Symantec said that the recently detailed Regin spyware looked like it was created for government surveillance, and there’s now some strong support for that claim. Both Kaspersky Lab and Wired understand that the super-sophisticated malware was used to infiltrate both Belgian carrier Belgacom and cryptographer Jean-Jacques Quisquater. Given that the NSA and Britain’s GCHQ have been linked to these malware attacks, it’s easy to connect the dots — from all indications, one or both spy agencies used Regin to snoop on these targets. There are also hints that it may have been used to hack into the European Commission back in 2011. The Commission’s director of security couldn’t tell Wired if the malware in that incident was the same, but the code involve was built from a “series of elements” that worked together, like Regin does.
There’s more: Kaspersky notes that Regin can not only attack GSM base stations used by cellular providers, but that it was used in one unnamed Middle Eastern country to create a network of infected systems (still active to this day) that can share commands and data. The network includes the office of the country’s president, a bank and educational institutions, among others. While instances like this haven’t been directly linked to espionage, they line up with Edward Snowden leaks showing that the NSA likes to intercept every call in some countries.
Provided the discoveries hold up, they confirm what many had suspected: that American and British intelligence outfits are not only using malware to spy on protected targets, but are using code specially built for the purpose. It’s not totally surprising given what we now know about online surveillance or the existence of cyberwarfare tools like Stuxnet. However, it hints that the American and British governments see custom malware as a regular part of their arsenals, not just something for extreme circumstances.
[Image credit: Sean Gallup/Getty Images]
Filed under: Internet