New Revelations on Regin Malware, Possibly State-Sponsored

Journalist:
December 8, 2014

In an article published on MIT Technology Review, legendary cryptography expert Bruce Schneier warns that antivirus companies have tracked for years a recently uncovered, very powerful and sophisticated malware, but chose not to disclose their findings. Why? Because there are indications that the malware is developed and operated by a government – the United States government.

Schneier is an American cryptographer, computer security and privacy specialist, and writer. He is the author of several books on general security topics, computer security and cryptography. One of the most influential and respected computer security experts in the world,  Schneier publishes Crypto-Gram, a free monthly e-mail newsletter about security.

Schneier describes a piece of malware called Regin that has been infecting computer networks worldwide since 2008. It’s more sophisticated than any known criminal malware, and everyone believes a government is behind it. No country has taken credit for Regin, but there’s substantial evidence that it was built and operated by the United States.

“This isn’t the first government malware discovered. GhostNet is believed to be Chinese. Red October and Turla are believed to be Russian. The Mask is probably Spanish. Stuxnet and Flame are probably from the U.S. All these were discovered in the past five years, and named by researchers who inferred their creators from clues such as who the malware targeted.”

The findings about Regin were announced from Symantec on November 23 and reported by CCN on November 25. The company said that its researchers had been studying it for about a year.

Also read: Possible State-Sponsored Malware, Regin, Has Secretly Spied on Computers for Years

Now Schneier reveals that other two antivirus companies, Kaspersky and F-Secure, stated that they had been tracking Regin for years. All three of the antivirus companies were able to find samples of it in their files since 2008 or 2009. Representatives of F-Secure said that “specific customers” asked them not to discuss the malware that had been found on their networks.

A Degree of Technical Competence Rarely Seen

Symantec states:

“An advanced piece of malware, known as Regin, has been used in systematic spying campaigns against a range of international targets since at least 2008. A back door-type Trojan, Regin is a complex piece of malware whose structure displays a degree of technical competence rarely seen. Customizable with an extensive range of capabilities depending on the target, it provides its controllers with a powerful framework for mass surveillance and has been used in spying operations against government organizations, infrastructure operators, businesses, researchers, and private individuals. It is likely that its development took months, if not years, to complete and its authors have gone to great lengths to cover its tracks. Its capabilities and the level of resources behind Regin indicate that it is one of the main cyberespionage tools used by a nation state.”

Fox IT, which was hired to remove Regin from the Belgian phone company Belgacom’s website, didn’t say anything about what it discovered because it “didn’t want to interfere with NSA/GCHQ operations.”

Schneier says:

“[G]overnment-grade malware can be hard to figure out. It’s much more elusive and complicated. It is constantly updated. [W]e expect [companies such as Symantec, Kaspersky, and F-Secure] to act in our interests, and never deliberately fail to protect us from a known threat. This is why the recent disclosure of Regin is so disquieting.”

I think Schneier is totally right. In today’s hysterical surveillance climate, the consumers can’t rely anymore on the honesty of the commercial companies that should provide useful services to them. It follows that the consumers should become familiar with strong cryptography and privacy technologies, and use the available tools.

What do you think? Did the government plant sophisticated malware on your PC? Comment below!

Images from Shutterstock.

Tags: malware
Giulio Prisco @giulioprisco

Science writer, software developer, Bitcoin/crypto enthusiast.