
Top German official infected by spy trojan with NSA ties - r721
http://arstechnica.com/tech-policy/2015/10/top-german-official-infected-by-highly-advanced-spy-trojan-with-nsa-ties/
======
jakeogh
Unfortunate how people tasked with protecting information so often still use
Windows.

------
junto
From the original Spiegel article in English concerning Regin:
[http://www.spiegel.de/international/world/regin-malware-
unma...](http://www.spiegel.de/international/world/regin-malware-unmasked-as-
nsa-tool-after-spiegel-publishes-source-code-a-1015255.html)

    
    
      "Pursuant to our technical analysis, QWERTY is identical
      with the Regin plug-in 50251," Raiu says. In addition, the
      analysis revealed that Regin is apparently an attack
      platform that can be used by several different institutions
      in several different countries. Kaspersky published its
      findings in a blog post on Tuesday.
    
      The new analysis provides clear proof that Regin is in fact
      the cyber-attack platform belonging to the Five Eyes
      alliance, which includes the US, Britain, Canada, Australia
      and New Zealand. Neither Kaspersky nor Symantec commented
      directly on the likely creator of Regin. But there can be
      little room left for doubt regarding the malware's origin.
    
      The source code excerpt published by SPIEGEL comes straight
      from the Snowden archive.
      
      Regin was also apparently involved in the attack on the
      Belgian telecommunications firm Belgacom. And Belgacom, as
      SPIEGEL reported in the summer of 2013, was a target of the
      British intelligence agency GCHQ. Ronald Prins, head of the
      Dutch security company Fox IT, which analyzed the attack on
      Belgacom, told SPIEGEL ONLINE in the summer of 2011 that
      Regin appeared to be a tool belonging to the NSA and GCHQ.
    
      There are also additional clues pointing to Regin being a
      Five Eyes tool:
    
      - In the QWERTY code, there are numerous references to
      cricket, a sport that enjoys extreme popularity in the
      Commonwealth.
      
      - There are many similarities with the cyber-weapons system
      that the intelligence agencies call "Warriorpride" in the
      Snowden documents.
      
      - The targets thus far known are consistent with Five Eyes
      surveillance targets as outlined in the Snowden documents.
      
      A serious cyber-attack on the European Commission in 2011.
      The deputy head of Germany's Federal Office for Information
      Security, Andreas Könen, told SPIEGEL at the end of last
      December that, "we have reconstructed that; there are clear
      congruencies."
      
      The Austrian newspaper Der Standard, citing anonymous
      sources, reported last November that malware code from the
      Regin family had been found in the network of the
      International Atomic Energy Agency, based in Vienna.
      Germany's Bild newspaper also reported a Regin infection in
      the computer of a member of the department for European
      affairs in Angela Merkel's Chancellery. According to the
      paper, the malware was found on the woman's private
      computer. The Federal Office for Information Security says
      that Regin has not yet been found on official German
      government computers.
      
      It seems likely that more Regin discoveries will be made.
      Kaspersky alone, says Raiu, has found the malware in
      computers belonging to 27 international companies,
      governments and private persons.

