Security Researchers Withheld Regin Malware Details For 'Global Security' Reasons

from the not-really-'global'-when-it's-just-the-Five-Eyes-then,-is-it? dept

Who's going to let you know your communications and data have been compromised by state entities? Well, it seems to depend on who the state entity is. When it's a non-'Five Eyes' country involved, there's usually no hesitation. But the recent exposure of Regin malware's NSA/GCHQ origins (which both agencies deny originates with them despite leaked documents to the contrary) came belatedly, confirming details revealed more than a year ago. The malware appears to date back nearly a decade and yet, there has been little said about it over that period of time.

Mashable looked into the malware further and received some surprising replies from security analysts as to why there's been little to no discussion of Regin up to this point.
Symantec's [Vikram]Thakur said that they had been investigating Regin since last year, but only felt "comfortable" publishing details of it now.

[Costen] Raiu, the researcher from Kaspersky, said they had been tracking Regin for "several years" but rushed to publish the report after a journalist contacted them last week asking for comments about Regin, indicating a competitor was about to come out with their own report.

For [Ronald] Prins [of Fox IT], the reason is completely different.

"We didn't want to interfere with NSA/GCHQ operations," he told Mashable, explaining that everyone seemed to be waiting for someone else to disclose details of Regin first, not wanting to impede legitimate operations related to "global security."
And so it goes. Everyone had the same suspicion as to who was behind the malware, but everyone sat on it, hoping someone else would make the first move. The NSA and GCHQ may deny their involvement, but the list of countries with verified Regin infections notably does not include any of the "Five Eyes" countries. Microsoft -- whose software the malware was disguised as -- has refused to comment.

It's no surprise that companies like Microsoft are in no hurry to divulge findings about state-run malware, at least not if it involves governments it has large contracts with. But security researchers shouldn't be acting as flacks for intelligence agencies, even if only committing sins of omission. As the ACLU's chief technologist pointed out, there's no faster way to "destroy" your company's reputation as a "provider of trustworthy security consulting services." Who's going to want to hire someone that won't tell you your data and communications are compromised until it feels it's "safe" to do so?

We already know that any security holes discovered (or purchased) by intelligence agencies won't be turned over to affected companies until they've been fully exploited. We also know that some of these companies have worked in concert with the NSA and others to provide backdoor access or hold off on patching software until the government gives them the go-ahead. But security researchers shouldn't be withholding details on sophisticated malware out of deference to the intelligence agencies it believes are behind it.

At this point, we have a security ecosystem greatly skewed towards the exploitation of flaws and the distribution of malware, rather than the other way around. There's an entire industry that does nothing but find exploits and sell them to intelligence agencies -- only distinguishable from criminal enterprises by their clientele. Being silently complicit in these exploits may prevent operations from being compromised (and seems to confirm that Fox IT reached the same conclusion about the malware's origin as others), but it has the hugely unfortunate side effect of harming thousands, if not millions, of non-terrorists around the world.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: malware, regin, security, security research
Companies: fox it, kaspersky, symantec


Reader Comments

Subscribe: RSS

View by: Thread


  1. icon
    tqk (profile), 2 Dec 2014 @ 7:32am

    Schaudenfreud.

    I hope Microsoft has plans for some other business when the rest of the world drops them.

    Last I heard, they have a plan to migrate (a la MacOS -> OSX) to a more secure base system.

    I am looking forward to watching all the corporate IT managers who've painted their companies into corners standardizing on a proprietary monoculture. One that I worked with couldn't wait to replace their Unix servers with Windows servers. I think still working on it.

    Imagine what it's going to cost to climb back out of the hole you've been digging your company into for the last twenty years. "You get what you pay for" or "Schaudenfreud", call it what you will, it's going to be an entertaining horror flick.

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Special Affiliate Offer

Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Recent Stories
.

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.