TR Member Perks!

Late last November Symantec Security blog posted information about a new, very sophisticated piece of malware named ‘Regin.’   They claimed that the malware had been in operation since 2008, and that it was being used to spy overwhelmingly on private individuals around the world, though governments and other organizations were as well targeted.  Most damning of the information Symantec released was the notion that “Regin is a complex piece of malware whose structure displays a degree of technical competence rarely seen. ”

Such statements immediately raised suspicions, and it was not long before accusations regarding who could have created such sophisticated started coming forth.  Notably, it was suspected that the recently discovered Regin malware might be the means by which the US was spying on the European Union, as whistle-blower Edward Snowden had revealed through leaked NSA documents.

This, of course, was interly speculative.  Until today.  By comparing Regin’s code to that of the terribly named keylogging program Qwerty, researchers at Kaspersky Lab were able to find shared code between the two.   Qwerty, one of many files leaked by Edward Snowden, was recently made available by the German newspaper  Der Spiegel.  Once this was availble, the Kaspersky lab researchers were not only able to prove a link between the two programs, but as well proved Qwerty’s dependence on Regin.  The researches conclude their blog post with;

Our analysis of the QWERTY malware published by Der Spiegel indicates it is a plugin designed to work part of the Regin platform.  The QWERTY keylogger doesn’t function as a stand-alone module, it relies on kernel hooking functions which are provided by the Regin module 50225.  Considering the extreme complexity of the Regin platform and little chance that it can be duplicated by somebody without having access to its sourcecodes, we conclude the QWERTY malware developers and the Regin developers are the same or working together.

What do you think of the NSA developing malware? Do you think this is a case of going too far? Tell us in the comments?

Matthew Campanella

A firm believer that technology is making the world a better place who hopes to share the revelation with other. Professional tramp, amateur writer. Huge nerd, occasional gamer.

  • dsadsada

    “researchers at Kaspersky Lab were able to shared code between the two”
    I assume you’re missing a “find”, “notice” or “identify” in there?

    And I feel this is par for the course with what I keep hearing about the NSA. Having the malware on the machine just makes the spying easier.

  • EphY

    All in the name of freedom and safety, right?

  • Typical

    I’m so shocked! quick someone get the paddles, I’m having a heart attack!!! I wish I could comment on the trash the NSA does, but my lifetime obligations kind of make me afraid to even share the limited knowledge I have, which admittedly isn’t very in depth.

  • Heavy Mettle

    What happened to the public outrage about this bs?

  • You mean the same outrage over #deflategate? Yeah.. that hashtags kinda says everything about why people #justdontcare.

  • We’ve gone from people saying “it doesn’t exist/the government wouldn’t do that/put your tinfoil hat back on” to “you don’t have to worry about it/it’s for the terrorists/to save the babies”.

  • Heavy Mettle

    Well, it’s very improbable that they’d actively spy on everyone rather than look for keywords, spend a few hours looking into the person more, and move on. Still though, it’s a matter of principal: they should not be doing so. We’re supposed to be the country of freedom that is supposed to serve as a benchmark for all other countries. Unfortunately the only way people will care enough to do something about it will be if the nsa took away Facebook.

  • EphY

    They probably don’t have the man-hours available to spy on everyone, but just them having the ability is pretty scary.

  • The Patriot Act put pay to that idea.

  • They’ve tacitly admitted they don’t have the manpower to do it (they use it as an excuse for not supposedly being able to harvest as much data as they’re made out to be doing), which is the rationale fuelling the push for autonomous robots and IA that can make decisions without human input.

    [Edit to add] Read into these what you will ;o) (yes they really did call the military coms network “Skynet” albeit for the UK [it’s not been fully confirmed other nations involvement])

  • ArsCortica

    The NSA is using malware and other largely illegal stuff to create a surveillance state?

    You. Don’t. Say!

    Also, “Der Spiegal” should be “Der Spiegel”. My inner grammar nazi forced me to write this.