U.S. Plays Cyberspy vs. Cyberspy
With revelations that critical infrastructure in the U.S. has been under sustained attack, likely perpetrated by Russia, it's easy to forget that we're not merely a victim amid the waves of repeated cyberattacks.
As the online world has grown to include sensitive information and the ability to control everything from power grids to airplanes, the U.S. is an active participant in a full-scale cyberwar with some of the most powerful governments in the world. This weekend's revelation about a sophisticated cyber-espionage program with possible ties to the U.S. is just another reminder of how extensive government spy programs have become and how important they are online and off.
Researchers at Symantec revealed the discovery of a wide-reaching program, called Regin, that let intruders spy on computers and telecommunications networks. The malicious software mostly targeted individuals via Internet service providers, as well as telecom traffic and hospitality companies. Once deployed, Regin let the intruders steal information, observe movements and record telecom activity.
In other words, Regin was a program designed to target people, rather than just big businesses or government agencies. And in that way it was somewhat reminiscent of the bulk phone record collection program that the National Security Agency implemented in the U.S. soon after Sept. 11.
A researcher at Symantec told Bloomberg TV that it was likely created by a nation state. It has been used to spy on computers and phone-call data since 2008, primarily in Russia and Saudi Arabia.
Other researchers have wondered about U.S. and British involvement in Regin, given the countries that were targeted, the time zones connected with the attacks and English language references in the code to things like Starbucks.
A report in the Intercept seemed to make a more concrete connection between the U.S. and Regin. Sources told the publication that Regin was found on systems at the Belgian phone and Internet service provider Belgacom, which had been targeted by the NSA and the British spy agency Government Communications Headquarters.
When massive spying programs such as Regin are uncovered it's a reminder that cyber-espionage and warfare are already here. As Lysa Myers, a security researcher at IT security company ESET points out, "Almost every country in the world has been implicated in some sort of surveillance of other countries, and frequently of its own citizens."
And it's a reminder that the actions taken in cyberspace often have real world consequences.
"Every nation knows that some amount of monitoring and espionage is happening on its networks," says Michael Coates, director of product security at Shape Security. "If Regin turns out to violate the assumptions [of acceptable behavior] and treaties that we think are in place, then this could invoke significant conversations between different governments."
And NSA Director Michael Rogers told Congress this month that foreign governments have already infiltrated critical U.S. infrastructure, including our water, power and fuel systems. Speaking before the House Intelligence Committee, Rogers said that attacks on U.S. networks are “literally costing us hundreds of billions of dollars” and that sooner, rather than later, we'll see an attack cause significant physical damage.
Like it or not, the reality is that every powerful nation on the planet is already embroiled in undeclared war. And if Rogers' predicted big attack does take place, it will be thanks to years of espionage, data theft and surveillance.
This column does not necessarily reflect the opinion of Bloomberg View's editorial board or Bloomberg LP, its owners and investors.
To contact the editor on this story:
James Greiff at firstname.lastname@example.org