A powerful and malicious piece of computer software that was found to have been spying on governments and companies from around the world has been linked to US and UK intelligence agencies.
The software, which when it was identified yesterday was said to have likely been created by a nation state, had been spying on victims from at least 14 countries around the world. But there were no victims from any of the ‘five eyes’ countries — Australia, Canada, New Zealand, the UK and the US — and experts have speculated that the software could have been created by intelligence agencies within one or more of those countries.
The usual suspects such as Russia and China have been ruled out, experts said, and so interest is now focused on the US, UK and Israel as the most likely candidates, security experts told the Guardian.
Victims were found in countries including Belgium, Brazil, Germany, Iran and Syria, according to Kaspersky Lab, the Russia-based security company. Most were based in Russia or Saudi Arabia.
The company had become aware of the threat in 2012, and has been tracking it since. The complexity of the software made it hard to explore, but its use in several attacks on government institutions and telephone companies gave experts a chance to study it.
The software is able to control GSM phone networks, allowing it to redirect calls and operate cells. “At the present time, the attackers behind Regin are the only ones known to have been capable of doing such operations,” Kaspersky Lab said.
Researchers found that it was not simply one piece of software, but a platform that could spread across a whole network and gain full control of it. That meant that once the software made its way into one computer, it could spread quickly across the world, and helped the software stay hidden.
The earliest samples of the software appear as early as 2003, according to Kaspersky Lab.Reuse content