Monday, November 24, 2014

Advanced cyberspying tool dates from 2008

Advanced cyberspying tool dates from 2008
Advanced cyberspying tool dates from 2008

Symantec said the malware shares some characteristics with the Stuxnet worm-- a tool believed to have been used by the US and Israeli governments to attack computer networks involved in Iran's nuclear program

Washington (AFP) - A highly sophisticated cyberspying tool has been used since 2008 to steal information from governments, businesses and others, security researchers said Monday.

The security firm Symantec said the malware, known as Regin, was seen "in systematic spying campaigns against a range of international targets," including governments infrastructure operators, businesses, researchers and private individuals.

Symantec said the malware shares some characteristics with  the Stuxnet worm-- a tool believed to have been used by the US and Israeli governments to attack computer networks involved in Iran's nuclear program.

Because of its complexity, the Symantec researchers said in a blog post that the malware "would have required a significant investment of time and resources, indicating that a nation state is responsible."

The researchers added that "it is likely that its development took months, if not years, to complete and its authors have gone to great lengths to cover its tracks."

They described Regin as "a multi-staged threat," with each stage hidden and encrypted.

Each individual stage provides little information on the package and "only by acquiring all five stages is it possible to analyze and understand the threat," the researchers said.

- Lurking in shadows -

"Regin's developers put considerable effort into making it highly inconspicuous," Symantec said.

"Its low key nature means it can potentially be used in espionage campaigns lasting several years. Even when its presence is detected, it is very difficult to ascertain what it is doing. Symantec was only able to analyze the payloads after it decrypted sample files."

The researchers also said many components of Regin are still probably undiscovered and that there could be new versions of this tool which have not yet been detected.

The infections occurred between 2008 and 2011, after which the malware disappeared before a new version surfaced in 2013.

The largest number of infections discovered -- 28 percent -- was in Russia, and Saudi Arabia was second with 24 percent. Other countries where the malware was found included Mexico, Ireland, India, Afghanistan, Iran, Belgium, Austria and Pakistan. There were no reported infections in the United States.

Around half of all infections occurred at addresses belonging to Internet service providers, but Symantec said it believes the targets of these infections were customers of these companies rather than the companies themselves.

Telecom companies were also infected, apparently to gain access to calls being routed through their infrastructure, the report noted.

Regin appeared to allow the attackers to capture screenshots, take control of the mouse’s point-and-click functions, steal passwords, monitor traffic and recover deleted files.

Symantec said some targets may have been tricked into visiting spoofed versions of well-known websites to allow the malware to be installed, and in one case it originated from Yahoo Instant Messenger.

The news comes amid heightened concerns on cyberespionage.

Last month, separate teams of security researchers said the Russian and Chinese governments are likely behind widespread cyberespionage that has hit targets in the US and elsewhere.

One team of researchers led by the security firm Novetta Solutions said it identified a hacker group believed to act "on behalf of a Chinese government intelligence apparatus."

A separate report by the security frim FireEye said a long-running effort to hack into US defense contractors, Eastern European governments and European security organizations is "likely sponsored by the Russian government."

Join the conversation about this story »

Chinese Olympic star Sun Yang failed May drugs test - Xinhua
Chinese Olympic star Sun Yang failed May drugs test - Xinhua

China's Olympic swimming star Sun Yang failed a doping test in May and was subsequently banned for three months, the official Xinhua news agency reports

Beijing (AFP) - China's controversial Olympic swimming star Sun Yang failed a doping test in May and was subsequently banned for three months, the official Xinhua news agency reported Monday.

The ban, following a positive test for the stimulant trimetazidine, was imposed in July, the agency said, citing the China Anti-Doping Agency (CHINADA). 

Sun competed in the Asian Games in September, where he took gold in the 1,500 and 400 metres freestyle, and the 4 x 100 relay.

Xinhua did not immediately explain why the positive result had only come to light now, or how Sun was able to take part in the Incheon event.

It said that the 22-year-old tested positive on May 17 during China's national swimming championships, waived his right to have his B sample tested, and defended himself in a hearing in July "where the experts decided to hand him a three-month ban".

Trimetazidine was added to the World Anti-Doping Agency's banned list in January this year, Xinhua said. Sun said he used it for medical reasons and had been unaware that it was included on the list, it added.

Sun won the 400 and 1500 metres freestyle events at the 2012 London Olympics, and also has five world championship golds to his name, but has frequently faced controversy during his career.

At the Asian Games he called the Japanese national anthem "ugly", a comment for which he later apologised. 

It was only the latest incident to embroil Sun, who has frequently battled with authority, leading to jail time and prolonged suspensions from the swimming pool. 

In 2013, he was suspended from commercial activities and warned about his personal behaviour after a battle with his coach over a relationship with an airline stewardess. Sun had missed training sessions to go on dates.

The swimming star's notoriety grew in November last year when he was caught driving a relative's Porsche without a licence following a collision with a bus. He was jailed for one week and suspended from swimming for six months.

After the ban was lifted, Sun returned to the pool at the national championships, winning the 200m freestyle title days before his positive test.

Join the conversation about this story »

Asian stocks climb after China rate cut
Asian stocks climb after China rate cut

Asian markets have rallied after China's surprise move last week to cut interest rates for the first time in more than two years as leaders try to kickstart growth in the Asian economic giant

Hong Kong (AFP) - Asian markets rallied Monday after China's surprise move last week to cut interest rates for the first time in more than two years as its leaders try to strengthen growth.

The euro struggled following a sell-off Friday in response to comments from the head of the European Central Bank hinting at further stimulus measures to fight off deflation.

Shanghai rose 1.85 percent, or 46.09 points, to end at 2,532.88 while in late trade Hong Kong was up 1.90 percent.

Sydney added 1.08 percent, or 57.5 points, to 5,361.8 and Seoul ended 0.70 percent higher, tacking on 13.70 points to 1,978.54.

Tokyo was closed for a public holiday.

China's central bank on Friday evening announced it would slash its one-year rate for deposits by 25 basis points to 2.75 percent, and its one-year lending rate by 40 basis points to 5.6 percent, both effective Saturday.

The move -- the first cut since July 2012 -- followed a series of disappointing data from the world's number two economy, a key driver of global growth.

Last week banking giant HSBC said its index of manufacturing activity in China showed the sector had stagnated in November, while other data on trade and industrial output have also highlighted weakness.

"This provides confidence that growth won't fall below seven percent," said Shane Oliver, head of investment strategy and chief economist at AMP Capital Investors.

"Some of the rally this year has been a removal of cheap valuations. The next leg of the rally will probably come from confidence that growth is not going to collapse," Oliver told Dow Jones Newswires.

US shares rallied on the news. The Dow climbed 0.51 percent and the S&P 500 gained 0.52 percent-- both ending at new record highs -- while the Nasdaq added 0.24 percent.

- Euro struggles -

 

Also providing buying support was a suggestion from ECB head Mario Draghi that he is ready for further stimulus to boost the flagging eurozone economy.

He told a banking congress Friday the ECB "will use all means available to us, within our mandate, to return inflation towards our objective -– and without any undue delay".

Among the measures being considered are the large-scale purchase of government bonds -- known as quantitative easing -- similar to that undertaken by the Bank of Japan and recently wound down by the US Federal Reserve.

The bank is struggling to fend off deflation in the currency bloc with inflation currently at just 0.4 percent, well below the ECB target of 2.0 percent.

Draghi's comments hit the euro, which fell to 145.91 yen and $1.2405 late Friday from 147.81 yen and $1.2553 beforehand. In Asian trade Monday it was sitting at 146.02 yen and $1.2396.

The dollar bought 117.83 yen against 117.63 yen Friday

In oil markets US benchmark West Texas Intermediate for January delivery was up 31 cents at $76.82 a barrel in afternoon trade, and Brent crude for January added 37 cents to $80.73.

Gold was at $1,200.05 an ounce, compared with $1,196.81 late Friday.

 

In other markets:

-- Taipei rose 0.34 percent, or 30.80 points, to 9,122.33.

Taiwan Semiconductor Manufacturing Co. was unchanged at Tw$138.5 while Hon Hai Precision Industry was 0.21 percent higher at Tw$96.5.

-- Wellington eased 0.44 percent, or 24.13 points, to 5,471.68.

Contact Energy was down 1.09 percent at NZ$6.33 and Fletcher Building shed 1.19 percent to NZ$8.30.

 

Join the conversation about this story »
Posted by at