Pinterest Stumbleupon Whatsapp
Ads by Google

If the NSA can track you – and we know it can – so can cybercriminals.

Theories and rumour and conjecture suggested that the security services had the means to monitor digital communications for years, but we never really knew for sure until Edward Snowden blew the whistle What Is PRISM? Everything You Need to Know What Is PRISM? Everything You Need to Know The National Security Agency in the US has access to whatever data you're storing with US service providers like Google Microsoft, Yahoo, and Facebook. They're also likely monitoring most of the traffic flowing across the... Read More on the whole sorry situation.

Since these revelations came to light, the NSA in America and GCHQ in the UK have become forever linked with the paranoia of population monitoring, using software to establish a virtual panopticon and look out for undesirable behaviour. (What they do next, of course, depends upon who you are, but we believe that you can avoid their surveillance Avoiding Internet Surveillance: The Complete Guide Avoiding Internet Surveillance: The Complete Guide Internet surveillance continues to be a hot topic so we've produced this comprehensive resource on why it's such a big deal, who's behind it, whether you can completely avoid it, and more. Read More .)

Recently, various tools that are believed to have been employed by the NSA have come to light. And they’re being used against you.

Cyber-Espionage Techniques: Because No Idea Is Unique

Remember that idea for a book you had, only to find out that someone else had already done it? Or the Android app that was totally your idea, until you had the guile to check and find that actually, no, it wasn’t only your idea.

muo-nsa-malware-gchq

Ads by Google

The same is true of malware and government-sponsored software designed to find out more about what you’re doing. If the NSA has these tools at their disposal, it won’t be long before foreign powers will have them too (if they don’t already).

But the real threat to your day-to-day online security and privacy doesn’t come from governments. It comes from those scammers, the criminals out to steal your identity, extort your bank balance and ruin your life so that they can line their pockets.

Over past few years, cyber-espionage techniques and tools have been spotted, anti-privacy weapons that governments can use against you. But who’s to say that the scammers can’t use those same, or similar, tools?

Spyware In Your Hard Disk Drive

muo-nsa-malware-spyware

You may have recently read about the discovery of an international spyware operation that has been traced back to the NSA. It involves sophisticated surveillance software secreted on hard disk drives built by Western Digital, Toshiba and Seagate (and compatible with devices by IBM, Micron, and Samsung Electronics), and is described by Kaspersky as “outstandingly professional.”

“Kaspersky Lab’s experts can confirm they have discovered a threat actor that surpasses anything known in terms of complexity and sophistication of techniques.”

The spyware hides by rewriting the disk firmware, preventing detection by anti-virus software and even attempts at erasure when the HDD is reformatted. Other secure HDD deletion tricks How To Completely & Securely Erase Your Hard Drive How To Completely & Securely Erase Your Hard Drive Read More are believed to be useless. Upon connection to the internet, the spyware allows files to be stolen from infected devices. So far most infections have been found in Iran, Russia, Pakistan, Afghanistan, China and several others, and targets have included governments, banks, military installations and even Islamic activists.

How this spyware found its way into these devices is not yet known, although introduction at the manufacturing plants or some unofficial acquiescence by the manufacturers shouldn’t be ruled out. What also shouldn’t be ruled out is the potential for this same tactic to be used by malware developers who target consumers – you and I.

Stuxnet: Because You Don’t Have To Be Processing Nuclear Materials

We all know Stuxnet as the worm that was used to attack Iran’s nuclear power program. In an interview with Jacob Applebaum published in German daily Der Spiegel in May 2013, Snowden stated that “The NSA and Israel wrote Stuxnet together,” but this only confirmed suspicions around the world.

But Stuxnet can be a threat beyond the world of industrial applications. Designed to target programmable logic controllers running in systems overseen by Windows and the Siemens Step7 software, PLCs aren’t only used in centrifuges and factory assembly lines. PLCs allow the controlling of some very heavy machinery, such as that found at amusement parks.

muo-nsa-malware-stuxnet

That’s right: a rollercoaster at a busy theme park could be targeted by a Stuxnet-like virus. I think we can all agree that the results would be catastrophic.

Stuxnet has three components: the worm, which executes the attack; the link file that creates copies of the worm; and the rootkit which hides malicious files used in the attack.

Most importantly, Stuxnet is introduced to a system via a USB flash drive, and if Siemens Step7 software or computers controlling a PLC are found, it becomes active (otherwise staying dormant). This worm’s ability to propagate infection via USB drives has been copied by other malware, such as BadUSB Your USB Devices Aren't Safe Anymore, Thanks To BadUSB Your USB Devices Aren't Safe Anymore, Thanks To BadUSB Read More and Flame, while Duqu is another similar malicious tool Microsoft Releases Temporary Fix For Duqu Virus [News] Microsoft Releases Temporary Fix For Duqu Virus [News] Several days ago we reported that a nasty new Windows bug had been found. It is particularly nasty for two reasons – it involves a previously unknown exploit, and it may be the brainchild of... Read More used for capturing data from industrial systems.

Regin: The Stealthy Spyware Platform

As if the prospect of Stuxnet impacting systems where families are out to enjoy themselves isn’t bad enough, you really need to hear about Regin, a nation-state sponsored spyware platform that is designed to remain stealthy.

First believed to have been used in 2011 (but probably developed in 2008) in a trio of attacks against the European Commission and the European Council, Belgian telecoms company Belgacom and notable Belgian cryptographer Jean-Jacques Quisquater, remnants of the code were sent to Microsoft who dubbed the spyware “Regin” and added detection for it to its security software (although Regin.A was soon followed by Regin.B).

muo-nsa-malware-spyware2

The principles used in this spyware could, and perhaps have already, been adopted by criminal scammers targeting you. But why copy Regin?

Says Symantec:

“In the world of malware threats, only a few rare examples can truly be considered groundbreaking and almost peerless.”

Finger pointing fell in the direction of GCHQ and the NSA, and this was confirmed in January 2015. Interestingly, Regin’s ability to target GSM base stations of cellular networks is very similar to NSA programs (identified thanks to Edward Snowden’s leaks) called MYSTIC and SOMALGET, which hijack mobile networks, collect metadata and record calls without the knowledge of those chatting (and perhaps even the owner of the network).

Regin is a malware developer’s nirvana. Carrying a remote access Trojan, keystroke logger, clipboard sniffer, password sniffer, tools to detect and read USB devices and the ability to scan and retrieve deleted files, Regin decrypts itself in five stages. The Symantec summary can be appreciated more upon reading this.

It’s basically a nightmare. While the smart money is on Regin targeting at private companies, governments, and educational/research institutions (and employees, such as German Chancellor Angela Merkel’s staff), you should still beware. Even if you don’t find yourself infected by Regin, consumer-targeted malware using some or all of the design principles cannot be far away.

Call of the Wild

All of these tools have been “caught” in the wild, either uploaded to virus checking sites such as VirusTotal or had the source code released to prove their origins.

Currently anti-virus tools can be used to protect and remove these threats, and while they’re unlikely to target you in their current form, there is a good chance that their design principles and concepts could be adopted – and in some cases already have been – by criminal malware developers.

These tools were ostensibly developed to protect you, but they will eventually be used to harm you.

Featured Image Credit: NSA via Shutterstock, GCHQ via Philip Bird LRPS CPAGB / Shutterstock.com, Image Credit: HDD via Shutterstock, Image Credit: Iran radiation via Shutterstock, Image Credit: Spyware via Shutterstock

  1. Greg
    May 15, 2015 at 11:38 pm

    Having recently been relieved of $3000 Euros on a travel card we purchased for a holiday BEFORE we had even used it( or taken off the letter it came on) I can easily believe all of this.

  2. dragonmouth
    March 10, 2015 at 7:25 pm

    "But the real threat to your day-to-day online security and privacy doesn’t come from governments. It comes from those scammers, the criminals out to steal your identity, extort your bank balance and ruin your life so that they can line their pockets."
    Another source of threat to our online security and privacy comes from private companies and corporations that want to gather as much data about us as they can. Governments, scammers and criminals are suspect by definition but, somehow, we rarely suspect private companies, much to our eventual detriment.

  3. Rob
    March 10, 2015 at 2:35 pm

    If malware etc is being installed in manufacturing plants, then what serious hope do we have? :/

    • Christian Cawley
      March 14, 2015 at 6:44 pm

      Trust no one, Rob. Our only hope.

Leave a Reply

Your email address will not be published. Required fields are marked *