Regin spying tool linked to NSA among first malware meant for espionage

JERUSALEM The malware known as Regin linked to the National Security Agency as a tool for tapping mobile phone networks and infiltrating foreign computer systems now appears to have been developed as early as 15 years ago, making it among the first major pieces of invasive computer software built to enable government espionage.

The program was revealed last month in reports from security companies Kaspersky Lab and Symantec Corp. Soon thereafter, The Intercept published new leaks from NSA whistleblower Edward Snowden thatshed light on how programs such as Regin(pronounced Re-gen)were used to collect sensitive, technical information on more than 70 percent of the worlds cellular networks.

Between the Snowden documents and the disclosures from computer security professionals about Regin, for the first time researchers think theyve linked NSA wiretapping operations to the particular tool the agency used to accomplish it, caught in the act invading a foreign cellular network.

This is the first time weve seen it for real with our own eyes. For us it was pretty surprising, says Costin Raiu, director of Kaspersky Labs Global Research and Analysis Team.

The NSAs vast surveillance practices stockpiling of phone records, recording text messages, listening in on conversations of foreign heads of state, tapping into global fiber optic communications -- began to be revealed a year and a half ago when the Snowden documents emerged.

Now, analysis of the Regin malware provides rare insight into how such extensive hacking and wiretapping was accomplished.

Regin is not just a worm or a virus, but a malwareplatform, which can host many different types of attacks. It was built for stealth and flexibility and has been found on computers around the world, serving many different purposes.

Both Kaspersky Lab and Symantec judged Regin to not only be the work of a nation-state, but also one of the most sophisticated, if not the most sophisticated, pieces of malware in existence. Both companies also specifically noted that Regin was used against telecommunications companies and infrastructure (in addition to a variety of other targets).

Get Monitor cybersecurity news and analysis delivered straight to your inbox.

The precise way that Regin enters a computer system is still unknown, but it may involve visiting spoofed versions of well-known websites or a backdoor through an application. According to Symantec, in one case log files showed that Regin got in through an unknown exploit in Yahoo! Instant Messenger.

Here is the original post:
Regin spying tool linked to NSA among first malware meant for espionage