#regin, Belgacom and the #nsa and what we should know
it is always the same song in Belgium. Once there is an attack or hack, they file a complaint with the FCCU as they should and than they can't say anything more. The justice department, the FCCU and the CERT will need to set up some technical information exchange to be sure that technical information about (identified) hacks gets distributed in time to other possible victims just to warn them that it can happen.
There is for the moment even no Federal Cybercrime or Cybersecurity Center under the prime minister who could organize that and take responsability.
The Belgacomvirus or #regin files - and it is not because some of the files are the same that the whole set is the same - were rumoured to be NATO secret level 3 and afterwards were said to be handed over with other information to the BIPT. Some people who should have known in Belgium tell me they didn't and were surprised to read in the newspaper that all critical infrastructure was informed about the technical details of the attack and which things to look out for in their firewalls and security appliances.
Belgacom does repeat the same thing today.
So this leaves two questions.
Or it are the same files and Belgacom has cleaned it up and found them and is sure that they didn't come back - even in their 2013 version. Than everything is fine for Belgacom and they just have to keep up the same vigilance and determination. But if Belgacom says that it are exactly the same files than it has to say this clearly so there is no doubt whatsoever. They will probably say that they can't say this because it would 'interfere' with the investigation which is stupid because we know a lot more technical details about any other criminal investigation before the trial starts (if there is going to be anyday a trial here).
SO BELGACOM - IS IT OR ISN'T IT. If it isn't you know you will have to go rechecking - although as a good securitypractice you will restart your checking anyway.
When are we going to have that information ? I know a lot of people who are responsable for enormous networks and enormous sets of data who have no data about what they are talking about when the BIPT says that everybody has received the necessary information ? Does this means that all the banks, all the international organisations in Belgium, all the energy networks, all the governmental agencies that handle secret or important information were informed ? All the ISP and telecom operators ?
SO BIPT as more and more information is in the open and some of the files are now being found online and will be assembled in the near time as now a whole community of people starts a hunt for them (for sure they are already at virustotal) when are you going to release more information. Or are there diplomatic or other reasons for which that information can't be published. By not publishing it you confirm this.