Belmont Club

The Wizards At War

For more than a decade some entities, identified by pundits as probably the NSA and Britain’s GCHQ, have been seeding “telecom operators, government institutions, multi-national political bodies, financial institutions, research institutions [and] individuals involved in advanced mathematical/cryptographical research” with malware called Regin.

Regin can be thought of as the B-2 bomber of cyberware.  It was a vehicle for different kinds of payloads which dropped software components in the target systems.  These components constituted a secret library which could later be invoked by some signal or event,  or which routinely interacted with other components in ways that are as yet poorly understood.  Regin came to public attention when researchers at Symantec realized that one of the ‘viruses’ they were cataloging was only the tip of a shadowy iceberg.

Even so, there is still much about Regin that they do not understand. They have, for example, not identified a reproducible infection vector, and these may have been customized for attacks. There are also “dozens of Regin payloads,” providing for all the usual things like password stealing, captured screens, stolen files — including deleted files — and more.

The malware also makes use of non-standard and odd techniques as a means of stealth. For example, it has a custom-built encrypted virtual file system. Symantec believes that many components of Regin remain undiscovered.

Nor will they ever. Regin was versioned and its successor has moved on in ways nobody in the public domain wants to talk about.  The old versions created encrypted virtual file systems  on target systems. They would look like noise or empty space on the hard drive. But Regin would “see” it, with its special software glasses and use it just as easily as you might a CSV file. Those invisible files could store  screenshots as when you are entering your credentials into your bank’s ‘unhackable’ screen keyboard or intercept the keyboard interrupts of  letters as you type. It would squirrel away a trace of  emails, chats and the history of all your browsing in this invisible file system. Then at the opportune time or on command,  it could upload the whole shooting match via some other zombie device and hence by routes devious and circuitous to the NSA.

Regin could colonize networked devices.

For example, it is known to have infiltrated a GSM cell phone system. One recovered log showed it executed commands on 136 separate cells.

The command log we obtained covers a period of about one month, from April 25, 2008 through May 27, 2008. It is unknown why the commands stopped in May 2008 though; perhaps the infection was removed or the attackers achieved their objective and moved on. Another explanation is that the attackers improved or changed the malware to stop saving logs locally and that’s why only some older logs were discovered….

The C&C mechanism implemented in Regin is extremely sophisticated and relies on communication drones deployed by the attackers throughout the victim networks. Most victims communicate with another machine in their own internal network, through various protocols, as specified in the config file. These include HTTP and Windows network pipes. The purpose of such a complex infrastructure is to achieve two goals: give attackers access deep into the network, potentially bypassing air gaps and restrict as much as possible the traffic to the C&C.

All your base station are belong to us.

The average user still thinks of computers as separate devices.  But where devices are interconnected, the entire network can be considered one gigantic computer connected by asynchronous processes.  Regin was focused on state institutions or special individuals. The known target countries are: Algeria, Afghanistan, Belgium, Brazil, Fiji, Germany, Iran, India, Indonesia, Kiribati, Malaysia, Pakistan, Russia and Syria. One individual known to have been the subject of a Regin attack was Catholic University of Louvain professor Jean-Jacques Quisquater, whose field is encryption algorithms.  Quisquater’s inventions were used in mobile devices and in electronic money applications.

His computer was infected after clicking a (bogus) LinkedIn invitation of a non-existent employee of the European patent office. That allowed the intruders to follow all of the professor’s digital movements, including his work for international conferences on security. Quisquater also had contact with NXP, a company based in Leuven and specialized in electronic equipment where security is an important issue, such as mobile phones.

Interesting fact: German chancellor Angela Merkel, also hacked by the NSA, has three mobile phones. Only one of them is protected. According to our sources the protected mobile was protected by NXP technology and was not hacked by the NSA.

Needless to say, a secret service that can monitor Quisquater’s computer, has a unique access point to the tightly-knit world of cryptography, that is crucial for the protection of any form of digital communication.

None of this is conceptually new. In the last century Winston Churchill called the technological contest between the Allies and the Axis involving the then-new technologies of radar, direction finding and electronically aided decryption “The Wizard War“. To the old warrior it must have seemed like magic. He was indebted to the magic. He conceded after the war that “unless British science had proved superior to German, and unless its strange, sinister resources had been effectively brought to bear on the struggle for survival we might well have been defeated, and, being defeated, destroyed.”

But Churchill was afraid of it too and hoped that “Christian civilization” would keep it under human control. “In a future which our children may live to see, powers will be in the hands of men altogether different from any by which human nature has been moulded. … Our minds recoil from such fearful eventualities, and the laws of a Christian civilization will prevent them.”

It is therefore above all things important that the moral philosophy and spiritual conceptions of men and nations should hold their own amid these formidable scientific evolutions…. There never was a time when the inherent virtue of human beings required more strong and confident expression in daily life; there never was a time when the hope of immortality and the disdain of earthly power and achievement were more necessary for the safety of the children of men.

Churchill could not have foreseen a time when “the laws of a Christian civilization” would themselves be condemned as “hateful”  and “moral philosophy” and “spiritual conceptions” laughed at by people who believed they no longer needed such things.  But we live, as I have often written, in an age of angels and demons, yet determined insofar as possible, to do without the angels.  What could go wrong?

In the late 20th century it was common for cafe intellectuals to stress the primacy of bricks and mortar.  In the Age of Materialism it was fashionable to quote Seneca the Younger. “Religion is regarded by the common people as true, by the wise as false, and by rulers as useful.” That seemed snarky enough then. But as I overheard one teenager say in regard to the arguments of materialism, “it’s not that simple.”  And indeed it is not.

The Information Age has shown us that things we once regarded as insubstantial may in fact be more important than bricks and mortar.  Wizardy is now a powerful, if not a predominant force in this world.

But as Jonathan Gruber might have observed, the average voter can still be persuaded to buy into the outdated 20th century Marxist hip . Smart is what you learn from Lena Dunham.  But that’s not going to work too well in the world of Regin and burgeoning machine intelligence. If there were a Seneca the Youngest today he might now say  “religion is regarded by the common people as false, by the NSA as true, and by rulers as dangerous.”

We need to bring back the angels, just to keep the game even.

[jwplayer mediaid=”40597″]


Recently purchased by readers:

Eleven Minutes, A Novel by Paul Coelho
The Diabetes Solution, How to Control Type 2 Diabetes and Reverse Prediabetes Using Simple Diet and Lifestyle Changes–with 100 recipes
Why We Lost, A General’s Inside Account of the Iraq and Afghanistan Wars
Plochman’s Kosciusko Mustard, Spicy Brown, 9-Ounce Spoonable Barrels (Pack of 12)
Crane Adorable Ultrasonic Cool Mist Humidifier, with 2.1 Gallon Output per Day Dragon figure
Casio Men’s WS210H-1AV Itoya Art Profolio Storage/Display Book 4 inch x 6 inch 24

Recommended:
Above it All, [Kindle Edition], a helicopter pilot in Vietnam
13 Hours, The Inside Account of What Really Happened In Benghazi
Tower of the Sun, Stories From the Middle East and North Africa [Kindle Edition] by Michael Totten
Keurig K75 Single-Cup Home-Brewing System with Water Filter Kit, Platinum
The Walking Dead, 5 Seasons 2014


Did you know that you can purchase some of these books and pamphlets by Richard Fernandez and share them with you friends? They will receive a link in their email and it will automatically give them access to a Kindle reader on their smartphone, computer or even as a web-readable document.

The War of the Words for $3.99, Understanding the crisis of the early 21st century in terms of information corruption in the financial, security and political spheres
Rebranding Christianity for $3.99, or why the truth shall make you free
The Three Conjectures at Amazon Kindle for $1.99, reflections on terrorism and the nuclear age
Storming the Castle at Amazon Kindle for $3.99, why government should get small
No Way In at Amazon Kindle $8.95, print $9.99. Fiction. A flight into peril, flashbacks to underground action.
Storm Over the South China Sea $0.99, how China is restarting history in the Pacific
Tip Jar or Subscribe or Unsubscribe to the Belmont Club