"Its capabilities and the level of resources behind Regin indicate that it is one of the main cyberespionage tools used by a nation state," Symantec said Sunday, explaining that "development took months, if not years, to complete."
The researchers said little to answer several key questions: Who designed it? How widely has it spread? What has it scooped up? What are the risks?
They said Regin has been discovered in at least 10 countries and was most heavily concentrated in Russia and Saudi Arabia.
The United States was not among the countries listed by Symantec.
The malware was installed on the computers of companies around the world, but it wasn't searching for business secrets. When a target was selected it searched airline computers to find out where the target was traveling. It scoured hotel computers to find his room number. And it tapped telecommunication computers to see who he was talking to.
"They were trying to gain intelligence, not intellectual property," said Symantec analyst Vikram Thakur.
Понимаете? Очень сложный компьютерный вирус, который очень сложно отследить, чей скрипт был в разработке как минимум несколько лет и на уровне недоступном группе хакеров. Это создано государством, причем учитывая группу стран, чьи компьютеры заражены - Россия, Саудовская Аравия, но не США, можно точно определить, кто стоит за этой атакой. Более того, вирус не ворует секреты, он отслеживает перемещения людей - перелеты, съем отелей, телефонные разговоры итд. Только две страны в принципе имеют возможности и заинтересованность в шпионаже именно за этими целями и эти страны - Израиль и США.
Ну а всех собак, естественно, вешают на Россию, как она шпионит за "беззащитными США". Мол, доказать нельзя, но это russkies. Только китайцы ничего не боятся или настолько глупы, что оставляют за собой жуткие следы.
When cybersecurity firms and U.S. government officials attribute attacks to the Russian government -- or independent hackers operating with Kremlin approval -- the typical evidence they use is pretty circumstantial: A computer virus was written in Russian, created during Moscow working hours and aimed at anti-Russian targets.
But the digital realm isn't like the physical one. Hard evidence seldom exists.
Hackers remain anonymous by masking their location, bouncing their computer signals around the world. Hackers who speak one language can write malicious code in another. And they customarily work at odd hours anyway.
"They're just indicators. You never know for sure," said Rick Howard, chief security officer of cybersecurity firm Palo Alto Networks (PANW). "There isn't going to be a smoking gun."
C. Thomas, a longtime hacker known as "Space Rogue" who has testified before Congress on computer security, warns against coming to unshakable conclusions.
"Attribution is almost impossible to do," he said. "Anything can be faked. People who do this stuff for a living -- and their lives depend on it -- will forge that stuff."
For instance, American, British, French, Israeli and Russian cyberspies have been known leave decoys that make attacks appear to come from elsewhere, according to several cybersecurity experts with related military experience. Only Chinese hackers have the reputation of being carelessly "loud." FBI Director James Comey recently compared Chinese hackers to a "drunk burglar."
Even the U.S. National Security Agency has a difficult time identifying attackers. For example, President Obama was left without answers from top intelligence advisers when he asked who hacked JPMorgan (JPM), according to The New York Times.
Still, Russia was blamed for recently hacking JPMorgan, attacking oil and gas companies and placing a "digital bomb' in the Nasdaq.