Hackers could redirect calls and obtain customer information through a new version of Regin malware, which attacks GSM cells, security company Kaspersky has claimed.
The malware, which has dated back in some form to 2003, is a software package that is capable of shifting remote control of a network to under the control of a hacker. Kaspersky researchers obtained a log of activity at a GSM base station, which found hackers could gain control of a network, allowing them obtain the ability to interfere with the cell’s operation, obtain customer information and maliciously redirect calls.
The company has been tracking the malware since 2012 but it is believed to date back in some form to 2003. In April 2008, hackers were able to take control of a GSM network in an unnamed Middle Eastern country.
As well as telecoms operators, public sector bodies, financial companies and research organisations are at risk from the malware. Among the countries that have fallen victim to malware are Belgium, Germany and Russia.
Potentially the most dangerous feature of the malware is the ability to control a number of compromised organisations through one entry point. Kaspersky cited an example in one country where all of the victims were joined together in a “peer to peer VPN-like network”, bringing together the organisations effectively into one victim.
Costin Raiu, Director of Global Research and Analysis Team at Kaspersky Lab, said: “The ability to penetrate and monitor GSM networks is perhaps the most unusual and interesting aspect of these operations. In today’s world, we have become too dependent on mobile phone networks which rely on ancient communication protocols with little or no security available for the end user.
“Although all GSM networks have mechanisms embedded which allow entities such as law enforcement to track suspects, other parties can hijack this ability and abuse it to launch different attacks against mobile users.”
Rival security firm Symantec, which has also been tracking the malware, added: “Regin is a highly-complex threat which has been used in systematic data collection or intelligence gathering campaigns. The development and operation of this malware would have required a significant investment of time and resources, indicating that a nation state is responsible. Its design makes it highly suited for persistent, long term surveillance operations against targets.”
Have you taken our 2014/15 survey? Click here to take part.
Read more: