'Groundbreaking' malware used to spy on individuals, governments

A “groundbreaking and almost peerless” piece of global malware is being used to spy on individuals, companies, researchers and government agencies, according to a Monday report from a cybersecurity firm.

Security researchers said Monday they suspect the U.S. and Britain are behind the surveillance tool, dubbed Regin.


Security firm Symantec, which first revealed the malware in a white paper, described Regin as "a complex piece of malware whose structure displays a degree of technical competence rarely seen."

“It provides its controllers with a powerful framework for mass surveillance," Symantec explained.

Regin uses a lengthy, five-stage infection process to avoid detection. Discovery of any one stage would yield little to no information about the malware.

Once Regin has embedded itself in a network, it can capture screenshots, take control of a computer’s mouse, steal passwords, read emails, track phone calls, monitor network traffic and retrieve deleted files.

An initial version was used from 2008 to 2011. An updated iteration has been in use since 2013.

Regin is being compared to Stuxnet, the digital weapon that destroyed significant portions of the Iranian nuclear research program five years ago. Israel and the U.S. were widely suspected to be the architects of Stuxnet.

Regin’s targets are similar to those hit by Stuxnet.

Roughly half of Regin's infections were noticed in Russia and Saudi Arabia. Eight other countries each accounted for at least 5 percent of the infections: Mexico, Ireland, India, Afghanistan, Iran, Belgium, Austria and Pakistan.

Stuxnet was detected in Iran, Indonesia, India, Pakistan and Russia.

Clear attribution could take years. Stuxnet was discovered in 2010, but solid links to the U.S. and Israel didn’t develop until 2012.

What is clear is that Regin is the centerpiece of some country’s intelligence system, Symantec noted.

“It is likely that its development took months, if not years, to complete and its authors have gone to great lengths to cover its tracks,” the company said.

Interest in countries’ surveillance capabilities has skyrocketed since former government contractor Edward Snowden disclosed a number of U.S. spy programs. The National Security Agency (NSA), he revealed, has programs that collect data on phone calls and Internet traffic.

It has raised questions about what other secret programs advanced countries such as the U.S. are using to spy on people.

The Senate recently voted down a motion to move forward with a bill that would have curbed some of the NSA’s authorities, including its program to collect data on phone calls. 

— Updated 5:55 p.m.