Security researchers
say they have discovered a sophisticated piece of malicious code spying
on researchers, governments, businesses, and critical telecommunications
infrastructure since 2008.
The malware, called
Regin, was first discovered by Symantec, the antivirus company, which
released a white paper describing its findings on Sunday. On Monday, The
Intercept, a digital magazine started by the journalist Glenn
Greenwald, reported that the Regin malware is part of a decade-long
joint operation by the National Security Agency and its British
counterpart, the Government Communications Headquarters, or G.C.H.Q. The
Intercept report is based in part on disclosures from former N.S.A.
contractor Edward J. Snowden.
“In the world of
malware threats, only a few rare examples can truly be considered
groundbreaking and almost peerless,” Symantec wrote. “What we have seen
in Regin is just such a class of malware.”
Symantec found
evidence that the malware has been used on targets in 10 countries,
primarily Saudi Arabia and Russia, as well as Pakistan, Afghanistan,
India, Mexico, Ireland, Belgium and Austria. The Intercept reported
Monday that the malware had been used to spy on companies in the
European Union, notably Belgacom, a partly state-owned Belgian phone and
Internet provider.
The Regin malware is
highly customizable, researchers said, and can be tweaked to include new
features and capabilities, depending on the target. Symantec’s
researchers estimate that it likely took months “if not years” to
develop and said the malware’s “authors have gone to great lengths to
cover its tracks.”
The researchers
believe the malware was first used to spy on individuals in 2008, until
it was “abruptly withdrawn” in 2011. The Intercept reported that the
malware was used to infect a Belgacom server in 2010.
Then, last year,
Symantec said the authors started using a new version of the same
malware to spy on a variety of victims. Among them: academic
researchers, individuals and small businesses, companies in the airline,
energy and hospitality sectors as well as telecom companies, in what
researchers believe was an attempt to gain access to telephone calls
routed through their call centers.
Regin is undeniably a
spy tool, based on its functions, the researchers said. It is configured
to grab screenshots and take over a computer mouse’s point-and-click
function. It can also grab passwords, monitor network traffic and gather
information from the computer’s memory. It can scan for and retrieve
deleted files.
Beyond those basic
functions, its capabilities vary from target to target. In one case,
Symantec’s researcher found that Regin had been tweaked to sniff traffic
sent to mobile telephone base station controllers. In another case, it
had been customized to parse mail from Microsoft’s Exchange email
databases.
Read more: Bits - Business, Innovation, Technology, Society
The Intercept reported Monday that the tool was part of a joint N.S.A.- G.C.H.Q. program, codenamed “Operation Socialist.”
Vanee Vines, a N.S.A. spokeswoman declined to comment on what the agency called “speculation.”
“The discovery of
Regin serves to highlight how significant investments continue to be
made into the development of tools for use in intelligence gathering,”
Symantec researchers said.
No comments:
Post a Comment