World's most advanced hacking spyware let loose

November 23, 2014

A cyber snooping operation reminiscent of the Stuxnet worm and billed as
the world's most sophisticated computer malware is targeting Russian and
Saudi Arabian telecoms companies.

Cyber security company Symantec said the malware, called “Regin”, is
probably run by a western intelligence agency and in some respects is
more advanced in engineering terms than Stuxnet, which was developed by
US and Israel government hackers in 2010 to target the Iranian nuclear
programme.

The discovery of the latest hacking software comes as the head of
Kaspersky Labs, the Russian company that helped uncover Stuxnet, told
the Financial Times that criminals are now also hacking industrial
control systems for financial gain.

Organised criminals tapping into the networks that run industrial
companies, alongside the development of the latest online snooping worm,
are signs of the increasingly sophisticated nature of cyber attacks.

“Nothing else comes close to this...nothing else we look at compares,”
said Orla Cox, director of security response at Symantec, who described
Regin as one of the most “extraordinary” pieces of hacking software
developed, and probably “months or years in the making”.

However, a western security official said it was difficult to draw
conclusions about the origins or purpose of Regin. “It's dangerous to
assume that because the malware has apparently been used in a given
country, it did not originate there,” the person said. “Certain states
and agencies may well use tools of this sort domestically.”

Symantec said it was not yet clear how Regin infected systems but it had
been deployed against internet service providers and telecoms companies
mainly in Russia and Saudi Arabia as well as Mexico, Ireland and Iran.

The security software group said Regin could be customised to target
different organisations and had hacked Microsoft email exchange servers
and mobile phone conversations on major international networks.

“We are probably looking at some sort of western agency,” Ms Cox said.
“Sometimes there is virtually nothing left behind – no clues. Sometimes
an infection can disappear completely almost as soon as you start
looking at it, it's gone. That shows you what you are dealing with.”

As online threats race up national security agendas and governments look
at ways of protecting their national infrastructures a cyber arms race
is causing concern to the developed world

Meanwhile, Eugene Kaspersky, chief executive of Kaspersky Labs, warned
that the computer networks that control energy plants and factories are
becoming targets for organised crime gangs armed with skilled hackers.
He said there was evidence of “more and more very targeted attacks” of
the networks that run industrial companies.

The attacks go beyond recent data breaches at US bank JPMorgan and US
retailer Home Depot, in which criminals sought credit card details or
personal data to attempt false transactions. Mr Kaspersky said criminals
have used hacking for everything from bypassing security at ports to
stealing grain from a Ukrainian factory by adjusting the digital scales
to read a lower weight.

The most public incident of cyber industrial crime was exposed when
Europol smashed a drugs ring last year that was hacking into the control
systems of the Belgian port of Antwerp, to move containers holding drugs
away from the prying eyes of customs inspectors. 

http://www.ft.com/cms/s/0/8392d196-7323-11e4-907b-00144feabdc0.html
--- NewsGate v1.0 gamma 2