Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Security United Kingdom United States

Regin Malware In EU Attack Linked To US and British Intelligence Agencies 131

Advocatus Diaboli writes The Regin malware, whose existence was first reported by the security firm Symantec on Sunday, is among the most sophisticated ever discovered by researchers. Symantec compared Regin to Stuxnet, a state-sponsored malware program developed by the U.S. and Israel to sabotage computers at an Iranian nuclear facility. Sources familiar with internal investigations at Belgacom and the European Union have confirmed to The Intercept that the Regin malware was found on their systems after they were compromised, linking the spy tool to the secret GCHQ and NSA operations.
This discussion has been archived. No new comments can be posted.

Regin Malware In EU Attack Linked To US and British Intelligence Agencies

Comments Filter:
  • I'd welcome our new overlords, but they seem to have already been here for a while.

    About all that's left to comment on is Hot Grits, Natalie Portman and griping about there not being a Cowboy Neal choice any more.

    • by Anonymous Coward

      Im still blaming the NSA for the whole Cowboy Neal thing

    • About all that's left to comment on is Hot Grits, Natalie Portman and griping about there not being a Cowboy Neal choice any more.

      There's no Cowboy Neal choice anymore because Dice is selling the Slashdot poll to the highest bidder. Whichever advertising/polling corporation buys access to it gets to put whatever options they want in it, and professional pollsters conducting srs bsns don't put in a Cowboy Neal option. They don't know what it means.

      Is it the humorous option? Is it dissatisfaction with the other choices? Is it the correct choice? Is it none of the above? Is it all of the above? Is it both? Is it Cowboy Neal's cho

  • by Anonymous Coward

    That seems to be the way everything is pointing. Kind of makes me wonder what happened to that "land of the free" part of the national charactor.

    • Re:How surprising (Score:4, Insightful)

      by Advocatus Diaboli ( 1627651 ) on Monday November 24, 2014 @06:19PM (#48453035)
      That "land of free" sham was maintained for only as long as the USSR existed. Once it became Russia and a dozen other smaller countries, the "civilized" west just stopped pretending.
      • by murdocj ( 543661 )

        Right... there's no difference between Russia, where running against Putin gets you a lifetime jail sentence, and the USA, where running could actually get you elected.

        Are you all in 8th grade?

        • Right... there's no difference between Russia, where running against Putin gets you a lifetime jail sentence, and the USA, where running could actually get you elected.

          As J. Random Citizen, or even just as a small-time politician who wants to Do The Right Thing, you have absolutely zero chance of becoming president of the USA. That the law says that it is possible in no way changes that fact. It is utterly impossible to become president of the USA without media support, and they have nothing to gain by upsetting the apple cart.

          • It is utterly impossible to become president of the USA without media support...

            That would be a bad reflection on the passive media consumer... They are free to change the channel, or look elsewhere for information. It's just too easy to do a background check these days.

          • It is utterly impossible to become president of Russia without KGB^W FSB support

            Which do you prefer?

            • by AK Marc ( 707885 )
              The CIA. That's what Reagan had (Bush was CIA), and Bush, and Bush Jr. The CIA is involved in the selection of the presidents in the USA.
        • by dbIII ( 701233 )
          Of course there's a massive difference - however pretending that the extreme elsewhere justifies heading in that direction at home is IMHO the juvenile viewpoint on display here mister "8th grade".
          Authoritarianism sucks even in small doses.
        • "running could actually get you elected."

          In America, anyone can become president. Look at Dubya.

          Of 300 million people, they picked him.

          Quite the land of opportunity....
      • by AmiMoJo ( 196126 ) *

        By "west" you mean the US and UK, neither of which ever really had a good idea of what freedom is. The US was a bit better than the UK because it had a constitution, but that document mainly ensures negative freedoms: freedom from interference, or limits on your actions.

        Most of western Europe, particularly Germany, France, the Netherlands and other Nordic countries have a lot of positive freedom too. Privacy, happiness, a real prospect of prosperity. That's why they get so pissed off about spying, and don't

    • we're only "free" as long as we are explaining to a conquered people why we are bombing them.
    • Kind of makes me wonder what happened to that "land of the free" part of the national charactor.

      Well, at least we can still claim to be the "home of the brave." Of course, that just leaves us on a par with Freedonia. [wikipedia.org]
    • There has been no definitive proof of US involvement just as there was no proof of US and Israeli culpability for the Stuxnext attack but if they were responsible they certainly owe no one any apologies. In this new incident there is a lot of hysterical rhetoric, conjecture, theories, possibilities, and absolutely no hard evidence. Sounds like an open and shut case. And of course all these security researchers are apolitical angels who would never have any specific agenda to push. The security agencies in R

      • but if they were responsible they certainly owe no one any apologies.

        Because Belgium is exactly the same as Iran.

  • by Trachman ( 3499895 ) on Monday November 24, 2014 @06:19PM (#48453025) Journal

    On NSA website, NSA states about their values: " We will protect national security interests by adhering to the highest standards of behavior".

    So how NSA would be able to explain to a child that computer virus and malware represent the highest standard of behavior.

    It is probably the same as stealing money on the street from slightly overweight person and telling him/her, that you need to lose weight anyway and that the robber cares about you. If questioned, street robber will counter stating that the victim should be thankful, because in other streets (countries) you could be shot for even questioning.

    Is vulnerable and weakened by NSA encryption is also "highest standard of behavior", dear beavers from NSA?

    • by Trepidity ( 597 )

      So how NSA would be able to explain to a child that computer virus and malware represent the highest standard of behavior.

      By the standards of the traditional "black ops" business, isn't computer malware among the easier things to explain to a child? At least there are no hidden knives or exotic poisons involved.

      • by Anonymous Coward

        You're approaching "explaining to a child" with the mentality of protecting the child from the more gruesome aspects of the world.
        Op is approaching "explaining to a child" from the position of a parent who wants to raise their kids to have strong morals, a realistic outlook of the world, and patriotism, but the government is forcing us into a "pick any two" situation.

        • by Trepidity ( 597 )

          I was approaching it the same way. The American intelligence community has major ethical problems, and distributing malware is not in the top-10 list of the worst ones.

    • by Zocalo ( 252965 )
      Do you really have to ask? "Do as I say, not as I do"; the mantra of far too many governments (and parents) for quite some time now.
    • That is the highest standard. That's what's so sad.
      • For humans, I agree. Can't remember the authors name or the exact quote, but he said that the two oldest human professions were prostitution and war, not necessarily in that order. Doesn't say much for the human race.
    • "Whatever this man has told you is a lie. He lies for a living!"
      "He's in the Intelligence business."
      "Exactly."
      "YOU are in the Intelligence business!"

    • by rtb61 ( 674572 ) on Tuesday November 25, 2014 @04:34AM (#48456113) Homepage

      The other question is what is the NSA really doing with all this information especially as they have been known to target 'ALL' foreign politicians and of course have a publicly stated penchant for extortion. How many countries democracies have been derailed of late by naughty foreign politicians being caught and yet to have been exposed, as long as of course they continue to comply. With the inclusion of major US corporations as contractor and such espionage partners, how much leverage will they be able to gain in many countries.

    • by stiggle ( 649614 )

      They don't say whose standards of behavior they are adhering to.
      Its only really on the standard of "a legal democracy with full disclosure" where they fall down so pick anything else and their statement is true.

      National security interests - these include anything which affects the US position in the world so thats the economy, communications, military advancements, technological advancements, scientific discoveries, etc. So any industrial espionage to benefit American industry is OK by the NSA. So is ensu

    • The main problem about breaking ethics for a "good reason" is it paves the way for Evil.

      That said, "imperialism" is a human fact: people love Greatness, no matter you are American, British, French, Russian, Spanish or Chinese.

      Nations remember only the times when they reached the peak of their glory. The French remember Napoleon (despite the fact he was bitterly defeated), and I bet many Chinese think of themselves as the heirs of Genghis Khan. USA tries to follow the path of other big empires of the past...

      • That said, "imperialism" is a human fact: people love Greatness, no matter you are American, British, French, Russian, Spanish or Chinese.

        People love greatness, and measure it in a variety of ways, including artistic and scientific achievements. Military might took a disproportionate importance simply because it used to be absolute necessity in the violent chaos of international relations. However, the age of war is ending, simply because they're too expensive and risky to wage, so we're seeing a shift in

        • the age of war is ending, simply because they're too expensive and risky to wage

          Profiting from sending other people's children (or, put another way, excess population) to die in other countries which can't meaningfully fight back doesn't sound all that risky to me.

          • Profiting from sending other people's children (or, put another way, excess population) to die in other countries which can't meaningfully fight back doesn't sound all that risky to me.

            Neither Saddam nor Taliban could really fight back, yet those wars ended costing the US about a trillion dollars it could ill afford to lose. Furthermore, sending "excess population" to die risks revolution or at least demonstrations, like those during Vietnam war; and speaking of Vietnam, you also risk misjudging your enemy

    • So how NSA would be able to explain to a child that computer virus and malware represent the highest standard of behavior.

      Just put it into historical [wikipedia.org] context [wikipedia.org]. A computer virus is a huge step up from real ones. And using one to stop a nuclear weapons program while causing zero casualties is definitely a win for the world.

  • Were the anti-virus and anti-malware companies simply unable to detect this, or were they complicit in its distribution (by not reporting its presence to users)?
    • by AHuxley ( 892839 )
      The code is of a quality set per user depending on OS, installed AV and all other understood networking conditions.
      A consumer OS with standard trusted consumer AV and trustred normal OS updates?
      A well understood open source install that a user looks over deeper OS level logs everyday?
      The presence of unique new code a user "installed" and "allowed" is not going to report on huge anti-virus and anti-malware lists.
      Will well understood behavior analysis on consumer grade AV be looking in the correct place
  • Will this sophisticated malware work on anything other than Microsoft Windows:

    "Symantec Security Response has not obtained the Regin dropper at the time of writing. Symantec believes that once the dropper is executed on the target’s computer, it will install and execute Stage 1. It’s likely that Stage 0 is responsible for setting up various extended attributes and/or registry keys and values that hold encoded versions of stages 2, 3, and potentially stages 4 and onwards". link [symantec.com]
    • by daniel23 ( 605413 ) on Monday November 24, 2014 @08:55PM (#48454017)

      Will this sophisticated malware work on anything other than Microsoft Windows

      While I do not think you expected sincere answers to this question there is a reason to support the obligatory "of course not" answer. From the Kaspersky analysis ( https://securelist.com/blog/re... [securelist.com] )

      "The name Regin is apparently a reversed "In Reg", short for "In Registry", as the malware can store its modules in the registry. "

      And since Linux has no registry...

      - then again I would not ne surprised to learn that there is a variant of this tool runing on linux which just swaps in a different module to store its VFS at a place hard to detect on linux. Unused space behind the partitions or something...

      So, no - no reason to feel safe. Your choice of OS may only protect you until they decide to actually aim at you.

  • Operation Socialist

    Its very much true, no one in murica likes socialism...

    if for no other reason "they know whats good for them".

  • by Kevin Fishburne ( 1296859 ) on Monday November 24, 2014 @07:38PM (#48453623) Homepage
    This thought began as a joke, but this actually does sound how something like Skynet could be born. Malware is infamous for aggressively trying to preserve itself. We all joke about how stupid the idea of programming an AI with a strong sense of self-preservation is because of the obvious dangers, but that is exactly how malware is programmed. Programming it to control industrial systems as well (giving it a "body") seems like a really bad idea, particularly if the aim is not to sabotage the infected industrial system, but to cause as much damage to the target nation as possible (a reasonable wartime goal).
    • Malware is infamous for aggressively trying to preserve itself. We all joke about how stupid the idea of programming an AI with a strong sense of self-preservation is because of the obvious dangers, but that is exactly how malware is programmed.

      You are wanting to be commenting here [slashdot.org].

      • You are wanting to be commenting here [slashdot.org].

        Heh, thanks. While self-commanding killer robots are the obvious focus of our fear, it's not always the most obvious expectation that bites one in the ass. Killer robots would either never get used or have so many safeguards they'd be half useless amidst the chaos of war and the treachery and adaptability of humans. Though they'd have some degree of self-preservation, they would have no desire or ability to reproduce. Malware on the other hand is designed to do anything to avoid removal and replicate throug

        • Killer robots would either never get used or have so many safeguards they'd be half useless amidst the chaos of war and the treachery and adaptability of humans.

          Governments already have automated weapons, including sentry guns. And they work fine. High school kids (who are good programmers) can make them.

          Right now malware's just an expensive pain in the ass, but a day may come when during your coffee break all the doors lock, the ventilation system halts and the facility begins flooding with CO2.

          That's why we design systems with failsafes like manual overrides and the like. It should always take a human to do something that dangerous. The path to release CO2 into the breakroom should be mechanically impossible to activate via software; if you try to open all the applicable valves at once, some of them won't open.

  • ... correctly [slashdot.org].

  • So many ppl come here and post that Windows is not only safe, but that it is targeted because of numbers. Yet, it is obvious that NSA and GCHQ targeted Windows. Why? I doubt that it was numbers, but ease of cracking.

    So, in the meantime, how many companies will start switching to *nix?
    • So many ppl come here and post that Windows is not only safe, but that it is targeted because of numbers. Yet, it is obvious that NSA and GCHQ targeted Windows. Why? I doubt that it was numbers, but ease of cracking.

      If your targets use Windows it would be a real stroke of genius to distribute attacks against Linux, don't you think?

      Duh.

      So, in the meantime, how many companies will start switching to *nix?

      What is the *nix equivalent to secure boot? Signed kernel modules? What is the *nix equivalent to Measured Boot and Network Access Protection? How does an organization automatically and immediately detect and isolate potentially infected hosts?

      Every operating system out there will experience exploitable vulnerabilities. Applications running on top of the operating systems will experience

      • Does 'Nix support such security in depth?

        It's not security in depth if only some levels are secure, since you're only as secure as your weakest link. Windows isn't secure because of how it's developed and because of how it behaves once it's booted. That the boot process is a bit more secure doesn't make Windows more secure overall.

      • What is the *nix equivalent to secure boot? Signed kernel modules?

        Not loading modules at all. It's just one kernel compile away. That's been done for security reasons by some people since about when this site started or before. Some people even had their stuff boot from read-only optical media to avoid such threats back when the possibility of tainted kernel modules was first discussed.

        • by blueg3 ( 192743 )

          Those solve different problems. Turning off the ability to load modules is an alternative to signing kernel modules. Secure boot is about, at boot time, validating that the kernel has not been modified before loading it.

          Consider that in Linux, root is able to modify the kernel binary. So privilege escalation from root to kernel requires only a reboot and writes to disk.

          • by dbIII ( 701233 )
            As distinct from the complex web of trust described above where all it takes is yet another leaked key to break into it and render all that TPM stuff irrelevant - IN ADDITION to privilege escalation on the MS platform and a wide variety of problems that do not even need privilege escalation.
            Somebody clicking on a link in an Outlook message is all it takes to open up Internet Explorer to run whatever it finds in an "asp" script on a hacked MS webserver and next thing you've got files on network shares encryp
            • by blueg3 ( 192743 )

              So, most of that post was illegible anti-MS "I imagine everyone who disagrees with me is a fanboy" twisted worldview shit and is largely unreadable. I don't particularly agree with MS's Secure Boot approach, and you manage to point out why in the one coherent sentence at the beginning:

              As distinct from the complex web of trust described above where all it takes is yet another leaked key to break into it and render all that TPM stuff irrelevant

              Preshipping kernel-signing keys in TPMs and making it tricky to modify the trusted-signing-key list is a dangerous approach they've taken, for this reason. The benefit is that they can get people to actually use it. You can't

              • by dbIII ( 701233 )
                With respect, you are the one that came in with the childish "my platform is better than yours because your root can do anything" bullshit, so if you can't take a rebuttal then don't try to start such an argument.

                the TPM Secure Boot implementation doesn't use web-of-trust, it uses a typical PKI hierarchy

                An enormous attack surface probably including most of the current and former MS windows driver developers at thousands of companies versus letting the user have control over their own stuff.

                • by blueg3 ( 192743 )

                  With respect, you are the one that came in with the childish "my platform is better than yours because your root can do anything" bullshit, so if you can't take a rebuttal then don't try to start such an argument.

                  No. You're completely imaging--synthesizing--that Windows is "my platform" because Secure Boot was mentioned. The whole argument of signing kernels, root compromising the kernel with modifying the disk, etc. is just as true in Windows as in Linux. You just change the jargon. It's absolutely the same system.

                  Incidentally, by the nature of my work, I have all kinds of different operating systems. Most serious work gets done on Linux, or, occasionally, OS X, because I can't stand MinGW / Cygwin and command-line

                  • by dbIII ( 701233 )
                    Why the old troll of "but root can rewrite" then if you are being partisan? Why insult me and then mark me as foe just because I related a malware incident I was called in to clean up because the MS platform guys were snowed under?
                  • Why is it OK for you to point out that root can do anything on a *nix system yet it's somehow not OK for me to mention malware?
    • by Xest ( 935314 )

      What the fuck?

      No. GCHQ/NSA will choose whatever OS their fucking target is using. Ease of exploitation has nothing to do with it. They're not writing malware for shits and giggles or to steal grandmas pension. They're doing it with a specific intelligence gathering goal in mind. If it's Windows malware then it's because their fucking targets were running windows, nothing more, nothing less. It's stupid to try and turn this into a childish OS fanboy battle as the quality of an OS just isn't a factor in choos

      • Assuming that NSA/GCHQ are behind this, then they will be targeting what they can and what ppl run. More than 1/3 of the servers in the world are Linux alone. Heck, Russian AND Chinese gov. has moved pretty hard to Linux. The fact that NSA/GCHQ has NOT written to that, indicates that they are going after the easy thing.

        Sienmans was using windows for that. Of course, NSA/Israel targetted it. BUT, that is a SITE SPECIFIC set-up. When you have a foreign nation that makes heavy use of Linux, then you should b
        • by Xest ( 935314 )

          "Assuming that NSA/GCHQ are behind this, then they will be targeting what they can and what ppl run."

          Why?

          "Instead, NSA/GCHQ targeted windows because it is easy."

          Again, why?

          Why would you target something because it's easy even though it's of absolutely no intelligence value?

          • All OSs have major intelligence value. The vast majority of laptops in the west run Windows or Apple.
            OTOH, around the world, Windows represents less than 33% of all servers, which makes them a minority. Why would anybody target this 33%, but leave the other 66% which runs on larger sites? Because Windows is EASY to crack. Simple as that.
            • by Xest ( 935314 )

              You know you make absolutely no sense right?

              Why exactly is grandma's laptop of intelligence value. What possible benefit does having access to grandma's emails about her chess club offer the intelligence services?

              I think you need to stop smoking crack and accept that you don't understand anything about intelligence gathering.

    • by AmiMoJo ( 196126 ) *

      While they did infect some Windows machines, it's worth noting that a lot of the malware does target Unix based operating systems running in telecom equipment. Some of it goes after the BIOS or the firmware in various bits of hardware (e.g. hard drives) too, which is pretty much impossible for any OS to defend against.

      • Some of it goes after the BIOS or the firmware in various bits of hardware (e.g. hard drives) too, which is pretty much impossible for any OS to defend against.

        Why should that be impossible? On most hardware it may be, but if you're lucky enough to have a system with an IOMMU, the OS should absolutely be able to defend against such attacks simply by not permitting just any jerkoff application to access the disk controller directly. Applications then have to ask the driver to mediate all transactions, and the OS is definitely in a position to then prevent firmware tampering.

  • Out of fear, we will accept that Symantec will now be so bloated that most Windows PCs will never finish booting up.

    • by ruir ( 2709173 )
      Last time I noticed there are plenty of alternatives for Windows PCs. Yet the brainwashing is so entrenched articles never mention this virus *only* infect them.
  • Why do these places get hacked like this?

    Secure work done on a non-networked system.
    The networked system is routed through a firewall (running on a different OS, so no Windows everywhere) where only traffic to specific locations is permitted.
    If you want to visit a "suspect" site then start up a disposable VM running a different OS containing a browser, connect over a VPN to a less tightly controlled exit point, and use it then dispose of the VM when you're done.
    Do everything possible to block admin/network

    • by blueg3 ( 192743 )

      Secure work done on a non-networked system.

      That sure worked against Stuxnet.

      • by stiggle ( 649614 )

        Stuxnet worked by the devices it was attacking being on a network - even a private network is still a network with every USB port, floppy drive and CD/DVD drive being an attack vector.

        Just because something can be networked doesn't mean it should be.

        • by blueg3 ( 192743 )

          When attacks can hop airgaps through things like USB devices, the solution "airgap more" sounds a little desparate.

As of next Thursday, UNIX will be flushed in favor of TOPS-10. Please update your programs.

Working...