The Irish branch of a global online security corporation helped to identify a sophisticated spying operation believed to have been organised by a foreign government.
Given the scale and duration of the surveillance, experts from Symantec believe there are only a handful of governments capable to orchestrating it.
Computer scientists from Symantec Ireland identified a company here that was subject to a concerted cyberattack for years. The company — which is not being named — accounted for 10% of the 100 or so computers worldwide infected by the spyware, codenamed Regin.
The gardaí last night said they have not received any complaints in relation to this spyware incident.
Russia and Saudi Arabia accounted for half of all attacks, while countries affected included Mexico, India, Iran, Afghanistan, Belgium, Austria, and Pakistan.
“This is what we call a full-featured spying tool — a piece of malicious code the operators could use basically to spy on any kind of machine, any kind of data, any sort of network traffic,” said Orla Cox, the director of security response at Symantec Ireland.
“Basically, it’s used for mass surveillance — gathering large amounts of data. It’s fully customisable for whatever the operators want to do with it.”
She said they believed the surveillance has been going on since 2008, and possibly earlier. “It’s a tool or framework being used by agencies for a large number of years for a large number of campaigns.”
She told RTÉ the Irish team was part of a global investigation which began a year ago. She said they identified suspicions that a customer — “not a particularly high-profile organisation” — may have been attacked and investigated.
She said it was surprising the range of organisations that had been affected across the world. She said she was not aware that the company here had suffered any financial loss as a result of the infection.
“It’s highly stealthy, it can go unrecognised for long periods of time, so there could be other infections we’re not aware of.”
She said the company believed a government agency was behind it: “It’s the sophistication of the threat itself. It’s people with money, that have the ability to create something of this complexity. They have the resources and the skill to carry out an attack of this scale.”
Symantec security specialist Vikram Thakur told the BBC: “There’s only a handful of countries across the globe that can create this sophisticated piece of malware and sustain the campaign for a number of years without actually being noticed.”
Telecommunication and internet service providers were among the targets, along with, reportedly, companies in the fields of energy, air transport, hospitality, and research.
© Irish Examiner Ltd. All rights reserved