dslreports logo
 story category
Symantec Discovers Incredibly Sneaky, Sophisticated Spy Malware

A blog post at Symantec this week is turning heads after the team uncovered a new, previously undetected piece of malware that has been used for years to spy on government operations. Dubbed "Regin," Symatec states that the construction of the malware "displays a degree of technical competence rarely seen," resulting in the malware remaining largely undetected since it arrived on the scene back in 2008. The malware functioned until 2011, then resurfaced in reconstituted form sometime in 2013.

Symantec notes that the highly sophisticated nature of the malware means it was was likely crafted by a government or intelligence service, and was then used to target businesses, telecom backbones, governments, and individuals using a variety of infection vectors. Notes Symantec:

quote:
Regin’s developers put considerable effort into making it highly inconspicuous. Its low key nature means it can potentially be used in espionage campaigns lasting several years. Even when its presence is detected, it is very difficult to ascertain what it is doing. Symantec was only able to analyze the payloads after it decrypted sample files.

It has several “stealth” features. These include anti-forensics capabilities, a custom-built encrypted virtual file system (EVFS), and alternative encryption in the form of a variant of RC5, which isn’t commonly used. Regin uses multiple sophisticated means to covertly communicate with the attacker including via ICMP/ping, embedding commands in HTTP cookies, and custom TCP and UDP protocols.
A follow up report by The Intercept claims that the malware was a tool used in sophisticated cyberattacks conducted by U.S. and British intelligence agencies on the European Union and a Belgian telecommunications company.
view:
topics flat nest 

timcuth
Braves Fan
Premium Member
join:2000-09-18
Pelham, AL
Technicolor ET2251

timcuth

Premium Member

We are unsafe, no matter what

The "bad" guys, whether criminals or governments, have virtually unlimited resources to crack any security we have or think we have. We are at their mercy.

It is probably time to give up on the idea of the internet.

Tim
Expand your moderator at work

cork1958
Cork
Premium Member
join:2000-02-26

cork1958 to timcuth

Premium Member

to timcuth

Re: We are unsafe, no matter what

That's kind of a no brainer that you use the net at your own risk as you know some one is trying to do something sneaky!

rebus9
join:2002-03-26
Tampa Bay

1 recommendation

rebus9 to timcuth

Member

to timcuth
said by timcuth:

It is probably time to give up on the idea of the internet.

Naw. Just time for the next evolutionary step in security. The commercial public internet, as most people know it, is barely 20 years old. Give security some time to catch up.

The first houses didn't have locks either. Then came crude devices like a piece of timber blocking the door's movement. Then slide bolts. Then keyed locks. Today we have digitally controlled locks, sophisticated motion sensors, glass breakage detectors and video surveillance.

Ditto for cars-- first ones didn't even have a key. Then came keys, then alarms, then chips in keys, then LoJack, and now realtime GPS trackers which lead police to the vehicle and power-down the engine once the cops are in position.

The internet WILL evolve, but expect some bumps and bruises along the way.

maartena
Elmo
Premium Member
join:2002-05-10
Orange, CA

maartena to timcuth

Premium Member

to timcuth
said by timcuth:

It is probably time to give up on the idea of the internet.

Tim

The internet can be as secure as you want it to be. There are decent VPN providers *outside* the USA that will certainly give you the encryption you need, and I actually don't think the US based VPN providers have NSA backdoors either. You can also use TOR browser services if needed, and you can simply be very careful of what you share on the internet, and be just fine. And like rebus9 says, the internet will evolve. (Of course, so will the hackers, just like the car thieves)

What you REALLY need to give up if you want any shred of privacy, is your cell phone. You will be fine if you have a pay-as-you-go phone-call-only flip phone, but if you have a smart phone with GPS, even if it is disabled, you are known by the government and they know where you are.

Courtesy of the 2004 Patriot Act, cell phone providers have been mandated to retain a minimum of 3 months of location data from all of their customer's phones. So the NSA can actually log in, and know exactly where your PHONE was last week or 5 weeks ago. (Obviously, it doesn't tie the phone as the device to you personally, but for organizations like the NSA that doesn't matter anymore).

If your GPS is on, they know where you have been up to 1 meter accuracy. If it is not, the accuracy is 200-500 meters, based on triangulating between the cell towers in the area that pick up some level of your signal.

timcuth
Braves Fan
Premium Member
join:2000-09-18
Pelham, AL

timcuth

Premium Member

Re: We are unsafe, no matter what

I have never had a smart phone and I don't really want one. Not just because of security, but that's a good reason, too,

Tim

neill6705
join:2014-08-09

neill6705

Member

Re: We are unsafe, no matter what

Do you actually think they're not listening in on your landline calls as well? I feel much more comfortable sending encrypted emails from my encrypted android smartphone.
neill6705

neill6705 to maartena

Member

to maartena
What you said about the internet evolving is correct. Ipsec is integrated directly into ipv6, so encryption will be essentially ubiquitous sooner or later.

As far as the GPS in smartphones, I'm not too worried about some government agency pulling me into a van in some alleyway. I'll take the risk.
BosstonesOwn
join:2002-12-15
Wakefield, MA

1 recommendation

BosstonesOwn to maartena

Member

to maartena
No it's not secure even using a vpn... the attack vector just changes.

tc1uscg
join:2005-03-09
Gulfport, MS

tc1uscg to maartena

Member

to maartena
Well put.. And don't forget.. if you buy a pay as you go.. pay cash

StuartMW
Premium Member
join:2000-08-06

StuartMW

Premium Member

NSA Enterprises...

NSA Enterprises is still in business and producing "products"
tpkatl
join:2009-11-16
Dacula, GA

tpkatl

Member

I can't help but think that the authors had a sense of humor

Naming the spyware after Ronald Reagan .....

tshirt
Premium Member
join:2004-07-11
Snohomish, WA

tshirt

Premium Member

Re: I can't help but think that the authors had a sense of humor

said by tpkatl:

Naming the spyware after Ronald Reagan .....

I think that was Symantec's spin, Regin is also a fiqure in norse mythology »en.wikipedia.org/wiki/Regin with a somewhat related theme.
"As the blood touches his tongue, Sigurd understands the speech of birds, who warn him that Reginn will kill him.
Before he lets any of this happen, Sigurd first wields Gram and cuts off Reginn's head
pb2k
join:2005-05-30
Calgary, AB

pb2k

Member

That reminds me...

That reminds me, I'm about due for my yearly reformat/reinstall... might even have a go at the windows 10 tech preview.
MaynardKrebs
We did it. We heaved Steve. Yipee.
Premium Member
join:2009-06-17

MaynardKrebs

Premium Member

Re: That reminds me...

said by pb2k:

That reminds me, I'm about due for my yearly reformat/reinstall... might even have a go at the windows 10 tech preview.

Now with 100% more NSA inside.

KrK
Heavy Artillery For The Little Guy
Premium Member
join:2000-01-17
Tulsa, OK
Netgear WNDR3700v2
Zoom 5341J

KrK

Premium Member

Actually, spy on much more then Government operations

It's been found extensively at ISP's and telecommunications facilities and private industry as well as Government and others.

It's almost certainly a nation/state behind this "Regin", and USA, China, and Israel are at the top of the list of suspects.