Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Region virus - nation state developed - Ireland badly hit

  • 23-11-2014 10:40pm
    #1
    Registered Users, Registered Users 2 Posts: 17,399 ✭✭✭✭


    So Regin is the latest code that is suspected to have been developed by a nation state. Symantec think it had been developed by a Western power.

    Get this. Saudi Arabia, Russia and Ireland are the most badly hit.

    Is this a specific threat against Irish interests ora specific entity present in Ireland or is Ireland just a testing ground to inform further iterations of the code that were set against the real target?

    http://www.symantec.com/connect/blogs/regin-top-tier-espionage-tool-enables-stealthy-surveillance

    Bloody phone corrected Regin to Region :p


Comments

  • Closed Accounts Posts: 18,966 ✭✭✭✭syklops


    r3nu4l wrote: »
    So Regin is the latest code that is suspected to have been developed by a nation state. Symantec think it had been developed by a Western power.

    Get this. Saudi Arabia, Russia and Ireland are the most badly hit.

    Is this a specific threat against Irish interests ora specific entity present in Ireland or is Ireland just a testing ground to inform further iterations of the code that were set against the real target?

    http://www.symantec.com/connect/blogs/regin-top-tier-espionage-tool-enables-stealthy-surveillance

    Bloody phone corrected Regin to Region :p

    Is Ireland a testing ground for such a virus?

    Or

    Is Ireland's IT infrastructure so poor that it got hit with the virus once and it spread?


    Speaking as someone who sees Ireland's IT infrastructure, from a security point of view on almost a daily basis I'd say its option 2.


  • Registered Users, Registered Users 2 Posts: 3,926 ✭✭✭Grab All Association


    I will be called an Anti-Semite but I bet Israel and the US were behind this.


  • Closed Accounts Posts: 18,966 ✭✭✭✭syklops


    Chris___ wrote: »
    I will be called an Anti-Semite but I bet Israel and the US were behind this.

    Based on?


  • Closed Accounts Posts: 4,029 ✭✭✭shedweller


    syklops wrote: »
    Based on?
    Stuxnet?


  • Closed Accounts Posts: 9,088 ✭✭✭SpaceTime


    Ireland's home to a LOT of major IT companies' European operations.
    Could be why.


  • Advertisement
  • Banned (with Prison Access) Posts: 1,221 ✭✭✭braddun


    probably Briton on behalf of usa


    Russia goes with out saying

    saudia because of oil

    Ireland because of ira

    mexico drug cartels


  • Hosted Moderators Posts: 7,486 ✭✭✭Red Alert


    It was claimed by Symantec on Morning Ireland that one organisation, who are not a household name, are known to be infected in Ireland. Wonder who it is?


  • Closed Accounts Posts: 1,460 ✭✭✭DipStick McSwindler


    This post has been deleted.


  • Closed Accounts Posts: 9,088 ✭✭✭SpaceTime


    It's possible that they've a relatively small number of samples which is why Ireland might be raking highly. It could be a single large attack or something like that.

    We have a lot of IT companies and hosting facilities here relative to the population size, so it could really be targeting any one of them.

    There's also a possibility of something like a single brand of USB device or some driver that's somehow been used here and in those other countries more than elsewhere.

    If it's a single organisation or several organisations, we'll eventually hear about it through the Data Protection Commissioner if personal data (likely) has been put at risk.

    It could also be a particular choice of some piece or version of networking equipment in a telco or something like that too that's in common with all of those countries.

    Whatever organisation(s) was/were hit by it really ought to come forward though. It's only reasonable that end users should be aware that they need to take immediate precautions as this could be anything from a hacker group to security services to corporate espionage of some sort. Not everything's about fighting terrorism, some of it is about stealing intellectual property or lifting cash out of accounts.


  • Registered Users, Registered Users 2 Posts: 1,110 ✭✭✭Skrynesaver


    Symantec have released a Whitepaper on the topic which can be found here --> http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/regin-analysis.pdf

    Very interesting indeed! Id love to know who the infected company in Ireland was, although I would like to hope whoever is was have been notified by now!

    According to Symantec it was a customer of theirs and they uncovered the threat in that customer, the customer has since been protected, so we're unlikely to hear the customers name from Symantec...


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 203 ✭✭industrialhorse


    According to Symantec it was a customer of theirs and they uncovered the threat in that customer, the customer has since been protected, so we're unlikely to hear the customers name from Symantec...

    Having worked for two major organisations in this country who both use Symantec as their endpoint protection product of choice, my bet is that the infected company are not as little-known as people might think they are and something will turn up in the public domain very soon. It will take RTE much longer to report on this for obvious reasons (overpaid, off the ball journalists)


  • Registered Users, Registered Users 2 Posts: 2,318 ✭✭✭deceit


    Just so you know I've been passing this malware onto Symantec for the last months for one of the customers of my employer.
    They have been targeted for months now which is why Ireland ranks highly.
    It was detected from manual intervention when coming onto the network and every precaution has been taking to protect against it with the customer which includes manually checking and submitting every suspected file to Symantec for Analysis before it gets near the companies network.
    Its not a household name also but its clear the reason for the target if you know the customer.
    I don't expect their to be any data protection issues as nothing was infected on their network as the threats where tested before they got near the network even though they where not detected.


  • Moderators, Computer Games Moderators, Technology & Internet Moderators Posts: 19,242 Mod ✭✭✭✭L.Jenkins


    To think, according to the report by Symantec, it's been on the go for around 6 years. Imagine the amount of data that has potentially stolen and this isn't any backroom/bedroom operation, someone had to finance it. If the rumors are true and it was developed by a Western power, there's only one Country with the neck to release something like Regin in to the wild.


  • Closed Accounts Posts: 9,088 ✭✭✭SpaceTime


    So it's proactive detection that's got us up the list?


  • Registered Users, Registered Users 2 Posts: 2,318 ✭✭✭deceit


    SpaceTime wrote: »
    So it's proactive detection that's got us up the list?
    Manual detection of the threat is what has us so high up the list, at least with the customer I've been dealing with.
    Each variant was not being detected by any anti virus vendor, a new signature was written for it each time the file was uploaded to be inspected.
    Their may be other customers I'm not aware of that bring it up the list.


  • Closed Accounts Posts: 1,460 ✭✭✭DipStick McSwindler


    This post has been deleted.


  • Closed Accounts Posts: 18,966 ✭✭✭✭syklops


    What truly amazes me about this whole thing is the standard of intelligence by the people who coded it. Its incredibly impressive!

    Which is why I don't think it is from a nation state.


  • Moderators, Computer Games Moderators, Technology & Internet Moderators Posts: 19,242 Mod ✭✭✭✭L.Jenkins


    syklops wrote: »
    Which is why I don't think it is from a nation state.

    State funded then?


  • Closed Accounts Posts: 9,088 ✭✭✭SpaceTime


    syklops wrote: »
    Which is why I don't think it is from a nation state.

    Our lot would go massively over budget and return data in indecipherable code by carrier pigeon. Then they realize they had hacked themselves and it would cost billions and need several quangos...


  • Registered Users, Registered Users 2 Posts: 6,539 ✭✭✭Mike Litoris


    deceit wrote: »
    Its not a household name also but its clear the reason for the target if you know the customer.

    Ah come one, Man. You can't do that to us! Spill :P


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 570 ✭✭✭hooplah


    seems like it was GCHQ who used it against a Belgian telco anyway: https://firstlook.org/theintercept/2014/11/24/secret-regin-malware-belgacom-nsa-gchq/


  • Registered Users, Registered Users 2 Posts: 1,681 ✭✭✭Standman


    From the Symantec white paper:
    The string ‘shit’ is scattered in the packet for data validation. In addition, CRC checks use the seed ‘31337’.

    Someone involved had a sense of humour anyway. "31337" is gamer/hacker slang in case anyone didn't know (I didn't :o).

    Could possibly lend credence to the suggestion that it was constructed by someone in the West or at least English speakers.


  • Closed Accounts Posts: 18,966 ✭✭✭✭syklops


    Standman wrote: »


    Someone involved had a sense of humour anyway. "31337" is gamer/hacker slang in case anyone didn't know (I didn't :o).

    .

    :eek:


  • Registered Users, Registered Users 2 Posts: 5,009 ✭✭✭skimpydoo


    I have a funny feeling that we were attacked because we have a few data centres in Ireland run by the likes of Amazon and Microsoft. Plus the American courts have recently told Microsoft that they have to allow the US access to their Irish Data Centres.


  • Moderators, Technology & Internet Moderators Posts: 4,621 Mod ✭✭✭✭Mr. G


    skimpydoo wrote: »
    I have a funny feeling that we were attacked because we have a few data centres in Ireland run by the likes of Amazon and Microsoft. Plus the American courts have recently told Microsoft that they have to allow the US access to their Irish Data Centres.

    Microsoft have still refused and breached contempt of court.

    It's pretty real. I would imagine there is much much more sophisticated malware out there.

    It aims to target countries such as Russia, Israel and Ireland. Hmm, I would believe it to be the NSA or the GCHQ.

    I'm not surprised about this, though it highlights the importance of proper IT security and Ireland needs more stringent laws for IT security.


  • Moderators, Technology & Internet Moderators Posts: 4,621 Mod ✭✭✭✭Mr. G


    The "Irish Orgranisation" would be bigger than Belgacom looking at the percentages of where it was detected.. Correct?


  • Closed Accounts Posts: 9,088 ✭✭✭SpaceTime


    This stuff is REALLY souring relations with several EU countries, especially Germany.
    Merkel is seeing parallels to this and what she had to put up with in her younger years with the East German secret police tapping calls and intercepting communications and she's apparently very, very unhappy about it.

    I could see this scuppering the Transatlantic Trade Partnership agreement too as it's really starting to go beyond antiterrorism monitoring.


  • Registered Users, Registered Users 2 Posts: 7,521 ✭✭✭jmcc


    SpaceTime wrote: »
    This stuff is REALLY souring relations with several EU countries, especially Germany.
    Merkel is seeing parallels to this and what she had to put up with in her younger years with the East German secret police tapping calls and intercepting communications and she's apparently very, very unhappy about it.
    Wasn't she a good little Communist back then and member of all the approved state organisations? :) It is not the software that has been detected that is the problem. It is the as yet undetected software. I'm not sure that it really has had much of an effect on relations as the targets and the intelligence gathered have not been revealed.

    Regards...jmcc


  • Registered Users, Registered Users 2 Posts: 1,667 ✭✭✭Impetus




  • Advertisement
  • Registered Users, Registered Users 2 Posts: 5,009 ✭✭✭skimpydoo


    Impetus wrote: »

    Actually the other thread is a duplicate as this thread was created Sunday Night.


  • Registered Users, Registered Users 2 Posts: 1,456 ✭✭✭FSL


    All the publicity is about the Windows version. The question is where is the Linux version hiding?


  • Closed Accounts Posts: 9,088 ✭✭✭SpaceTime


    jmcc wrote: »
    Wasn't she a good little Communist back then and member of all the approved state organisations? :) It is not the software that has been detected that is the problem. It is the as yet undetected software. I'm not sure that it really has had much of an effect on relations as the targets and the intelligence gathered have not been revealed.

    Regards...jmcc

    I don't think you'd much of an option. You either joined, or you didn't get into university.

    I'm sure there's plenty of undetected software of various origins running quietly away snooping on us right now.


  • Registered Users, Registered Users 2 Posts: 36,533 ✭✭✭✭Hotblack Desiato


    r3nu4l wrote: »
    Bloody phone corrected Regin to Region :p

    That's funny. I read the thread title as 'Religion virus - nation state developed - Ireland badly hit'...

    In Cavan there was a great fire / Judge McCarthy was sent to inquire / It would be a shame / If the nuns were to blame / So it had to be caused by a wire.



  • Closed Accounts Posts: 48 Streets_of Rage 2 Come_On


    Another one, state backed, after phone calls.

    http: // arstechnica.com/security/2014/12/nation-backed-malware-targets-diplomats-iphones-androids-and-pcs/


  • Advertisement
  • Closed Accounts Posts: 48 Streets_of Rage 2 Come_On


    FSL wrote: »
    All the publicity is about the Windows version. The question is where is the Linux version hiding?

    Ta Da.

    http:/ /www .theregister.co.uk/2014/12/09/deadly_snake_lurks_in_watering_hole_bites_linux/


  • Registered Users, Registered Users 2 Posts: 36,533 ✭✭✭✭Hotblack Desiato


    Load of nonsense press release masquerading as an article, the El Reg of old would have torn it to shreds.

    In Cavan there was a great fire / Judge McCarthy was sent to inquire / It would be a shame / If the nuns were to blame / So it had to be caused by a wire.



  • Closed Accounts Posts: 18,966 ✭✭✭✭syklops


    Ta Da.

    http:/ /www .theregister.co.uk/2014/12/09/deadly_snake_lurks_in_watering_hole_bites_linux/

    Whats with the spaces in the URL?

    And what the hell happened to El Reg? Typo in paragragh 2, and other mistakes in the article and a mostly meh article.

    "Tips and corrections" - Is this a draft perhaps?


  • Registered Users, Registered Users 2 Posts: 5,112 ✭✭✭Blowfish


    syklops wrote: »
    Whats with the spaces in the URL?
    Seems they are banned, but to combat spam, user's with less than 50 posts can't post links.


Advertisement