Posts

Reagan? No, Regin — Yet Another [GCHQ] Intelligence Malware

Recently, computer security firm Symantec reported discovery of another intelligence-gathering malware, dubbing  it “Regin.”

What’s particularly interesting about this malware is its targets:

  • It infected computers in Afghanistan, Austria, Belgium, India, Iran, Ireland, Mexico, Pakistan, Russia, Saudia Arabia;
  • At 48% of total infections, the largest group of targets were private individuals and small businesses.

Please do read Symantec’s blog post and its technical paper on Regin to understand how it works as well as its targets. Many news outlets either do not understand malware and cybersecurity, or they get facts wrong whenever major malware attacks are reported. Symantec’s revelation about Regin is no different in this respect.

Independent.ie offers a particularly exceptional example distorting Symantec’s report, claiming “Ireland is one of the countries worst hit globally by a dangerous new computer virus that spies on governments and companies, according to a leading technology firm.”

If by “worst hit,” they mean among the top four countries targeted by this malware? Sure. But only 9% of the infections affected Irish-based computers, versus 28% of infections aimed at Russian machines, and 24% affecting Saudi machines. The Independent.ie’s piece reads like clickbait hyperbole, or fearmongering, take your pick.

What wasn’t addressed by the Independent.ie and numerous other outlets, including those covering the tech sector are some fundamental questions:

  • What assets or activities might the targeted countries have in common that would make them targets of a single intelligence operation organized by one or more nation-states?
  • What are so many private individuals and small businesses targeted by this malware, in contrast to other malware-based intelligence-collection operations seen to date?

The Guardian came closest to examining these issues, having interviewed researchers at computer security firm F-Secure to ask the origins of the malware. As of 24-NOV-2014, the firm’s Mikko Hypponen speculated that the US, UK, and/or Israel were behind Regin’s development and deployment.

As of the video embedded above, Hypponen firmly says the UK’s intelligence entity GCHQ is behind Regin, in particular the malware’s invasion of a Belgian telecom network (see video at 07:20). Read more

More Collateral Damage From Mad Rush to Rely on Drones

A drone crashed in Afghanistan earlier this week. (Wikimedia Commons photo via Bakhtar News)

Marcy already covered the very important Greg Miller Washington Post article on drones and the way the Obama administration is growing ever more reliant on their use. I would like to focus on more of the collateral damage from drone use as described in two Los Angeles Times articles from this week.  Today’s article discusses the growing reliance on civilian contractors in the use of drones.  Earlier in the week, we learned about the “death squads” roaming the tribal areas of Pakistan doling out revenge on those thought to have sold information used by the US in developing target information. Taken together, these articles demonstrate how the excessive reliance on drones is outstripping the military and CIA support infrastructure. This matter will be only be made worse by the fact that the number of US personnel on the ground within Pakistan to develop intelligence has been cut to one fourth the previous level.

Today’s LA Times article opens with a description of the difficulties that ensue when civilians take part in analysis of video feeds from drones that hit civilian targets:

After a U.S. airstrike mistakenly killed at least 15 Afghans in 2010, the Army officer investigating the accident was surprised to discover that an American civilian had played a central role: analyzing video feeds from a Predator drone keeping watch from above.

The contractor had overseen other analysts at Air Force Special Operations Command at Hurlburt Field in Florida as the drone tracked suspected insurgents near a small unit of U.S. soldiers in rugged hills of central Afghanistan. Based partly on her analysis, an Army captain ordered an airstrike on a convoy that turned out to be carrying innocent men, women and children.

We learn in the article that maintaining drones in the air requires a very large contingent of ground support, with Predators requiring over 150 ground crew for a 24 hour flight and twice that amount for the larger drones. We are already short on these ground crews and yet the number of these medium and large drones is expected to go from the current 230 to 960 within ten years. But don’t worry, only 44 hours of training are required to certify a pilot!

In relying so heavily on civilian contractors, the US is flirting with breaking the international laws of war.  Also from today’s article: Read more