TelecomTV TelecomTV
  • News
  • Videos
  • Channels
  • Events
  • Directory
  • Smart Studio
  • Surveys
  • Debates
  • Perspectives
  • DSP Leaders World Forum
  • DSP Summits
  • Great Telco Debate
    • |
    • Follow
    • |
    • Subscribe
  • |
  • More
  • Webcasts
  • Surveys
  • Debates
  • Perspectives
  • Great Telco Debate
  • |
  • Follow TelecomTV
  • |
    • Subscribe
    • |
  • About
  • Privacy
  • Help
  • Contact
  • Follow TelecomTV
  • About
  • Privacy
  • Help
  • Contact
  • Sign In Register Subscribe
    • Subscribe
    • Sign In
    • Register
  • Search

Privacy

Privacy

Regin spyware found to target GSM networks

Guy Daniels
By Guy Daniels

Nov 25, 2014

Was Regin developed by GCHQ? © Ministry of Defence

Was Regin developed by GCHQ? © Ministry of Defence

Despite become desensitised to news that government security agencies regularly eavesdrop on individuals and companies, and indeed other governments, and that they have created vast data gathering and analysis tools, the revelation over the weekend of the Regin spyware still came as a shock.

It is believed that Regin was first created back in 2003 as a cyber-attack platform, focused on governments, financial establishments, research institutions, those involved in cryptographical research, and of course telcos. Regin is a reversal of the term “In Registry”, and apparently refers to its ability to store its components within computer registries. Despite being operational for over a decade (the most recent reported use was in Spring this year), Regin wasn’t identified until 2008 – and was only known as Regin from 2011.

Symantec first published news of Regin on Sunday, describing it as “a back door-type Trojan” and “a complex piece of malware whose structure displays a degree of technical competence rarely seen”. It added that: “It is likely that its development took months, if not years, to complete and its authors have gone to great lengths to cover its tracks. Its capabilities and the level of resources behind Regin indicate that it is one of the main cyber-espionage tools used by a nation state.”

Global reach

So far, Regin has been identified in 14 countries: Algeria, Afghanistan, Belgium, Brazil, Fiji, Germany, Iran, India, Indonesia, Kiribati, Malaysia, Pakistan, Russia and Syria. Note the countries that are not included: the US, UK and China for example. When you reconcile this with the fact that all security experts are saying that Regin was most likely developed by a nation-state, then you start to narrow down likely suspects.

One news source links it to an attack on Belgacom, which Germany’s Der Spiegel uncovered in September 2013 as part of the Edward Snowden saga. It implied that the UK’s GCHQ was behind the attack, in order to spy on the telco’s most high profile customers – the European Parliament and European Commission.

“The platform reminds us of another sophisticated malware: Turla,” said analysts at Kaspersky Lab, who have been investigating the malware independently of Symmantec. “Yet through their implementation, coding methods, plugins, hiding techniques and flexibility, Regin surpasses Turla as one of the most sophisticated attack platforms we have ever analysed.”

Now, Kaspersky Labs have discovered that Regin has successfully broken through the security of GSM cellular networks. The security specialists described how they discovered a Regin infection in the network of an unnamed large GSM operator, located on the activity log of a base station controller.

The malware was able to successfully issue a number of OSS MML commands relating to cell functions in the network. Over a period of a month back in 2008, the malware executed commands on 136 different cells via the BSC.

“The ability of this group to penetrate and monitor GSM networks is perhaps the most unusual and interesting aspect of these operations,” said the Kaspersky Lab team. “In today's world, we have become too dependent on mobile phone networks which rely on ancient communication protocols with little or no security available for the end user. Although all GSM networks have mechanisms embedded which allow entities such as law enforcement to track suspects, there are other parties which can gain this ability and further abuse them to launch other types of attacks against mobile users.”

Related Topics
  • Analysis & Opinion,
  • Mobile,
  • News,
  • Policy & Regulation,
  • Privacy,
  • Security

More Like This

Access Evolution

IoT specialists are finding network security hard

Apr 19, 2021

AI, Analytics & Automation

The EU wields a big stick to prevent AI being used for ‘indiscriminate surveillance’

Apr 16, 2021

Digital Platforms & Services

Father of the Web advocates personal data ownership

Jan 11, 2021

Digital Platforms & Services

Facebook will be judged on competition grounds: Whether Zuck sucks is neither here nor there

Dec 10, 2020

AI, Analytics & Automation

Mobile operators could see revenues from digital identity services rise eightfold by 2025

Dec 9, 2020

Email Newsletters

Stay up to date with the latest industry developments: sign up to receive TelecomTV's top news and videos plus exclusive subscriber-only content direct to your inbox – including our daily news briefing and weekly wrap.

Subscribe

Top Picks

Highlights of our content from across TelecomTV today

DSP Leaders World Forum 2021 Delegate Report

0:50

DSP Leaders Open Telco Summit

23:25

Extra Shot: Next Steps for DSPs

11:17

How cloud dynamics are reshaping the telecoms sector

  • TelecomTV
  • Decisive Media

TelecomTV is produced by the team at Decisive Media

Menu
  • News
  • Videos
  • Channels
  • Directory
  • Smart Studio
 
  • Surveys
  • Debates
  • Perspectives
  • Events
  • About Us
Our Brands
  • TelecomTV Tracker
  • TelecomTV Perspectives
  • DSP Summits
  • DSP Leaders World Forum
  • The Great Telco Debate
Get In Touch
info@telecomtv.com
+44 (0) 207 448 1070

Request a Media Pack

Follow
  • © Decisive Media Limited 2021. All rights reserved. All brands and products are the trademarks of their respective holder(s).
  • Privacy
  • Terms
  • Legal Notices