"Prins, the researcher whose company was hired to investigate the Belgacom hack, has no doubts. Based on Snowden documents leaked last year and the analysis that his company has done of the Regin malware, Prins said he is fully convinced that the NSA and the GCHQ are behind Regin.
Both UNITEDRAKE and STRAIGHTBIZARRE are part of the Regin framework. You can find them in the ANT catalog. https://t.co/TFsdlI8JOW
— Ronald Prins (@cryptoron) November 24, 2014
UNITEDDRAKE and STRAIGHTBIZARRE are codenames of NSA programs, according to leaked documents. While those codenames are not mentioned in the malware, Prins explained that their description in the Snowden documents matches with "the functionality of parts of the Regin framework."
Kaspersky researchers, however, did find codenames of a somewhat similar style inside parts of the Regin malware.
#Regin internal module codenames: LEGSPINv2.6, WILLISCHECKv2.0, HOPSCOTCH.
— Costin Raiu (@craiu) November 24, 2014
except if this is done to fool everybody and it is the Russians installing it to follow the mobile phones of NSA agents in the Middle East
it seems logical but it is not because it seems logical that in the spyworld this is the right answer - it is a normal and a fast answer but not necessarily the only possible answer
exceot in this case these infections at Belgacom coincide with the Snowden files that come from the intranet of the NSA - so there are two independent sources