Subscribe free to our newsletters via your
. 24/7 Space News .




CYBER WARS
Cyberspying tool could have US, British origins
by Staff Writers
Washington (AFP) Nov 24, 2014


A sophisticated cybersespionage tool has been stealing information from governments and businesses since 2008, researchers said Monday, and one report linked it to US and British intelligence.

The security firm Symantec identified the malware, known as Regin, and said it was used "in systematic spying campaigns against a range of international targets," including governments, businesses, researchers and private individuals.

The news website The Intercept reported later Monday that the malware appeared to be linked to US and British intelligence, and that it was used in attacks on EU government networks and Belgium's telecom network.

The report, citing industry sources and a technical analysis of the malware, said Regin appears to be referenced in documents leaked by former National Security Agency contractor Edward Snowden about broad surveillance programs.

Asked about the report, an NSA spokeswoman said: "We are not going to comment on speculation."

Symantec's report said the malware shares some characteristics with the Stuxnet worm-- a tool believed to have been used by the US and Israeli governments to attack computer networks involved in Iran's nuclear program.

Because of its complexity, the Symantec researchers said in a blog post that the malware "would have required a significant investment of time and resources, indicating that a nation state is responsible."

The researchers added that "it is likely that its development took months, if not years, to complete and its authors have gone to great lengths to cover its tracks."

- Lurking in shadows -

"Regin's developers put considerable effort into making it highly inconspicuous," Symantec said.

"Its low key nature means it can potentially be used in espionage campaigns lasting several years. Even when its presence is detected, it is very difficult to ascertain what it is doing. Symantec was only able to analyze the payloads after it decrypted sample files."

The researchers also said many components of Regin are still probably undiscovered and that there could be new versions of this tool which have not yet been detected.

The infections occurred between 2008 and 2011, after which the malware disappeared before a new version surfaced in 2013.

The largest number of infections discovered -- 28 percent -- was in Russia, and Saudi Arabia was second with 24 percent. Other countries where the malware was found included Mexico, Ireland, India, Afghanistan, Iran, Belgium, Austria and Pakistan. There were no reported infections in the United States.

Around half of all infections occurred at addresses belonging to Internet service providers, but Symantec said it believes the targets of these infections were customers of these companies rather than the companies themselves.

Telecom companies were also infected, apparently to gain access to calls being routed through their infrastructure, the report noted.

Regin appeared to allow the attackers to capture screenshots, take control of the mouse's point-and-click functions, steal passwords, monitor traffic and recover deleted files.

Symantec said some targets may have been tricked into visiting spoofed versions of well-known websites to allow the malware to be installed, and in one case it originated from Yahoo Instant Messenger.

Other security experts agreed this was a dangerous tool likely sponsored by a government.

"Regin is a cyberattack platform, which the attackers deploy in victim networks for total remote control at all levels," said a research report from Kaspersky Lab.

Kaspersky added that Regin also appears to have infiltrated mobile communications through GSM networks, exposing "ancient" communication protocols used by cellphone networks.

Antti Tikkanen at Finland-based F-Secure called it "one of the more complex pieces of malware around," and added that "our belief is that this malware, for a change, isn't coming from Russia or China."

The news comes amid heightened concerns on cyberespionage.

Last month, separate teams of security researchers said the Russian and Chinese governments are likely behind widespread cyberespionage that has hit targets in the US and elsewhere.

rl/rcw

SYMANTEC


Thanks for being here;
We need your help. The SpaceDaily news network continues to grow but revenues have never been harder to maintain.

With the rise of Ad Blockers, and Facebook - our traditional revenue sources via quality network advertising continues to decline. And unlike so many other news sites, we don't have a paywall - with those annoying usernames and passwords.

Our news coverage takes time and effort to publish 365 days a year.

If you find our news sites informative and useful then please consider becoming a regular supporter or for now make a one off contribution.
SpaceDaily Contributor
$5 Billed Once


credit card or paypal
SpaceDaily Monthly Supporter
$5 Billed Monthly


paypal only


.


Related Links
Cyberwar - Internet Security News - Systems and Policy Issues






Comment on this article via your Facebook, Yahoo, AOL, Hotmail login.

Share this article via these popular social media networks
del.icio.usdel.icio.us DiggDigg RedditReddit GoogleGoogle








CYBER WARS
China Premier calls for greater role in shaping Web
Hangzhou, China (AFP) Nov 20, 2014
Chinese Premier Li Keqiang Thursday demanded a greater role for Beijing in shaping the global Internet, calling for "order" online as he failed to address his government's censorship of content it deems politically sensitive. "We believe in an open, transparent and above all safe Internet," Li said on the sidelines of a Chinese-created Internet conference. "That requires an Internet shar ... read more


CYBER WARS
U.K. group to crowd-source funding for moon mission

After Mars, India space chief aims for the moon

China examines the three stages of lunar test run

China gears up for lunar mission after round-trip success

CYBER WARS
Second Time Through, Mars Rover Examines Chosen Rocks

Mars was warm enough for flowing water, but only briefly

Several Drives Push Opportunity Over 41-Kilometer Mark

Lockheed Martin Begins Final Assembly Of Next Mars Lander

CYBER WARS
Astronauts to get 'ISSpresso' coffee machine

Tencent looks to the final travel frontier

ESA Commissions Airbus As contractor For Orion Service Module

Study Investigates How Men and Women Adapt Differently to Spaceflight

CYBER WARS
China expects to introduce space law around 2020

China launches new remote sensing satellite

China publishes Earth, Moon photos taken by lunar orbiter

China plans to launch about 120 applied satellites

CYBER WARS
Italy's first female astronaut heads to ISS in Russian craft

Space station gets zero-gravity 3-D printer

NASA Commercial Crew Partners Continue System Advancements

Europe's 3D printer set for ISS

CYBER WARS
China launches Yaogan-24 remote sensing satellite

Soyuz Installed at Baikonur, Expected to Launch Wednesday

Time-lapse video shows Orion's move to Cape Canaveral launch pad

SpaceX chief Musk confirms Internet satellite plan

CYBER WARS
Follow the Dust to Find Planets

NASA's TESS mission cleared for next development phase

ADS primes ESA's CHEOPS to detect and classify exoplanets

NASA's TESS Mission Cleared for Next Development Phase

CYBER WARS
A new approach to the delivery of satellites to orbit

Swedish military gets upgraded radar facilityw/lll

Boeing Stacks Two Satellites to Launch as a Pair

Eurofighter unveils 1.0-billion-euro radar upgrade




The content herein, unless otherwise known to be public domain, are Copyright 1995-2014 - Space Media Network. All websites are published in Australia and are solely subject to Australian law and governed by Fair Use principals for news reporting and research purposes. AFP, UPI and IANS news wire stories are copyright Agence France-Presse, United Press International and Indo-Asia News Service. ESA news reports are copyright European Space Agency. All NASA sourced material is public domain. Additional copyrights may apply in whole or part to other bona fide parties. Advertising does not imply endorsement, agreement or approval of any opinions, statements or information provided by Space Media Network on any Web page published or hosted by Space Media Network. Privacy Statement All images and articles appearing on Space Media Network have been edited or digitally altered in some way. Any requests to remove copyright material will be acted upon in a timely and appropriate manner. Any attempt to extort money from Space Media Network will be ignored and reported to Australian Law Enforcement Agencies as a potential case of financial fraud involving the use of a telephonic carriage device or postal service.