are the being targetted now, with their phone calls over the years, leaked. Who records phone calls of people just in case they become political MPs, then selectively leaks the most embarrassing ones? GCHQ and NSA, that's who.

So no good people will make their way up the political ladder and no fix is possible.

Re:Google cache

HTTP URL not working. Use HTTPS URL:

https://threatpost.com/researchers-link-regin-to-malware-disclosed-in-recent-snowden-documents/110667

That's just the NSA tap getting overloaded, it'll clear up on it's own. ;)

A call for Write Protect

[Technician]

It is time ro return to the Write Protect Switch. Passwords are no longer effective in preventing firmware alterations by hostile organizations.

For those old enough to remember them, changing a BIOS required an EPROM burner and UV eraser. Changing CMOS settings required setting the write protect jumper.

Early infections were restricted to Write Enabled floppies, hard drives for machines with them, and everything else was write protected.

It is time to return to write protected firmware requiring physical access to alter.

Our complacency with remote management is showing the error of our ways as we are compromised.

Re:I wonder...

[Immerman]

Revenge wouldn't be the point - the point would be to send a clear message to future patriots that might try a similar stunt. Revenge would just make it more satisfying to do so.

Re:I wonder...

[Immerman]

Sure this horse is out of the barn, but there's lots of horses - that's why you want to make sure the others all hear the first one screaming as it's being eaten by cougars.

I can think of only a few reasons why it hasn't been done:
- To be truly effective it must be obvious that the US/NSA was behind it, and there may well be a fear that employing extra-legal methods to send that message would generate the public backlash that has thus far failed to manifest. A martyr can be far more powerful than a man.
- Given that he is under Russian protection, any such action could be taken as a direct assault on Russia, and in the current international political climate that might be regarded as too great a risk to take. They seem to be positioning themselves as the spokesman of a new global power structure - no sense in ceding them any more moral high ground than they've already got.
- The guilty parties still have some scruples (hey, nobody values their scruples like the man who doesn't have many)