“Reign” Malware Spied on Companies and Governments in 10 Countries since 2008

Symantec Corp released a report on an advanced piece of malware known as “Reign”, an advanced backdoor-type Trojan. It infects target systems and links back to controllers, creating a powerful surveillance apparatus monitoring systems across the world.

“Reign” has been observed infecting private companies, governments, and research institutions. While confidentiality is key and names are withheld at this time, the following graph illustrates a rough estimate of companies affected:

[Source: Symantec Corp]
Reign-Targeted Companies
Graph of Reign Targeted Systems

Reign-Targeted Nations
Countries affected

“Reign” is one of the most advanced and complex pieces of malware ever analyzed. It is a multi-stage, modular threat, able to tailor itself to infect most any machine only as much as is necessary. Each stage is encrypted until use, making it tough to crack.

The technical competence and time required to develop malware of this caliber could have only been produced by a nation-state, Symantec says, and its similarities to the infamous Stuxnet worm point to a western source rather than the typical China/Russia. Considering not a single target of Reign resides on British or US soil, and most victims are located in Russia, Saudi Arabia, and Ireland, Britain is a likely source.

[1] http://www.symantec.com/connect/blogs/regin-top-tier-espionage-tool-enables-stealthy-surveillance
[2] http://www.theguardian.com/technology/2014/nov/24/regin-malware-western-surveillance-technology

State Department’s Email Compromised

The State Department’s unclassified email systems were hit by cyberattacks in recent weeks.  Sections of the system have been shut down to improve security and no classified systems were effected.  Maintenance is being performed on the system and will affect unclassified email traffic and employee access to public websites from the unclassified system, and it should be back up soon.  Analysis of the incident reports by the Department of Homeland Security show a common element of social engineering attempts.  This breach was part of the attack on the White House’s Executive Office of the President.  This is one of many breaches in the past few months.  Other incidents include the White House , the Office of Personnel Management, and just this week the U.S. Postal Service and National Oceanic and Atmospheric Administration.

The USPS said that more than 800,000 employees may have been compromised along with the information of customers who contacted the call center during the first eight months of the year.  At NOAA four agency’s websites were affected but no further information was given.

The State Department has agreed to brief lawmakers on the cyberattack.  A letter was sent to Secretary of State John Kerry on Monday from House Oversight Committee Ranking Member Elijah Cummings seeking more information by January 5 to help Congress as it considers cybersecurity laws and other ways to protect government and consumer information.  He is also seeking what the State Department is doing to improve its security since the breach.




FBI wants backdoors

Recently, the director of the FBI, James Comey, stated that unless the government is give special access cell phone encryption will prevent them from doing their job, ie stopping terrorists. He noted “both real-time communication and stored data are increasingly encrypted,” which prevents them for “lawfully pursuing criminals”.

He wishes to expand on the Communications Assistance for Law Enforcement Act(CALEA) from 1994 which mandated that telephone companies build backdoors in their equipment for wiretapping. But currently law forces communication companies to do so.

The director of the FBI stated that the default encryption in iOS 8 and the soon to be default for Android, will block law enforcement from gathering all evidence against a suspects and the solution to the problem is the tech companies build “front-doors” on the cell phones.

“”We aren’t seeking a back-door approach,” Comey said, referring to a common term          for encryption that has been intentionally weakened. “We want to use the front door,            with clarity and transparency, and with clear guidance provided by law,” including court      orders, he said.”

He also notes that “adversaries will exploit any vulnerability they find” and to reduce the risk from the backdoor there should be a development of “intercept solutions during the design phase”.

-Chris Lazarus

Navajo Code Talkers

-Chad Johnson

The Navajo Code Talkers program was proposed and implemented at the beginning of WWII by Philip Johnston. Johnston was a WWI vet that was raised on a Navajo reservation and was one of only about an estimated 30 non-Navajo’s who could understand the language.

The reason the Navajo language was so appealing was because of the complexity and uniqueness of the grammar, dialect, and the language itself. It was an unwritten langue and so complicated even the closest of other tribes could not understand it. It was approved after a demonstration Johnston had set up where he demonstrated, under simulated combat conditions, that Navajo men code encode, transmit, and decode a 3-line message in 20 seconds. Given the technology at the time, this same message would take approximately 30 minutes to do with machines.

Most of the code was a variation on the military’s phonetic alphabet, although specific code words were given to more commonly used military terms and definitions (I.E.  “silver oak leaf” given to the rank of lieutenant colonel).

During the first few days of Iwo Jima Major Howard Connor of the 5th Marine Division had Navjo Code Talkers working around the clock and would later credit them to the victory, saying “”Were it not for the Navajos, the Marines would never have taken Iwo Jima.”

The deployment of the Navajo code talkers continued through the Korean War and after, until it was ended early in the Vietnam War. The Navajo code is the only spoken military code never to have been deciphered.

China attacking iCloud

Apple is once again experiencing drama surrounding its iCloud service, as China has begun man in the middle attacks against iCloud users in its country.  A man in the middle attack is like eavesdropping on a connection: the attack poses as a connection between the victim and the service of choice to record the information the victim sends then forward it on to the service.  This makes the connection appear normal to the victim while in fact their information is being compromised.  This attack against iCloud is a clear attempt by China to gain the personal information of its citizens, including data from iMessage, photos, contacts, and credentials.

There is much speculation as to the reason for the attacks.  Some believe that this attack is in response to Apple’s new default security measures being placed on their mobile devices.  Another possibility is that the attacks are linked to the so-called “Umbrella Revolution” currently taking place in Hong Kong.  Whatever the true cause, this is not the first time China has performed such attacks and surely will not be the last.


Tyler Zimmermann