A public autopsy of sophisticated intelligence-gathering spyware Regin is causing waves today in the computer security world.The NSA's fingerprints look to be all over this. Of course, they've been all about intelligence gathering for, well, forever.
But here's a question no one's answering: given this super-malware first popped up in 2008, why has everyone in the antivirus industry kept quiet about it until now? Has it really taken them years to reverse engineer it?
For one thing, it doesn't operate like conventional spyware: Regin doesn't form a remotely controlled botnet – suggesting its masters really didn't want it to be found – nor does it harvest personal financial information.
Instead it collects intelligence useful to state spies. Coupled with the fact that virtually no infections have been reported in the US, UK or other Five Eyes nations, some to suspect it's the work of the NSA, GCHQ or their contractors.
It is interesting that it's taken 6 years for the antivirus industry to catch this, but it's plausible that the unusual behavior and small number of infected devices explain that.
Whether it's good politics to spy on our allies like this is another discussion.