Regin Malware In EU Attack Linked To US and British Intelligence Agencies 131
Advocatus Diaboli writes The Regin malware, whose existence was first reported by the security firm Symantec on Sunday, is among the most sophisticated ever discovered by researchers. Symantec compared Regin to Stuxnet, a state-sponsored malware program developed by the U.S. and Israel to sabotage computers at an Iranian nuclear facility. Sources familiar with internal investigations at Belgacom and the European Union have confirmed to The Intercept that the Regin malware was found on their systems after they were compromised, linking the spy tool to the secret GCHQ and NSA operations.
Surprise! (Score:2)
I'd welcome our new overlords, but they seem to have already been here for a while.
About all that's left to comment on is Hot Grits, Natalie Portman and griping about there not being a Cowboy Neal choice any more.
Re: (Score:1)
Im still blaming the NSA for the whole Cowboy Neal thing
Re: (Score:2)
About all that's left to comment on is Hot Grits, Natalie Portman and griping about there not being a Cowboy Neal choice any more.
There's no Cowboy Neal choice anymore because Dice is selling the Slashdot poll to the highest bidder. Whichever advertising/polling corporation buys access to it gets to put whatever options they want in it, and professional pollsters conducting srs bsns don't put in a Cowboy Neal option. They don't know what it means.
Is it the humorous option? Is it dissatisfaction with the other choices? Is it the correct choice? Is it none of the above? Is it all of the above? Is it both? Is it Cowboy Neal's cho
Re: (Score:2)
Those few left who are inclined to my my tinfoil hat...
Those few left who are inclined to mock my tinfoil hat...
How surprising (Score:1)
That seems to be the way everything is pointing. Kind of makes me wonder what happened to that "land of the free" part of the national charactor.
Re:How surprising (Score:4, Insightful)
Re: (Score:2)
Right... there's no difference between Russia, where running against Putin gets you a lifetime jail sentence, and the USA, where running could actually get you elected.
Are you all in 8th grade?
Re: (Score:2)
Right... there's no difference between Russia, where running against Putin gets you a lifetime jail sentence, and the USA, where running could actually get you elected.
As J. Random Citizen, or even just as a small-time politician who wants to Do The Right Thing, you have absolutely zero chance of becoming president of the USA. That the law says that it is possible in no way changes that fact. It is utterly impossible to become president of the USA without media support, and they have nothing to gain by upsetting the apple cart.
Re: (Score:1)
It is utterly impossible to become president of the USA without media support...
That would be a bad reflection on the passive media consumer... They are free to change the channel, or look elsewhere for information. It's just too easy to do a background check these days.
Re: (Score:1)
It is utterly impossible to become president of Russia without KGB^W FSB support
Which do you prefer?
Re: (Score:2)
Re: (Score:2)
Authoritarianism sucks even in small doses.
Re: (Score:1)
In America, anyone can become president. Look at Dubya.
Of 300 million people, they picked him.
Quite the land of opportunity....
Re: (Score:2)
By "west" you mean the US and UK, neither of which ever really had a good idea of what freedom is. The US was a bit better than the UK because it had a constitution, but that document mainly ensures negative freedoms: freedom from interference, or limits on your actions.
Most of western Europe, particularly Germany, France, the Netherlands and other Nordic countries have a lot of positive freedom too. Privacy, happiness, a real prospect of prosperity. That's why they get so pissed off about spying, and don't
Re: (Score:2)
NPRK? Isn't that a radio station in Cincinnati?
Re: (Score:3)
Re: (Score:3)
Well, at least we can still claim to be the "home of the brave." Of course, that just leaves us on a par with Freedonia. [wikipedia.org]
Re: (Score:2)
There has been no definitive proof of US involvement just as there was no proof of US and Israeli culpability for the Stuxnext attack but if they were responsible they certainly owe no one any apologies. In this new incident there is a lot of hysterical rhetoric, conjecture, theories, possibilities, and absolutely no hard evidence. Sounds like an open and shut case. And of course all these security researchers are apolitical angels who would never have any specific agenda to push. The security agencies in R
Re: (Score:1)
but if they were responsible they certainly owe no one any apologies.
Because Belgium is exactly the same as Iran.
How will I explain this to my children (Score:5, Interesting)
On NSA website, NSA states about their values: " We will protect national security interests by adhering to the highest standards of behavior".
So how NSA would be able to explain to a child that computer virus and malware represent the highest standard of behavior.
It is probably the same as stealing money on the street from slightly overweight person and telling him/her, that you need to lose weight anyway and that the robber cares about you. If questioned, street robber will counter stating that the victim should be thankful, because in other streets (countries) you could be shot for even questioning.
Is vulnerable and weakened by NSA encryption is also "highest standard of behavior", dear beavers from NSA?
Re: (Score:2)
So how NSA would be able to explain to a child that computer virus and malware represent the highest standard of behavior.
By the standards of the traditional "black ops" business, isn't computer malware among the easier things to explain to a child? At least there are no hidden knives or exotic poisons involved.
Re: (Score:1)
You're approaching "explaining to a child" with the mentality of protecting the child from the more gruesome aspects of the world.
Op is approaching "explaining to a child" from the position of a parent who wants to raise their kids to have strong morals, a realistic outlook of the world, and patriotism, but the government is forcing us into a "pick any two" situation.
Re: (Score:2)
I was approaching it the same way. The American intelligence community has major ethical problems, and distributing malware is not in the top-10 list of the worst ones.
Re: (Score:3)
Re: (Score:3)
Re: (Score:2)
Re: (Score:2)
"Whatever this man has told you is a lie. He lies for a living!"
"He's in the Intelligence business."
"Exactly."
"YOU are in the Intelligence business!"
Re:How will I explain this to my children (Score:4, Interesting)
The other question is what is the NSA really doing with all this information especially as they have been known to target 'ALL' foreign politicians and of course have a publicly stated penchant for extortion. How many countries democracies have been derailed of late by naughty foreign politicians being caught and yet to have been exposed, as long as of course they continue to comply. With the inclusion of major US corporations as contractor and such espionage partners, how much leverage will they be able to gain in many countries.
Re: (Score:2)
They don't say whose standards of behavior they are adhering to.
Its only really on the standard of "a legal democracy with full disclosure" where they fall down so pick anything else and their statement is true.
National security interests - these include anything which affects the US position in the world so thats the economy, communications, military advancements, technological advancements, scientific discoveries, etc. So any industrial espionage to benefit American industry is OK by the NSA. So is ensu
Re: Don't be evil (Score:1)
The main problem about breaking ethics for a "good reason" is it paves the way for Evil.
That said, "imperialism" is a human fact: people love Greatness, no matter you are American, British, French, Russian, Spanish or Chinese.
Nations remember only the times when they reached the peak of their glory. The French remember Napoleon (despite the fact he was bitterly defeated), and I bet many Chinese think of themselves as the heirs of Genghis Khan. USA tries to follow the path of other big empires of the past...
Re: (Score:2)
People love greatness, and measure it in a variety of ways, including artistic and scientific achievements. Military might took a disproportionate importance simply because it used to be absolute necessity in the violent chaos of international relations. However, the age of war is ending, simply because they're too expensive and risky to wage, so we're seeing a shift in
Re: (Score:2)
the age of war is ending, simply because they're too expensive and risky to wage
Profiting from sending other people's children (or, put another way, excess population) to die in other countries which can't meaningfully fight back doesn't sound all that risky to me.
Re: (Score:2)
Neither Saddam nor Taliban could really fight back, yet those wars ended costing the US about a trillion dollars it could ill afford to lose. Furthermore, sending "excess population" to die risks revolution or at least demonstrations, like those during Vietnam war; and speaking of Vietnam, you also risk misjudging your enemy
Re: (Score:2)
Just put it into historical [wikipedia.org] context [wikipedia.org]. A computer virus is a huge step up from real ones. And using one to stop a nuclear weapons program while causing zero casualties is definitely a win for the world.
Anti-virus/malware? (Score:2)
Re: (Score:3)
A consumer OS with standard trusted consumer AV and trustred normal OS updates?
A well understood open source install that a user looks over deeper OS level logs everyday?
The presence of unique new code a user "installed" and "allowed" is not going to report on huge anti-virus and anti-malware lists.
Will well understood behavior analysis on consumer grade AV be looking in the correct place
Most sophisticated malware? (Score:2)
"Symantec Security Response has not obtained the Regin dropper at the time of writing. Symantec believes that once the dropper is executed on the target’s computer, it will install and execute Stage 1. It’s likely that Stage 0 is responsible for setting up various extended attributes and/or registry keys and values that hold encoded versions of stages 2, 3, and potentially stages 4 and onwards". link [symantec.com]
Re:Most sophisticated malware? (Score:4, Interesting)
Will this sophisticated malware work on anything other than Microsoft Windows
While I do not think you expected sincere answers to this question there is a reason to support the obligatory "of course not" answer. From the Kaspersky analysis ( https://securelist.com/blog/re... [securelist.com] )
"The name Regin is apparently a reversed "In Reg", short for "In Registry", as the malware can store its modules in the registry. "
And since Linux has no registry...
- then again I would not ne surprised to learn that there is a variant of this tool runing on linux which just swaps in a different module to store its VFS at a place hard to detect on linux. Unused space behind the partitions or something...
So, no - no reason to feel safe. Your choice of OS may only protect you until they decide to actually aim at you.
Poettering's pwnage plan (Score:2)
It's not on its technical merits, it's certainly not due the purity of its design philosophy, and nobody gives a decihoot how long some pakol-clad *buntard's lappie takes to boot.
And yet they're all so keen for us to use systemd...
OFFTOPIC, Flamebait (Score:2)
-5
I wonder who was targeted? (Score:2)
Operation Socialist
Its very much true, no one in murica likes socialism...
if for no other reason "they know whats good for them".
Re: (Score:3)
When different network where still needed experts did find a few interesting past projects:
Greek wiretapping case 2004–05 https://en.wikipedia.org/wiki/... [wikipedia.org]–05
The SISMI-Telecom scandal in Italy found in 2006 https://en.wikipedia.org/wiki/... [wikipedia.org]
Re: (Score:2)
Re: (Score:2)
socialist
you keep using that word, I don't think you know what it means.
Advanced malware controlling industrial systems (Score:5, Interesting)
Re: (Score:2)
Malware is infamous for aggressively trying to preserve itself. We all joke about how stupid the idea of programming an AI with a strong sense of self-preservation is because of the obvious dangers, but that is exactly how malware is programmed.
You are wanting to be commenting here [slashdot.org].
Re: (Score:3)
You are wanting to be commenting here [slashdot.org].
Heh, thanks. While self-commanding killer robots are the obvious focus of our fear, it's not always the most obvious expectation that bites one in the ass. Killer robots would either never get used or have so many safeguards they'd be half useless amidst the chaos of war and the treachery and adaptability of humans. Though they'd have some degree of self-preservation, they would have no desire or ability to reproduce. Malware on the other hand is designed to do anything to avoid removal and replicate throug
Re: (Score:3)
Killer robots would either never get used or have so many safeguards they'd be half useless amidst the chaos of war and the treachery and adaptability of humans.
Governments already have automated weapons, including sentry guns. And they work fine. High school kids (who are good programmers) can make them.
Right now malware's just an expensive pain in the ass, but a day may come when during your coffee break all the doors lock, the ventilation system halts and the facility begins flooding with CO2.
That's why we design systems with failsafes like manual overrides and the like. It should always take a human to do something that dangerous. The path to release CO2 into the breakroom should be mechanically impossible to activate via software; if you try to open all the applicable valves at once, some of them won't open.
I called it ... (Score:2)
... correctly [slashdot.org].
Why do you say that? (Score:2)
Re: (Score:2)
In TFA there's a chart of targets. The US is not on it.
Anyway, this is actually great news because the US has been keen on accusing China and Russia of hacking the US.
This throws some cold WAteR on that, doesn't it?
Re: (Score:2)
Re: (Score:2)
Citation, please.
How many bozos are screaming that Windows is safe? (Score:3)
So, in the meantime, how many companies will start switching to *nix?
Re: (Score:3)
So many ppl come here and post that Windows is not only safe, but that it is targeted because of numbers. Yet, it is obvious that NSA and GCHQ targeted Windows. Why? I doubt that it was numbers, but ease of cracking.
If your targets use Windows it would be a real stroke of genius to distribute attacks against Linux, don't you think?
Duh.
So, in the meantime, how many companies will start switching to *nix?
What is the *nix equivalent to secure boot? Signed kernel modules? What is the *nix equivalent to Measured Boot and Network Access Protection? How does an organization automatically and immediately detect and isolate potentially infected hosts?
Every operating system out there will experience exploitable vulnerabilities. Applications running on top of the operating systems will experience
Re: (Score:2)
Does 'Nix support such security in depth?
It's not security in depth if only some levels are secure, since you're only as secure as your weakest link. Windows isn't secure because of how it's developed and because of how it behaves once it's booted. That the boot process is a bit more secure doesn't make Windows more secure overall.
You are a bit over a decade out of date (Score:3)
Not loading modules at all. It's just one kernel compile away. That's been done for security reasons by some people since about when this site started or before. Some people even had their stuff boot from read-only optical media to avoid such threats back when the possibility of tainted kernel modules was first discussed.
Re: (Score:2)
Those solve different problems. Turning off the ability to load modules is an alternative to signing kernel modules. Secure boot is about, at boot time, validating that the kernel has not been modified before loading it.
Consider that in Linux, root is able to modify the kernel binary. So privilege escalation from root to kernel requires only a reboot and writes to disk.
Re: (Score:2)
Somebody clicking on a link in an Outlook message is all it takes to open up Internet Explorer to run whatever it finds in an "asp" script on a hacked MS webserver and next thing you've got files on network shares encryp
Re: (Score:2)
So, most of that post was illegible anti-MS "I imagine everyone who disagrees with me is a fanboy" twisted worldview shit and is largely unreadable. I don't particularly agree with MS's Secure Boot approach, and you manage to point out why in the one coherent sentence at the beginning:
As distinct from the complex web of trust described above where all it takes is yet another leaked key to break into it and render all that TPM stuff irrelevant
Preshipping kernel-signing keys in TPMs and making it tricky to modify the trusted-signing-key list is a dangerous approach they've taken, for this reason. The benefit is that they can get people to actually use it. You can't
Re: (Score:2)
An enormous attack surface probably including most of the current and former MS windows driver developers at thousands of companies versus letting the user have control over their own stuff.
Re: (Score:2)
With respect, you are the one that came in with the childish "my platform is better than yours because your root can do anything" bullshit, so if you can't take a rebuttal then don't try to start such an argument.
No. You're completely imaging--synthesizing--that Windows is "my platform" because Secure Boot was mentioned. The whole argument of signing kernels, root compromising the kernel with modifying the disk, etc. is just as true in Windows as in Linux. You just change the jargon. It's absolutely the same system.
Incidentally, by the nature of my work, I have all kinds of different operating systems. Most serious work gets done on Linux, or, occasionally, OS X, because I can't stand MinGW / Cygwin and command-line
Re: (Score:2)
Missed a bit (Score:2)
Re: (Score:2)
Christ, use a little reading comprehension.
Consider that in Linux, root is able to modify the kernel binary. So privilege escalation from root to kernel requires only a reboot and writes to disk.
1. Be root.
2. Use disk writes to modify the kernel binary.
3. Reboot
There are fancy ways to accomplish (2), but a suitable proof-of-concept is to completely overwrite the existing kernel binary (on disk) with a new one compiled by the attacker. That should make it obvious that the attacker gets to completely control what is in the kernel.
You write of reading comprehension, yet ... (Score:2)
"Some people even had their stuff boot from read-only optical media"
I deliberately addressed the issue to avoid it coming up and deliberately used very simple and informal language so that it would be easy to comprehend - yet it's been missed an now there's some bleating about reading comprehension from the person that missed it. I can only assume that things have degenerated to mindless cheering for the
Re: (Score:2)
I'm not cheering MS. UEFI Secure Boot is just MS strongarming people into actually adopting something that's been widely researched for a while now. People have had research-grade implementations of secure-boot for Linux for some time now. Hell, it was probably five years ago that there was a proof-of-concept implementation of a signed full stack on Linux that did remote attestation (so that a server could prove to a user that its software stack was untampered).
Otherwise, you're being deliberately obtuse in
Re: (Score:2)
What a nasty and uncalled for insult. Just because you reject a simple solution in favour of complex one that depends on trusting every single driver supplier on the planet with a key that can 0wn a computer and lock the real owner out is no reason to get nasty.
Re: (Score:2)
Just because you reject a simple solution in favour of complex one
Your simple solution is simple but unusable.
Signing binaries is not complex.
The UEFI Secure Boot implementation used by Microsoft is not the only way to implement Secure Boot.
Re: (Score:2)
Re: (Score:2)
What the fuck?
No. GCHQ/NSA will choose whatever OS their fucking target is using. Ease of exploitation has nothing to do with it. They're not writing malware for shits and giggles or to steal grandmas pension. They're doing it with a specific intelligence gathering goal in mind. If it's Windows malware then it's because their fucking targets were running windows, nothing more, nothing less. It's stupid to try and turn this into a childish OS fanboy battle as the quality of an OS just isn't a factor in choos
Re: (Score:2)
Sienmans was using windows for that. Of course, NSA/Israel targetted it. BUT, that is a SITE SPECIFIC set-up. When you have a foreign nation that makes heavy use of Linux, then you should b
Re: (Score:2)
"Assuming that NSA/GCHQ are behind this, then they will be targeting what they can and what ppl run."
Why?
"Instead, NSA/GCHQ targeted windows because it is easy."
Again, why?
Why would you target something because it's easy even though it's of absolutely no intelligence value?
Re: (Score:2)
OTOH, around the world, Windows represents less than 33% of all servers, which makes them a minority. Why would anybody target this 33%, but leave the other 66% which runs on larger sites? Because Windows is EASY to crack. Simple as that.
Re: (Score:2)
You know you make absolutely no sense right?
Why exactly is grandma's laptop of intelligence value. What possible benefit does having access to grandma's emails about her chess club offer the intelligence services?
I think you need to stop smoking crack and accept that you don't understand anything about intelligence gathering.
Re: (Score:2)
While they did infect some Windows machines, it's worth noting that a lot of the malware does target Unix based operating systems running in telecom equipment. Some of it goes after the BIOS or the firmware in various bits of hardware (e.g. hard drives) too, which is pretty much impossible for any OS to defend against.
Re: (Score:2)
Some of it goes after the BIOS or the firmware in various bits of hardware (e.g. hard drives) too, which is pretty much impossible for any OS to defend against.
Why should that be impossible? On most hardware it may be, but if you're lucky enough to have a system with an IOMMU, the OS should absolutely be able to defend against such attacks simply by not permitting just any jerkoff application to access the disk controller directly. Applications then have to ask the driver to mediate all transactions, and the OS is definitely in a position to then prevent firmware tampering.
The real aim of ISIS stands revealed (Score:2)
Out of fear, we will accept that Symantec will now be so bloated that most Windows PCs will never finish booting up.
Re: (Score:2)
Separate firewall box blocking traffic (Score:2)
Why do these places get hacked like this?
Secure work done on a non-networked system.
The networked system is routed through a firewall (running on a different OS, so no Windows everywhere) where only traffic to specific locations is permitted.
If you want to visit a "suspect" site then start up a disposable VM running a different OS containing a browser, connect over a VPN to a less tightly controlled exit point, and use it then dispose of the VM when you're done.
Do everything possible to block admin/network
Re: (Score:2)
Secure work done on a non-networked system.
That sure worked against Stuxnet.
Re: (Score:2)
Stuxnet worked by the devices it was attacking being on a network - even a private network is still a network with every USB port, floppy drive and CD/DVD drive being an attack vector.
Just because something can be networked doesn't mean it should be.
Re: (Score:2)
When attacks can hop airgaps through things like USB devices, the solution "airgap more" sounds a little desparate.
Re: (Score:1)
china doesn't have to resort to standalone software such as this.. they've got their paws on the internal firmware of the vast majority of network and routing gear sold worldwide.
Re: (Score:2)