Newly Discovered Sophisticated Malware Has Been Spying on Computers for Six Years

Regin virus
A magnifying glass is held in front of a computer screen in this picture illustration taken in Berlin. Pawel Kopczynski/REUTERS

Cyber espionage has been detected in its most sophisticated form in a malware known as Regin, which has been stealing data from the computers of governments, infrastructure operators, businesses, academics and private individuals across the globe for over six years, making care to hide its tracks after every target.

American cyber security company Symantec who first detected the bug last November, said in a report released yesterday that the back door-type Trojan virus displays a "degree of technical competence rarely seen" and is probably being run by a western intelligence agency.

The company have said that the complex intelligence-gathering tool, whose architecture is even more advanced that the state-sponsored malware Stuxnet, used by US and Israeli government hackers in 2010 to target the Iranian nuclear programme, probably took years to develop.

"It is definitely a professionally written piece of software. You would have to be well funded and well resourced to create and maintain it, which could probably only be afforded by a nation-state," Orla Cox, a senior analyst in Symantec's Security Response team told Newsweek.

However, as of yet the company say there is insufficient evidence to attribute it to any particular state or agency.

"They don't leave many clues as to where they originated. We are not dealing with your average hacker," Cox, who was on the frontline of the investigation, said.

Whilst only 100 infections have been detected so far, the Regin is highly targeted, providing its controllers with a powerful framework for mass surveillance.

"Once it has infected the machine, it can do anything the controller wants it to do. It can monitor anything on the computer, and can even listen to phone calls," Cox told Newsweek.

As well as tapping your telephone, the virus also has the ability to access victims' computers remotely, take screenshots and control a mouse pointer.

The power of the virus lies largely in its stealth. It is almost impossible to trace, customising itself depending on the target or victim, ensuring that its code is invisible on infected computers and that there is often no evidence left behind to indicate what data it has been stealing.

Whilst it is unclear exactly how Regin infects systems, by tracing back to earlier incidents of infection and analysing its code, the cyber security company have been able trace its activity back for at least six years.

According to the report detailing the malware, the infections are geographically widespread, with Russian and Saudi Arabian internet service providers and telecoms companies receiving the largest percentage of attacks - 28% and 24% respectively.

According to Cox, the bug doesn't seem to be focusing on a single organisation but instead has been targeting a wide range. The bug first identifies what data it wants to obtain, and then it targets what it believes is the best organisation or system to procure it. "We've seen it targeting a very broad range - telecom companies, research institutes, airlines, governments and think tanks," the analyst told Newsweek.

Whilst the detection of such a complex virus is "a rare occurrence," it is indicative of the increasingly sophisticated nature of cyber attacks, which are now occurring on an almost daily basis.

The release of these findings come less than a week after the head of the National Security Agency and US Cyber Command told a congressional panel that software had been detected in China that had the ability to shut down the entire US power grid and other critical infrastructure.

It also follows warnings to the public from watchdogs about a Russian-based website which has been broadcasting thousands of feeds of live video footage from inside homes and businesses around the world, accessing them by hacking into personal webcams, CCTV cameras and even baby monitors using weak or default passwords.