You ever get one of those emails where there are two headlines that couldn’t have been more synchronous?
That’s what I got today in a Washington Post email newsletter:
“New malware is 20 times size of Stuxnet”
“Cybersecurity experts needed to meet growing demand”
Surely the Post newsletter editor at least chuckled when he put those two together.
I didn’t chuckle, however, when I started reading up on this new Internet security phenom.
Wired’s Threat Level blog led with this: “A massive, highly sophisticated piece of malware has been newly found infecting systems in Iran and elsewhere and is believed to be part of a well-coordinated, ongoing, state-run cyberespionage operation.”
Here was The New York Times lead on the story: The computers of high-ranking Iranian officials appear to have been penetrated by a data-mining virus called Flame, in what may be the most destructive cyberattack on Iran since the notorious Stuxnet virus, an Iranian cyberdefense organization confirmed on Thursday.
And, the Post led with: Researchers have identified a sophisticated new computer virus 20 times the size of Stuxnet, the malicious software the disabled centrifuges in an Iranian nuclear plant. But unlike Stuxnet, the new malware appears to be used solely for espionage.
The Post goes on to cite analysts who “suspect Israel and the United States, given the virus’s sophistication, among other things.”
Which is it, we need more cybersecurity experts in the U.S., or we’re the “nation-state” behind this latest cyber war virus?
Whatever the case, the BBC’s coverage included the following facts: Russian security firm Kaspersky Labs believed the malware had been operating since August 2010 and described Flame as “one of the most complex threats ever discovered.”
If you don’t remember Stuxnet, it was the alleged state-sponsored virus which wreaked havoc on Iran’s uranium centrifuges. This new malware, according to the BBC story, “appears not to cause physical damage,” but instead collects “huge amounts of sensitive information.”
Wired also adds to the story, reporting Flame was “written by different programmers, its complexity, the geographic scope of its infections and its behavior indicate strongly that a nation-state is behind Flame, rather than common cyber-criminals.”
Wired went on to report that “Early analysis of Flame by the Lab indicates that it’s designed primarily to spy on the users of infected computers and steal data from them, including documents, recorded conversations and keystrokes. It also opens a backdoor to infected systems to allow the attackers to tweak the toolkit and add new functionality.”
Yes, indeedy. According to Wired, one of the modules in Flame is “one that turns on the internal microphone of an infected machine to secretly record conversations that occur either over Skype or in the computer’s near vicinity.”
It also allegedly contains a module that turns “Bluetooth-enabled computers into a Bluetooth beacon,” scanning for other Bluetooth-enabled devices in order to “siphon names and phone numbers from their contacts folder.”
It can also store “frequent screenshots of activity on the machine,” screenshots that include everything from emeetings to instant messages, email….you get the picture. Literally.
I don’t know about you, but I sense a whole new genre of cyber espionage novels looming on the horizon.