NSA Illinois chapter meeting March 13 2015
Lenora Billings-Harris, President of the Global Speakers Federation explains what she will be sharing with chapter members in March.
By: Lenora Billings-Harris
Originally posted here:
NSA Illinois chapter meeting March 13 2015 - Video
Keylogging malware that may have been used by the NSA shares signficant portions of code with a component of Regin, a sophisticated platform that has been used to spy on businesses, government institutions and private individuals for years.
The keylogger program, likely part of an attack framework used by the U.S. National Security Agency and its intelligence partners, is dubbed QWERTY and was among the files that former NSA contractor Edward Snowden leaked to journalists. It was released by German news magazine Der Spiegel on Jan. 17 along with a larger collection of secret documents about the malware capabilities of the NSA and the other Five Eyes partnersthe intelligence agencies of the U.K., Canada, Australia and New Zealand.
Weve obtained a copy of the malicious files published by Der Spiegel and when we analyzed them, they immediately reminded us of Regin, malware researchers from antivirus firm Kaspersky Lab said Tuesday in a blog post. Looking at the code closely, we conclude that the QWERTY malware is identical in functionality to the Regin 50251 plugin.
Moreover, the Kaspersky researchers found that both QWERTY and the 50251 plug-in depend on a different module of the Regin platform identified as 50225 which handles kernel-mode hooking. This component allows the malware to run in the highest privileged area of the operating systemthe kernel.
This is strong proof that QWERTY can only operate as part of the Regin platform, the Kaspersky researchers said. Considering the extreme complexity of the Regin platform and little chance that it can be duplicated by somebody without having access to its source code, we conclude the QWERTY malware developers and the Regin developers are the same or working together.
Der Spiegel reported that QWERTY is likely a plug-in of a unified malware framework codenamed WARRIORPRIDE that is used by all Five Eye partners. This is based on references in the code to a dependency called WzowskiLib or CNELib.
In a separate leaked document authored by the Communications Security Establishment Canada, the Canadian counterpart of the NSA, WARRIORPRIDE is described as a flexible computer network exploitation (CNE) platform thats an implementation of the WZOWSKI Five Eyes API (application programming interface).
The document also notes that WARRIORPRIDE is known under the code name DAREDEVIL at the UK Government Communications Headquarters (GCHQ) and that the Five Eyes intelligence partners can create and share plug-ins for it.
The newly discovered link between QWERTY and Regin suggests that the cyberespionage malware platform security researchers call Regin is most likely WARRIORPRIDE.
Some experts already suspected this based on other clues. According to Kaspersky Lab, Regin was the malware program that infected the personal computer of Belgian cryptographer Jean-Jacques Quisquater in 2013. That attack was linked to another malware attack against Belgian telecommunications group Belgacom whose customers include the European Commission, the European Parliament and the European Council.
Read more:
Source code reveals link between NSA and Regin cyberespionage malware
Security researchers found a strong connection between Regin and a keylogger used by the Five Eyes intelligence alliance
Keylogging malware that may have been used by the NSA shares signficant portions of code with a component of Regin, a sophisticated platform that has been used to spy on businesses, government institutions and private individuals for years.
The keylogger program, likely part of an attack framework used by the U.S. National Security Agency and its intelligence partners, is dubbed QWERTY and was among the files that former NSA contractor Edward Snowden leaked to journalists. It was released by German news magazine Der Spiegel on Jan. 17 along with a larger collection of secret documents about the malware capabilities of the NSA and the other Five Eyes partners -- the intelligence agencies of the U.K., Canada, Australia and New Zealand.
"We've obtained a copy of the malicious files published by Der Spiegel and when we analyzed them, they immediately reminded us of Regin," malware researchers from antivirus firm Kaspersky Lab said Tuesday in a blog post. "Looking at the code closely, we conclude that the 'QWERTY' malware is identical in functionality to the Regin 50251 plugin."
Moreover, the Kaspersky researchers found that both QWERTY and the 50251 plug-in depend on a different module of the Regin platform identified as 50225 which handles kernel-mode hooking. This component allows the malware to run in the highest privileged area of the operating system -- the kernel.
This is strong proof that QWERTY can only operate as part of the Regin platform, the Kaspersky researchers said. "Considering the extreme complexity of the Regin platform and little chance that it can be duplicated by somebody without having access to its source code, we conclude the QWERTY malware developers and the Regin developers are the same or working together."
Der Spiegel reported that QWERTY is likely a plug-in of a unified malware framework codenamed WARRIORPRIDE that is used by all Five Eye partners. This is based on references in the code to a dependency called WzowskiLib or CNELib.
In a separate leaked document authored by the Communications Security Establishment Canada, the Canadian counterpart of the NSA, WARRIORPRIDE is described as a flexible computer network exploitation (CNE) platform that's an implementation of the "WZOWSKI" Five Eyes API (application programming interface).
The document also notes that WARRIORPRIDE is known under the code name DAREDEVIL at the UK Government Communications Headquarters (GCHQ) and that the Five Eyes intelligence partners can create and share plug-ins for it.
The newly discovered link between QWERTY and Regin suggests that the cyberespionage malware platform security researchers call Regin is most likely WARRIORPRIDE.
Visit link:
Link between NSA and Regin cyberespionage malware becomes clearer
"Regin", a sophisticated spying program detected in the attacks, is identical to a secret cyber weapon developed by the NSA whose existence emerged in documents leaked by Edward Snowden, according to a report in Spiegel's online edition.
The program has also been identified in a "serious cyber attack" on the European Commission in 2011, and found on a USB stick belonging to a member of Angela Merkel's staff, according to German press reports.
It was found on the computers of the International Atomic Energy Agency in Vienna, according to Austria's Der Standard newspaper.
Costin Raiu, head of research at Kaspersky, told Spiegel a detailed comparison of Regin with the "Qwerty" code leaked in the Snowden documents showed they were the same.
"We're confident that what we here in front us is the key logger module of Regin," Mr Raiu said. "According to our technical analysis, 'Qwerty' is identical with plug in 50251 of Regin."
Regin has been described as the most dangerous cyber weapon since Stuxnet, the computer worm used to attack the Iranian nuclear programme in 2010.
It is believed to include a sophisticated key logger program that can record all data entered into a computer and send it undetected over the internet.
Read the original:
NSA 'suspected of spying on European Commission'
NSA chills more free speech than Charlie Hebdo murderers
http://MoreLibertyNow.com/raw http://motherboard.vice.com/read/authors-in-50-countries-say-surveillance-makes-them-afraid-to-write.
By: George Donnelly
See the original post:
NSA chills more free speech than Charlie Hebdo murderers - Video