ICYMI: GCHQ and the Belgacom attack, digital forensics and Tor darknets
ICYMI: GCHQ and the Belgacom attack, digital forensics and Tor darknets

GCHQ faces new Belgacom hack allegations

New leaks from NSA whistle-blower Edward Snowden revealed that GCHQ's alleged APT attack on Belgacom used Regin malware and was undiscovered for two years before it was detected, while sources told The Intercept that engineers at Belgacom aren't convinced the clean-up operation was successful.

Belgacom was first breached in 2011 and Snowden believes that it may have been targeted for its mobile communications, specifically relating to customers which include NATO and the European Commission.

Police, digital forensics and the case against encryption

The Metropolitan Police has become the latest law enforcement agency to complain that encryption makes it difficult to catch and prosecute criminals.

Speaking at a London conference last week, Mark Stokes, head of digital and electronics forensics services at the Met Police, said that criminals are increasingly reliant on smartphones, cloud services, hard disk drives (HDDs) and solid-state drives (SSDs) to hide their activities or crimes, and said that mobile encryption was making life difficult for the force.

Stokes said that encrypting passwords “will start to reduce our operational capabilities” but also admitted that “it's a balance between the public right to privacy and the need for law enforcement to police and proportionally recover data from those devices.”

NSA, GCHQ or both behind Stuxnet-like Regin?

Almost one month on and rumours about the NSA and GCHQ's involvement with the Regin malware – first discovered by Symantec – persist, especially in relation to the latter agency's widely-reported hack into the internal computer networks at Belgacom.

Symantec's research revealed that Regin has the ‘hallmarks of a state-sponsored operation' and has been in existence since at least 2008, focusing specifically on government departments, telecom operators, academics, individuals and other private sector organisations. SMEs and targeted individuals accounted for almost half of all infections.

The firm says that attacks on telecom operators were designed so that the threat actor could gain access to calls being routed through their infrastructure – with Kaspersky Lab since reporting that Regin has also been used to attack GSM mobile networks.

28 percent of all infections were in Russia, with 24 percent in Saudi Arabia. Ireland, Belgium and Austria were the most-affected Europeans.

Tor darknets rise again after Operation Onymous

A month since the joint FBI/Europol crackdown on more than 400 dark markets and a new report claims that action hasn't been as successful as first thought.

In early November, the FBI and Europol announced ‘Operation Onymous' – a joined-up international law enforcement action which saw the take-down of hundreds of dark markets on anonymous networks like Tor.

15 EU member states were involved in a campaign and the six-month investigation eventually saw the arrest of 17 vendors, the take-down of more than 410 hidden services and the capture of around US$ 1 million in Bitcoins (approximately £640,000), €180,000 in cash (£115,000) and the discovery of drugs, gold and silver.

However a report recently uncovered by SCMagazineUK.com sheds some doubt on how effective this action has been, with most darknet sellers, advertisers and buyers moving onto new – or undisturbed – market places.

Iranians mount ‘catastrophic' cyber-attack on Las Vegas casino

It was revealed earlier this week that pro-Iranian hackers wiped swatches of data and caused an “IT catastrophe” at the company running the famous Las Vegas Sands casino earlier this year in a revenge attack on the company's billionaire Israeli owner.

The 10 February hack remained secret for 10 months but was revealed this week by Business Week in a report quoting six separate sources.

Other stories you should read this week...

USB device costs $20 (£13), offers backdoors (Samy Kamkar's website)

Wiper malware – a deeper dive (Cisco)

Selling fear: How cyber-terrorism is being portrayed (Norse

ENISA CERT training programme now available online (ENISA)