malware industrial complex

Reagan? No, Regin — Yet Another [GCHQ] Intelligence Malware

Recently, computer security firm Symantec reported discovery of another intelligence-gathering malware, dubbing  it “Regin.”

What’s particularly interesting about this malware is its targets:

  • It infected computers in Afghanistan, Austria, Belgium, India, Iran, Ireland, Mexico, Pakistan, Russia, Saudia Arabia;
  • At 48% of total infections, the largest group of targets were private individuals and small businesses.

Please do read Symantec’s blog post and its technical paper on Regin to understand how it works as well as its targets. Many news outlets either do not understand malware and cybersecurity, or they get facts wrong whenever major malware attacks are reported. Symantec’s revelation about Regin is no different in this respect.

Independent.ie offers a particularly exceptional example distorting Symantec’s report, claiming “Ireland is one of the countries worst hit globally by a dangerous new computer virus that spies on governments and companies, according to a leading technology firm.”

If by “worst hit,” they mean among the top four countries targeted by this malware? Sure. But only 9% of the infections affected Irish-based computers, versus 28% of infections aimed at Russian machines, and 24% affecting Saudi machines. The Independent.ie’s piece reads like clickbait hyperbole, or fearmongering, take your pick.

What wasn’t addressed by the Independent.ie and numerous other outlets, including those covering the tech sector are some fundamental questions:

  • What assets or activities might the targeted countries have in common that would make them targets of a single intelligence operation organized by one or more nation-states?
  • What are so many private individuals and small businesses targeted by this malware, in contrast to other malware-based intelligence-collection operations seen to date?

The Guardian came closest to examining these issues, having interviewed researchers at computer security firm F-Secure to ask the origins of the malware. As of 24-NOV-2014, the firm’s Mikko Hypponen speculated that the US, UK, and/or Israel were behind Regin’s development and deployment.

As of the video embedded above, Hypponen firmly says the UK’s intelligence entity GCHQ is behind Regin, in particular the malware’s invasion of a Belgian telecom network (see video at 07:20). Continue reading

Enjoy A Valentine’s Day Sampler

Made just for you via cryptogram.com

Made just for you via cryptogram.com

It’s difficult lately for me to sit down and spend time on a blogpost. I manage a handful of minutes here and there to do reading or research. An email may take hours to draft.

But there’s too much juicy stuff floating around deserving more attention. I’m going to gather content as I see it and aggregate it into a post when I have time, rather than let them slip by. Perhaps you can make more of them than I can.

•  MIT Technology Review acknowledges the dawn of a new age in Welcome to the Malware-Industrial Complex. I’m rather surprised at the tone of this piece; it’s not au courant, rather a bit behind the times since the MIC launched more than a handful of years ago. Two important points emerge: 1) Zero-day exploits are being traded like weaponry–think very hard about the source of these exploits and ask yourself why they are tolerated in government computing environments, let alone any other production environment; 2) This new age is the military face of the paradigm shift from the industrial to the information age. Weapons are information; they are no longer separate from the weapons themselves. With this in mind, the last two grafs of this article display the already-anachronistic thinking of the author and his sources.

•  Syracuse University MA/PhD student Seth Long performs a rather fascinating analysis on alleged cop killer Christopher Dorner’s manifesto. But equally fascinating is his earlier analysis on Ted Kaczynski’s Unabomber manifesto. Compare the two assessments, and then ask yourself what any blogger’s online writings might say about them if Long’s analytical process is eventually automated with algorithms. Scary, hmm?

•  Really great long read at Bloomberg Businessweek on the unmasking of a Chinese hacker by a Dell Computers malware expert. This is a snapshot of asymmetric warfare in progress; it’s not as if China has not told us rather candidly (and more than a decade ago) they would engage us in this manner as well as in other non-internet battlefields. Any surprise on the part of U.S. government officials at this point is utterly ridiculous–it’s either feigned or it’s should-get-another-day-job stupidity.

•  I’m so annoyed by this long read in Aeon Magazine–a really great mag, by the way–that I may yet muster the time to write something longer. Author Damien Walter is rather specious in his identification of a new “creator culture” and its necessity to society’s continued success. The problem isn’t that we need to adopt and nurture a new creator culture; it’s that we killed the one we had quite willingly over the last 25-35 years by offshoring production and the subsequent commodification of goods. We allowed corporations and their one-percenter shareholders to tell us that getting our hands dirty through craftsmanship and in manufacturing was bad (mostly bad for their profit margins). We’ve become a culture that doesn’t fix anything; we buy replacements made overseas in third world countries. We’ve lost our can-do spirit along with this shift, and only recently have both the economic crisis and a new hipster-hobbyist ethos encouraged a resurgence of the do-it-yourself handyperson. Unless we’re conscious of our role in killing creativity, nurturing it again through supporting Etsy and Maker Faires is merely temporary relief from the crush of profit-driven consumerism.

•  But perhaps all of this will be moot tomorrow if the cosmos decides to make a bank shot with asteroid 2012 DA14. This “small” asteroid will fly within 17,200 miles of earth tomorrow afternoon. This is awfully bloody close–close enough that scientists say disruption of cellphone and other satellite service is not impossible, but unlikely. That’s a whisker’s breadth, in cosmic scale. Best to check in tomorrow afternoon after 3:00 pm CST to see if we’re still here. See you then.

Emptywheel Twitterverse
bmaz @armandodkos Heh, yeah Ima get all over that.
2mreplyretweetfavorite
bmaz @gideonstrumpet What's "Facebook"?
3mreplyretweetfavorite
bmaz @ConnConnection I mean, if you could wander around down on the floor, and get close+hear, maybe. But this? Nope.
4mreplyretweetfavorite
bmaz @fedcourts Yeah, Restrepo is not the average Obama nom.
6mreplyretweetfavorite
bmaz @seanpaulkelley Is that the Pope?
6mreplyretweetfavorite
bmaz @realsaramerica @gideonstrumpet It was hard to carry on without Strumpet.
11mreplyretweetfavorite
bmaz Ted Cruz is a bloviating asshole, Part 2, 765 http://t.co/e26HGR4o8L
13mreplyretweetfavorite
bmaz @JustADCohen Has GA ever granted clemency?
16mreplyretweetfavorite
bmaz @ScottGreenfield No no, dammit, my point was valid!
18mreplyretweetfavorite
bmaz The NFL wants $28.50 for the privilege of sitting in the stands and watching SB media day today. What kind of idiot would pay to do that?
18mreplyretweetfavorite
bmaz @fedcourts Can they get Restrepo confirmed?
22mreplyretweetfavorite
bmaz RT @ColMorrisDavis: Pres Romney wouldn't hide in India as #Snowghazi buries NE, he'd hitch up his ballet dancing horse & plow the entrance …
48mreplyretweetfavorite
January 2015
S M T W T F S
« Dec    
 123
45678910
11121314151617
18192021222324
25262728293031