Politics

Complex malware known as Regin is the suspected technology behind sophisticated cyberattacks conducted by US and British intelligence agencies on the European Union and a Belgian telecommunications company, according to security industry sources and technical analysis conducted by The Intercept.

Regin was found on infected internal computer systems and email servers at Belgacom, a partly state-owned Belgian phone and internet provider, following reports last year that the company was targeted in a top-secret surveillance operation carried out by British spy agency Government Communications Headquarters, industry sources told The Intercept.

The malware, which steals data from infected systems and disguises itself as legitimate Microsoft software, has also been identified on the same European Union computer systems that were targeted for surveillance by the National Security Agency.

The hacking operations against Belgacom and the European Union were first revealed last year through documents leaked by NSA whistle-blower Edward Snowden. The specific malware used in the attacks has never been disclosed, however.

The Regin malware, whose existence was first reported by the security firm Symantec on Sunday, is among the most sophisticated ever discovered by researchers. Symantec compared Regin to Stuxnet, a state-sponsored malware program developed by the U.S. and Israel to sabotage computers at an Iranian nuclear facility. Sources familiar with internal investigations at Belgacom and the European Union have confirmed to The Intercept that the Regin malware was found on their systems after they were compromised, linking the spy tool to the secret GCHQ and NSA operations.

Ronald Prins, a security expert whose company Fox IT was hired to remove the malware from Belgacom’s networks, told The Intercept that it was “the most sophisticated malware” he had ever studied.

Having analysed this malware and looked at the [previously published] Snowden documents, Prins said, I’m convinced Regin is used by British and American intelligence services — via redwolf.newsvine.com

Requests from government agencies for Australian telecommunications customers’ phone, internet, and address data surpassed 500,000 in the last financial year, according to the Australian Communications and Media Authority (ACMA).

The figure was revealed in the ACMA’s annual report (PDF) released this month. It says that there were 563,012 authorisations granted to government agencies for access to telecommunications metadata in the 2013-14 financial year.

Under the Telecommunications (Interception and Access) Act, government agencies can force telecommunications companies to hand over details about their customers, including address, phone number, IP address, call data, SMS data, and other held information without a warrant for the purpose of enforcing the law.

The ACMA recorded that total disclosures amounted to 748,079 for the financial year including to law enforcement for a range of reasons, such as to avert a threat to life, assist the ACMA, or enforce the criminal law of a foreign country.

The number of requests by far exceeds the more than 300,000 requests made in the 2012-13 financial year reported by the Attorney-General’s Department in its Telecommunications (Interception and Access) report last year. The report for this year has yet to be tabled in parliament.

A spokesperson for the Attorney-General’s Department had not responded to a request for comment on the disparity at the time of writing; however, security agencies such as the Australian Security and Intelligence Organisation (ASIO) are not required to publicly report the number of metadata access requests they make.

The department told The Guardian that the difference between the two figures was due to the department only counting the authorisation for a particular person’s details. So if the request is made to multiple telcos for that one person’s information, the access request is only counted as one from that particular government agency. The ACMA has compiled its report based on data from the telcos themselves, leading to the higher figure — via redwolf.newsvine.com

This week, Australian Prime Minister Tony Abbott used recent terrorist threats as the backdrop of a dire warning to Australians that for some time to come, the delicate balance between freedom and security may have to shift. There may be more restrictions on some, so that there can be more protection for others.

This pronouncement came as two of a series of three bills effecting that erosion of freedoms made their way through Australia’s Federal Parliament. These were the second reading of a National Security Amendment Bill which grants new surveillance powers to Australia’s spy agency, ASIO, and the first reading of a Counter-Terrorism Legislation Amendment (Foreign Fighters) Bill that outlaws speech seen as advocating terrorism. A third bill on mandatory data retention is expected to be be introduced by the end of the year.

Whilst all three bills in this suite raise separate concerns, the most immediate concern—because the bill in question could be passed this week — is the National Security Amendment Bill. Introduced into Parliament on 16 July, it endured robust criticism during public hearings last month that led into an advisory report released last week. Nevertheless the bill was introduced into the Senate this Tuesday with the provisions of most concern still intact.

In simple terms, the bill allows law enforcement agencies to obtain a warrant to access data from a computer—so far, so good. But it redefines a computer to mean not only one or more computers but also one or more computer networks. Since the Internet itself is nothing but a large network of computer networks, it seems difficult to avoid the conclusion that the bill may stealthily allow the spy agency to surveil the entire Internet with a single warrant.

Apart from allowing the surveillance of entire computer networks, the bill also allows the addition, deletion or alteration of data stored on a computer, provided only that this would not materially interfere with, interrupt or obstruct a communication in transit or the lawful use by other persons of a computer unless … necessary to do one or more of the things specified in the warrant. Given the broad definition of computer, this provision is broad enough to authorise website blocking or manipulation, and even the insertion of malware into networks targeted by the warrant — via redwolf.newsvine.com

Last Friday, the Australian Attorney-General’s Department sent internet service providers (ISPs) a confidential discussion paper — subsequently leaked to Fairfax Media — that attempts to clarify exactly what metadata they’ll be required to store under the government’s proposed mandatory data-retention scheme. The detailed requirements are presumably designed to feed into the statutory specification of metadata that will be included in legislation to be introduced to parliament in coming weeks.

Until now, the only official government description of metadata we’d seen — apart from that breathtakingly confused TV performance by Australia’s favourite Attorney-General Senator George Brandis QC — was the hilariously inadequate one-pager (PDF) that the Attorney-General’s Department (AGD) tabled in Senate Estimates on October 15, 2012, after much prodding by Greens Senator Scott Ludlam.

You might therefore think that the description of the government’s metadata needs in Friday’s document was a recent development.

You’d be wrong.

A confidential document obtained by ZDNet shows that even more detailed descriptions of the government’s data-collection ambitions had been discussed with ISPs as far back as early 2010.

The document, Carrier-Carriage Service Provider Data Set Consultation Paper version 1.0 (PDF), is a 16-page PDF file created on 9 March 2010, at 14:49. Its core sections are similar in structure to the nine-page document obtained by Fairfax Media this week, with the addition of tables of sample data to further illustrate the expected type of data to be retained for each specific retention requirement from the data set, discussion questions for industry to answer, and an introductory background section rather than an executive summary.

The 2010 version of the document was quite specific about the data to be collected. For mobile calls, for example, the data would include the IMSI and IMEI of both the calling party’s and called party’s devices, whereas the current version simply specifies the identifier(s) of the devices. This is in line with the government’s intention to make the legislation technology neutral.

References to web-browser sessions and file transfers that were in the 2010 version have vanished, too, in line with such ideas being dropped as the data-retention debate has evolved — via redwolf.newsvine.com