Sunday, November 23, 2014

Keep Calm and Do Not Reign On


Keep calm and do not Reign on. Reign is a malware which was originally found in 2008 to 2011, disappeared, then reappeared recently. Unlike regular malware this has extreme sophistication and complexity. Similar to the older Flam malware Reign is deemed to by a nation-state created spying malware. With extreme covertness it allows those who infect to collect data from what it infect for long periods of time without being discovered on the infected device. Other malware similar to Flame was found around the same time and was determined to have originated from the US and Israel backed agencies, though the creators of Reign have not been determined it seems that it may have similar backers.

Ever since project PRISM was released to the public by Snowden the US has been the go to blame for many extremely sophisticated spying programs, which would not be surprising that the US could be behind Reign. These sophisticated malwares have been known for a few years now but were generally not cared about, much how PRISM had murmurs much before it was announced to the public, but unlike PRISM was a very broad and unsophisticated mechanism for collecting data. Reign has the ability to target specific machines or users and collect data from those that may be the people who a nation-state has deemed a threat (what is a threat to a nation-state? Not a person, usually a group or another nation-state). From early information on this malware it is known that industries within Russia and Saudi Arabia have been heavily targeted by Reign. It has not been specific people but infrastructure such as ISP backbones.

Reign is newly announced so it has not been determined how exactly it works, but since the older Flame malware does contain similarities it could be compared and used as a source to know how Reign works. First off, Flame has modular, so this means that when a machine is infected it does not contain all the hacks that the full repository of Reign contains. This may mean that there are different versions Reign, being modular, out in the wild affected hosts differently based on what industry the machine is used in. The method on how Reign spreads is currently undetermined, but Flame was spread through USB drives, since back when it was heavily in the wild there was a USB exploit for autorun and .lnk which would spread the malware without permissions between machines. Flame had the ability to turn this feature on and off so that it could control the spread of the malware. Flame has the ability to take screen shots and send them back to the remote servers of those who created the malware, the rate which the screen shots were taken differed by which programs were being used on the infected machine. This is the basics of how Reign could be potentially working, though at a much more complex level since it is a newer malware.

The continues the mantra that battles will not be fought human to human but will move towards the cat and mouse games of cyber attacks. The biggest danger that comes from this form of war is that anyone has the potential to be a participant, sometimes without their willingness, or a threat, this is mainly due to the fact that all you need is the know how and a computer to conduct these attacks. Battles of the past require huge amounts of man power, infrastructure and money to fight, but these new wars will be cheap, fast and deadly. At any point it is possible that a rogue hacker with exploits of security software could shut down the entire electrical grid of Eastern America. This would decimate the country, imagine the nukes dropped on Japan without the death and destruction. It could be possible to send countries back decades in one foul swoop.

http://www.wired.com/2012/05/flame/all/

PS
Here is a new link which goes much more in depth and factual than the previous link:
https://securelist.com/blog/research/67741/regin-nation-state-ownage-of-gsm-networks/
ENJOY!

PPS
SCREW WINDOWS
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)