Symantec Discovers Incredibly Sneaky, Sophisticated Spy Malware Tuesday Nov 25 2014 10:35 EDT A blog post at Symantec this week is turning heads after the team uncovered a new, previously undetected piece of malware that has been used for years to spy on government operations. Dubbed "Regin," Symatec states that the construction of the malware "displays a degree of technical competence rarely seen," resulting in the malware remaining largely undetected since it arrived on the scene back in 2008. The malware functioned until 2011, then resurfaced in reconstituted form sometime in 2013. Symantec notes that the highly sophisticated nature of the malware means it was was likely crafted by a government or intelligence service, and was then used to target businesses, telecom backbones, governments, and individuals using a variety of infection vectors. Notes Symantec: quote: Regin’s developers put considerable effort into making it highly inconspicuous. Its low key nature means it can potentially be used in espionage campaigns lasting several years. Even when its presence is detected, it is very difficult to ascertain what it is doing. Symantec was only able to analyze the payloads after it decrypted sample files.It has several “stealth” features. These include anti-forensics capabilities, a custom-built encrypted virtual file system (EVFS), and alternative encryption in the form of a variant of RC5, which isn’t commonly used. Regin uses multiple sophisticated means to covertly communicate with the attacker including via ICMP/ping, embedding commands in HTTP cookies, and custom TCP and UDP protocols.
A follow up report by The Intercept claims that the malware was a tool used in sophisticated cyberattacks conducted by U.S. and British intelligence agencies on the European Union and a Belgian telecommunications company. |
timcuthBraves Fan Premium Member join:2000-09-18 Pelham, AL Technicolor ET2251
|
timcuth
Premium Member
2014-Nov-25 10:14 am
We are unsafe, no matter whatThe "bad" guys, whether criminals or governments, have virtually unlimited resources to crack any security we have or think we have. We are at their mercy. It is probably time to give up on the idea of the internet. Tim | |
| | | | cork1958Cork Premium Member join:2000-02-26 |
to timcuth
Re: We are unsafe, no matter whatThat's kind of a no brainer that you use the net at your own risk as you know some one is trying to do something sneaky! | |
| | rebus9 join:2002-03-26 Tampa Bay
1 recommendation |
to timcuth
said by timcuth:It is probably time to give up on the idea of the internet. Naw. Just time for the next evolutionary step in security. The commercial public internet, as most people know it, is barely 20 years old. Give security some time to catch up. The first houses didn't have locks either. Then came crude devices like a piece of timber blocking the door's movement. Then slide bolts. Then keyed locks. Today we have digitally controlled locks, sophisticated motion sensors, glass breakage detectors and video surveillance. Ditto for cars-- first ones didn't even have a key. Then came keys, then alarms, then chips in keys, then LoJack, and now realtime GPS trackers which lead police to the vehicle and power-down the engine once the cops are in position. The internet WILL evolve, but expect some bumps and bruises along the way. | |
| | maartenaElmo Premium Member join:2002-05-10 Orange, CA |
to timcuth
said by timcuth:It is probably time to give up on the idea of the internet.
Tim The internet can be as secure as you want it to be. There are decent VPN providers *outside* the USA that will certainly give you the encryption you need, and I actually don't think the US based VPN providers have NSA backdoors either. You can also use TOR browser services if needed, and you can simply be very careful of what you share on the internet, and be just fine. And like rebus9 says, the internet will evolve. (Of course, so will the hackers, just like the car thieves) What you REALLY need to give up if you want any shred of privacy, is your cell phone. You will be fine if you have a pay-as-you-go phone-call-only flip phone, but if you have a smart phone with GPS, even if it is disabled, you are known by the government and they know where you are. Courtesy of the 2004 Patriot Act, cell phone providers have been mandated to retain a minimum of 3 months of location data from all of their customer's phones. So the NSA can actually log in, and know exactly where your PHONE was last week or 5 weeks ago. (Obviously, it doesn't tie the phone as the device to you personally, but for organizations like the NSA that doesn't matter anymore). If your GPS is on, they know where you have been up to 1 meter accuracy. If it is not, the accuracy is 200-500 meters, based on triangulating between the cell towers in the area that pick up some level of your signal. | |
| | | timcuthBraves Fan Premium Member join:2000-09-18 Pelham, AL |
timcuth
Premium Member
2014-Nov-25 8:37 pm
Re: We are unsafe, no matter whatI have never had a smart phone and I don't really want one. Not just because of security, but that's a good reason, too,
Tim | |
| | | | |
Re: We are unsafe, no matter whatDo you actually think they're not listening in on your landline calls as well? I feel much more comfortable sending encrypted emails from my encrypted android smartphone. | |
|
| | neill6705 |
to maartena
What you said about the internet evolving is correct. Ipsec is integrated directly into ipv6, so encryption will be essentially ubiquitous sooner or later.
As far as the GPS in smartphones, I'm not too worried about some government agency pulling me into a van in some alleyway. I'll take the risk. | |
| | |
1 recommendation |
to maartena
No it's not secure even using a vpn... the attack vector just changes. | |
| | | |
to maartena
Well put.. And don't forget.. if you buy a pay as you go.. pay cash | |
|
|
StuartMW
Premium Member
2014-Nov-25 10:59 am
NSA Enterprises...NSA Enterprises is still in business and producing "products" | |
| tpkatl join:2009-11-16 Dacula, GA |
tpkatl
Member
2014-Nov-25 11:13 am
I can't help but think that the authors had a sense of humorNaming the spyware after Ronald Reagan ..... | |
| | tshirt Premium Member join:2004-07-11 Snohomish, WA |
tshirt
Premium Member
2014-Nov-25 12:48 pm
Re: I can't help but think that the authors had a sense of humorsaid by tpkatl:Naming the spyware after Ronald Reagan ..... I think that was Symantec's spin, Regin is also a fiqure in norse mythology » en.wikipedia.org/wiki/Regin with a somewhat related theme. "As the blood touches his tongue, Sigurd understands the speech of birds, who warn him that Reginn will kill him. Before he lets any of this happen, Sigurd first wields Gram and cuts off Reginn's head | |
|
pb2k join:2005-05-30 Calgary, AB |
pb2k
Member
2014-Nov-25 1:32 pm
That reminds me...That reminds me, I'm about due for my yearly reformat/reinstall... might even have a go at the windows 10 tech preview. | |
| | MaynardKrebsWe did it. We heaved Steve. Yipee. Premium Member join:2009-06-17 |
Re: That reminds me...said by pb2k:That reminds me, I'm about due for my yearly reformat/reinstall... might even have a go at the windows 10 tech preview. Now with 100% more NSA inside. | |
|
KrKHeavy Artillery For The Little Guy Premium Member join:2000-01-17 Tulsa, OK Netgear WNDR3700v2 Zoom 5341J
|
KrK
Premium Member
2014-Nov-25 4:23 pm
Actually, spy on much more then Government operationsIt's been found extensively at ISP's and telecommunications facilities and private industry as well as Government and others.
It's almost certainly a nation/state behind this "Regin", and USA, China, and Israel are at the top of the list of suspects. | |
|
| |
|
|