Subscribe free to our newsletters via your
. Military Space News .




CYBER WARS
Cyberspying tool could have US, British origins
by Staff Writers
Washington (AFP) Nov 24, 2014


A sophisticated cybersespionage tool has been stealing information from governments and businesses since 2008, researchers said Monday, and one report linked it to US and British intelligence.

The security firm Symantec identified the malware, known as Regin, and said it was used "in systematic spying campaigns against a range of international targets," including governments, businesses, researchers and private individuals.

The news website The Intercept reported later Monday that the malware appeared to be linked to US and British intelligence, and that it was used in attacks on EU government networks and Belgium's telecom network.

The report, citing industry sources and a technical analysis of the malware, said Regin appears to be referenced in documents leaked by former National Security Agency contractor Edward Snowden about broad surveillance programs.

Asked about the report, an NSA spokeswoman said: "We are not going to comment on speculation."

Symantec's report said the malware shares some characteristics with the Stuxnet worm-- a tool believed to have been used by the US and Israeli governments to attack computer networks involved in Iran's nuclear program.

Because of its complexity, the Symantec researchers said in a blog post that the malware "would have required a significant investment of time and resources, indicating that a nation state is responsible."

The researchers added that "it is likely that its development took months, if not years, to complete and its authors have gone to great lengths to cover its tracks."

- Lurking in shadows -

"Regin's developers put considerable effort into making it highly inconspicuous," Symantec said.

"Its low key nature means it can potentially be used in espionage campaigns lasting several years. Even when its presence is detected, it is very difficult to ascertain what it is doing. Symantec was only able to analyze the payloads after it decrypted sample files."

The researchers also said many components of Regin are still probably undiscovered and that there could be new versions of this tool which have not yet been detected.

The infections occurred between 2008 and 2011, after which the malware disappeared before a new version surfaced in 2013.

The largest number of infections discovered -- 28 percent -- was in Russia, and Saudi Arabia was second with 24 percent. Other countries where the malware was found included Mexico, Ireland, India, Afghanistan, Iran, Belgium, Austria and Pakistan. There were no reported infections in the United States.

Around half of all infections occurred at addresses belonging to Internet service providers, but Symantec said it believes the targets of these infections were customers of these companies rather than the companies themselves.

Telecom companies were also infected, apparently to gain access to calls being routed through their infrastructure, the report noted.

Regin appeared to allow the attackers to capture screenshots, take control of the mouse's point-and-click functions, steal passwords, monitor traffic and recover deleted files.

Symantec said some targets may have been tricked into visiting spoofed versions of well-known websites to allow the malware to be installed, and in one case it originated from Yahoo Instant Messenger.

Other security experts agreed this was a dangerous tool likely sponsored by a government.

"Regin is a cyberattack platform, which the attackers deploy in victim networks for total remote control at all levels," said a research report from Kaspersky Lab.

Kaspersky added that Regin also appears to have infiltrated mobile communications through GSM networks, exposing "ancient" communication protocols used by cellphone networks.

Antti Tikkanen at Finland-based F-Secure called it "one of the more complex pieces of malware around," and added that "our belief is that this malware, for a change, isn't coming from Russia or China."

The news comes amid heightened concerns on cyberespionage.

Last month, separate teams of security researchers said the Russian and Chinese governments are likely behind widespread cyberespionage that has hit targets in the US and elsewhere.

rl/rcw

SYMANTEC


Thanks for being here;
We need your help. The SpaceDaily news network continues to grow but revenues have never been harder to maintain.

With the rise of Ad Blockers, and Facebook - our traditional revenue sources via quality network advertising continues to decline. And unlike so many other news sites, we don't have a paywall - with those annoying usernames and passwords.

Our news coverage takes time and effort to publish 365 days a year.

If you find our news sites informative and useful then please consider becoming a regular supporter or for now make a one off contribution.
SpaceDaily Contributor
$5 Billed Once


credit card or paypal
SpaceDaily Monthly Supporter
$5 Billed Monthly


paypal only


.


Related Links
Cyberwar - Internet Security News - Systems and Policy Issues






Comment on this article via your Facebook, Yahoo, AOL, Hotmail login.

Share this article via these popular social media networks
del.icio.usdel.icio.us DiggDigg RedditReddit GoogleGoogle








CYBER WARS
China Premier calls for greater role in shaping Web
Hangzhou, China (AFP) Nov 20, 2014
Chinese Premier Li Keqiang Thursday demanded a greater role for Beijing in shaping the global Internet, calling for "order" online as he failed to address his government's censorship of content it deems politically sensitive. "We believe in an open, transparent and above all safe Internet," Li said on the sidelines of a Chinese-created Internet conference. "That requires an Internet shar ... read more


CYBER WARS
U.S Navy sending Aegis-equipped destroyers to Japan

U.S. holds test on Aegis tracking capability

Russia to Create Space-Based Ballistic Missile Warning System

LockMart and NGC Deliver Payload for Fourth SBIRS Satellite

CYBER WARS
The fear and the chaos of a missile attack in east Ukraine

Elbit's anti-missile system to feature on German A400M transports

Destroyer simultaneously fires SM-2 and SM-3 missiles

Air Force orders more Paveway II Plus guided bomb kits

CYBER WARS
Law firm forms unit for civilian UAV issues

US can pursue 'reckless' drone flyers, panel rules

New Global Hawk support contract for Northrop Grumman

Altavian Inc., Lockheed Martin providing sensor payload to Army

CYBER WARS
Harris Corporation supplying Falcon III radios to Canadian military

GenDyn Canada contracted to connect military to WGS system

Northrop Grumman continues Joint STARS sustainment services

Harris Corporation opens engineering support facility

CYBER WARS
Air Force orders additional programmable bomb fuzes

US delivers anti-mortar radars to Ukraine: Pentagon

Marines get counter-IED training from A-T Solutions

Raytheon touts its Agile software development process

CYBER WARS
Pentagon chief Hagel out as IS war heats up

Nammo subsidiary buying Patria ammunition facility

Greece asks U.S. to continue sustainment support for its F-16s

U.S. lowers surcharge on Foreign Military Sales program contracts

CYBER WARS
China calls for release of fishermen convicted in Philippines

China blasts 'irresponsible' US comments on island project

China defence minister brushes off fears over military growth

China Military Advance in South China Sea to Test US Outreach

CYBER WARS
UO-industry collaboration points to improved nanomaterials

Penn engineers efficiently 'mix' light at the nanoscale

On-demand conductivity for graphene nanoribbons

Measuring nano-vibrations




The content herein, unless otherwise known to be public domain, are Copyright 1995-2014 - Space Media Network. All websites are published in Australia and are solely subject to Australian law and governed by Fair Use principals for news reporting and research purposes. AFP, UPI and IANS news wire stories are copyright Agence France-Presse, United Press International and Indo-Asia News Service. ESA news reports are copyright European Space Agency. All NASA sourced material is public domain. Additional copyrights may apply in whole or part to other bona fide parties. Advertising does not imply endorsement, agreement or approval of any opinions, statements or information provided by Space Media Network on any Web page published or hosted by Space Media Network. Privacy Statement All images and articles appearing on Space Media Network have been edited or digitally altered in some way. Any requests to remove copyright material will be acted upon in a timely and appropriate manner. Any attempt to extort money from Space Media Network will be ignored and reported to Australian Law Enforcement Agencies as a potential case of financial fraud involving the use of a telephonic carriage device or postal service.