Home About Meetings

December 15 2014: Haptic compass, BIOS flashing, Google calendar and the Regin malware

Posted on 2014-12-21 21:29:29 +0000 by John

Alice brought in a North Paw haptic compass which he passed round. Worn on the ankle, it contains eight mobile vibrators each of which is turned on when it is the nearest one to north enabling the wearer gradually to learn the direction of north.

David S then passed round a Parallel_port_connectionparallel port connector which he had fixed up in order to flash a BIOS using these instructions for flashing via the SPI bus. There is also a YouTube video of the process apparently narrated by the Terminator.

David C described the travails of upgrading from Google Calendar APIv2 to APIv3. This had arisen because BCB had been looking for a solution to putting their schedule on line, something they had previously entered by hand. On November 17th, APIv2 which allowed the calendar to be accessed using a simple URL was discontinued; so the BCB program schedule stopped working.

Among the changes are that you have to have a Google account, manage your project through Google using your own private key, use specific PHP libraries and be familiar with JSON data structures. This is described in the APIv3 pages.

David has provided a README in this repository describing how he did this for BCB. Having struggled through all this with a couple of sites, he eventually found that there is a way of doing this using a URL. However, it requires full UTC dates formatted with absolute precision, including the timezone, which lets you get at the data so that it can be parsed correctly by the PHP code.

Even http://foragoodstrftime.com/, suggested by Alice, does not offer a sufficiently precise UTC date for the Google Calendar API.

David created a recipe on IF This Then That to send out a tweet a specified period in advance if there is an event on the Google Calendar and one to say when ITStuff starts. The tweet is public and, as long as the tweet has the word ‘tweet’ in the title, IF This Then That tweets the description. The event, however, is a private event on the Google Calendar.

David S introduced us to Profanity65 which replaces characters in PGP strings with profanities before looking at the Regin malware and some of the NSA project names buried in it which had previously turned up in the Snowden revelations; for example, Gerontic is Cable and Wireless and Nigella the point in Cornwall where Cable and Wireless hands over to the Indian company Reliance Global for the Transatlantic cable. Cable and Wireless split in 2010 with its cable operations becoming part of Cable and Wireless Worldwide owned by Vodafone.

Symantec had revealed that Regin runs on Windows but has Linux plugins. It had identified around 100 infections, nine involving hospitality and 28 the telecoms backbone with the targets being Russia, Saudi Arabia, India, Ireland, Mexico and Belgium. It is notable that none of NSA’s main partners are being spied on with India getting into the list on account of Reliance Global.

Kaspersky’s report gives more details, noting the focus on breakpoints in cables such as Kiribati and the infiltration of Belgacom, a major telecommunications company. The loaders used by Regin mimic MS drivers; these then load the executables.

While some of the text in the Kaspersky report is redacted, the code words in Regin are the same as in the Snowden papers; it would appear that Symantec didn’t want to upset the NSA and that the earlier revelations about Regin, which has been known since 2012, were obscured by all the publicity about the Sony hack.

More information can be found in comments by AlyssaRowan, Secret Malware in European Union Attack Linked to U.S. and British Intelligence and Operation Socialist: The Inside Story of How British Spies Hacked Belgium’s Largest Telco.