Known as Regin, the hacking spyware has already been discovered in 10 countries. Source: Getty Images / Fotobank
This week, the Financial Times reported that Symantec, one of the leading American cyber security companies, detected hacking spyware called Regin on the Internet. Regin is already being called one of the most sophisticated malware programs in the history of cyber warfare. According to experts at Symantec, the program was developed by a Western intelligence agency and targeted primarily against Russian and Saudi telecom companies.
Regin spies on mobile telecom operators by eavesdropping on phone conversations and reading private e-mails. According to Symantec, the new virus is much more powerful than Stuxnet, which was launched against Iran’s computer systems in 2010 and seriously stalled its nuclear program.
Russian experts do not think the virus poses a danger to state facilities yet, but they do think it could have an impact on businesses.
What is Regin spying on?
Symantec experts still do not fully comprehend how the spyware works and how it strikes at corporate systems. All that is known is that Regin makes it possible to eavesdrop on mobile phone conversations on major international operators and intercept e-mails on Microsoft servers.
Spokespeople for the Symantec lab said that “the virus can steal passwords and personal information, take screenshots, recover deleted files, and forward personal e-mails to other addresses.” According to experts, the spyware has been used against private businesses but that its real target might be government facilities.
Experts polled by RIR think that because reports about the virus have emerged during a period of tension between the United States and Russia, they could be rumors and exaggerations. Nonetheless, the experts warn that both the government and businesses should take a responsible approach to protecting their information systems from the Regin virus.
Sergei Nikitin, deputy director of the computer forensics laboratory at Group-IB, regards the Regin virus as a high-class, sophisticated product with the properties of a multifunctional Trojan virus that is not yet detectable by anti-virus software. “The virus doesn’t pose danger to state-owned critical infrastructure facilities yet, but businesses should look after their information security,” Nikitin said.
“There are a lot of embellished facts about the virus”
Regin is not the first case in which states themselves create and introduce spyware into the software of critical facilities belonging to an adversarial state. “Let’s recall the examples of sophisticated viruses such as Stuxnet, Duqu, Flame and Red October,” said Andrei Prozorov, an information security expert at InfoWatch.
In Prozorov’s opinion, the main reason that spyware spreads is because neither the government nor businesses understand the necessity of protective measures. “These attacks can shut down fuel and energy facilities, systemically important banks and telecom operators,” Prozorov said.
In the opinion of Alexei Lukatsky, an information security consultant for CISCO in Russia, geopolitical tensions between Russia and the West have played a role in the emergence of information about the virus at this particular time. “There are a lot of embellished facts in the information about the virus,” Lukatsky said. “There is no evidence as to how Regin works, who is listening to all the mobile operators’ voice traffic or where the information is sent.”
Lukatsky thinks the virus itself would have to be a second analogue to mobile GSM communications in order to listen to all mobile operators. However, if that were the case experts would have immediately identified it.
According to experts, hackers from the U.S. and China are the most active suppliers of spyware to the world market. A U.S.-Russian agreement on trust measures in cyberspace, as well as a bilateral presidential commission on trust in cyberspace, were both terminated due to tension between the two countries this past summer.
All rights reserved by Rossiyskaya Gazeta.