regin
Latest
Germany investigates claims of NSA-backed malware spying
When word got out that both the US' NSA and the UK's GCHQ were likely using purpose-built Regin malware for their spying campaigns, that raised more than a few alarm bells... including in the German government, apparently. The country's prosecutor's office has launched an investigation into a report that Regin infected (and thus monitored) the laptop of a Chancellery division leader. Officials aren't jumping to conclusions yet, but it's easy to guess where their suspicions lie -- the concern is that allies are hacking into the devices of multiple German higher-ups, not just its Chancellor. If the evidence holds up, it could worsen political relationships that have already turned a bit sour. [Image credit: Frank Rumpenhorst/AFP/Getty Images]
US warns about spyware that many believe it wrote
Want to see a classic example of irony? Head to the US Computer Emergency Readiness Team (CERT) website. The government security group has issued a public warning about Regin... you know, the extra-sophisticated malware that many suspect the US wrote to spy on telecom networks. It's more than a little amusing to see one agency warn about a problem the other may have created, although it raises a few questions when there haven't been similarly direct warnings for (allegedly) state-created attacks like Stuxnet and Duqu. Is it evidence that the US wasn't involved, or that Regin is out of control? An attempt to throw people off the scent? Or something else?
Researchers link carrier-focused malware to US and UK spy agencies
Symantec said that the recently detailed Regin spyware looked like it was created for government surveillance, and there's now some strong support for that claim. Both Kaspersky Lab and Wired understand that the super-sophisticated malware was used to infiltrate both Belgian carrier Belgacom and cryptographer Jean-Jacques Quisquater. Given that the NSA and Britain's GCHQ have been linked to these malware attacks, it's easy to connect the dots -- from all indications, one or both spy agencies used Regin to snoop on these targets. There are also hints that it may have been used to hack into the European Commission back in 2011. The Commission's director of security couldn't tell Wired if the malware in that incident was the same, but the code involved was built from a "series of elements" that worked together, like Regin does.
Sophisticated malware has been spying on computers since 2008 (updated)
Highly sophisticated malware isn't limited to relatively high-profile sabotage code like Stuxnet -- sometimes, it's designed to fly well under the radar. Symantec has discovered Regin, a very complex trojan that has been spying on everyone from governments to individuals since at least 2008. The malware is highly modular, letting its users customize their attacks depending on whether they need to remote control a system, get screenshots or watch network traffic. More importantly, it's uncannily good at covering its tracks. Regin is encrypted in multiple stages, making it hard to know what's happening unless you capture every stage; it even has tools to fight forensics, and it can use alternative encryption in a pinch. Researchers at Symantec suspect that the trojan is a government-created surveillance tool, since it likely took "months, if not years" to create.
