Turbotodd

Ruminations on tech, the digital media, and some golf thrown in for good measure.

Posts Tagged ‘flame

Flame No Game

leave a comment »

What a week for cybsecurity matters last week was.

First, the story about the Flame virus discovered by Kapersky Labs in Russia, a new and improved “Stuxnet” virus that has apparently infiltrated computers throughout Iran (and, it seems, beyond).

Then, The New York Times reported on the code-named “Olympic Games” cyberintrusion program, in which the U.S. and Israel allegedly developed Stuxnet for the express purpose of disabling Iranian centrifuges that were being used to enrich uranium.

If you ever had the question as to when or whether the digital realm would meet that of the physical, Stuxnet and, now, Flame, are perfectly good examples of how that intersection is being brought about.

But Eugene Kasperksy himself, who’s team discovered the Flame virus, suggests this intersection is one of foreboding, explaining at CeBIT last month that “Cyberweapons are the most dangerous innovation of this century.”

Is he right?  More dangerous than the nuclear weapons they were intended to prevent the manufacture of in Iran?

More dangerous than Hellfire missiles zooming down from the skies of Pakistan?

I suspect it depends on your respective point of view, literally.  But there can be no question the cyberintelligence debate will heat up over the coming years.

Now that digital (and, often, very economically efficient, when compared to more traditional means) mechanisms can be used for the art of proven and productive warfare and espionage purposes, state actors will likely shift more investment into cyber territory, putting much more muscle into what had previously been the domain of fringe actors.

Such a trend could lead to the development of much more serious and sobering digital “agents” whose primary purpose — for espionage, for risk mitigation, and so forth — could ultimately be betrayed by Murphy’s Law of Unintended Consequences.

The virus intended to destabilize the spinning centrifuges in Iran could spin out of control and instead open the floodgates on a dam in China.  Or so goes the fear.

But perhaps the fears are not without some justification?  If you don’t know who you can trust in the digital milieu…or, worse, if your systems don’t know who they can trust…how can you trust anyone? Or anything?

Just overnight SecurityWeek posted that Microsoft had reached out to it customers and notified the public that it had discovered unauthorized digital certifications connected to the Flame virus that “chain[ed] up” to a Microsoft sub-certfication authority that had been issued under the Microsoft Root Authority.

If such certificates can be co-opted by the “Flames” of the world, and appear to be legitimate software coming from Microsoft…well, that’s a fast and slippery slope to cyber anarchy.

As SecurityWeek also recently reported about Flame, yes, the short-term risk to enterprises is low.  But Flame “demonstrated that when nation-states are pulling the strings, they have the ability to repeatedly and significantly leap ahead of the state of the art in terms of malware.”

As state-actors raise the table stakes by developing more and more sophisticated cyber intruders, they will, in essence, be raising everybody’s game.  These virii don’t live in a vacuum — they will be gathered by the non-state actors, hackers white and black hat alike, then deconstructed, disassembled, and, potentially, improved upon before being re-assembled and unleashed back into the wild.

So what’s the answer?  Unfortunately, there is no single cyber bullet.

Constant vigilance, education, monitoring, and adaptive learning will be mostly required, in order to both keep pace with the rapid evolution (or, as the case will likely be, devolution) with these digital beasts, and enterprises everywhere would be well-served to step up their Internet security game.

Finally, let’s not forget that state-actors aren’t just looking to instill damage — many are searching for valuable intellectual capital they can benefit from economically.

That alone is more than enough justification for enterprises to have a more comprehensive cyber intelligence strategy.

In the meantime, let’s just hope the next Flame or Stuxnet doesn’t lead to a more disastrous scenario than knocking out a few centrifuges in Natanz, one that starts to make a Michael Crichton novel look as though it’s actually coming to life!

Written by turbotodd

June 4, 2012 at 3:59 pm

Internet Insecurity

leave a comment »

You ever get one of those emails where there are two headlines that couldn’t have been more synchronous?

That’s what I got today in a Washington Post email newsletter:

“New malware is 20 times size of Stuxnet”

“Cybersecurity experts needed to meet growing demand”

Surely the Post newsletter editor at least chuckled when he put those two together.

I didn’t chuckle, however, when I started reading up on this new Internet security phenom.

Wired’s Threat Level blog led with this: “A massive, highly sophisticated piece of malware has been newly found infecting systems in Iran and elsewhere and is believed to be part of a well-coordinated, ongoing, state-run cyberespionage operation.”

Here was The New York Times lead on the story: The computers of high-ranking Iranian officials appear to have been penetrated by a data-mining virus called Flame, in what may be the most destructive cyberattack on Iran since the notorious Stuxnet virus, an Iranian cyberdefense organization confirmed on Thursday.

And, the Post led with: Researchers have identified a sophisticated new computer virus 20 times the size of Stuxnet, the malicious software the disabled centrifuges in an Iranian nuclear plant. But unlike Stuxnet, the new malware appears to be used solely for espionage.

The Post goes on to cite analysts who “suspect Israel and the United States, given the virus’s sophistication, among other things.”

Which is it, we need more cybersecurity experts in the U.S., or we’re the “nation-state” behind this latest cyber war virus?

Whatever the case, the BBC’s coverage included the following facts: Russian security firm Kaspersky Labs believed the malware had been operating since August 2010 and described Flame as “one of the most complex threats ever discovered.”

If you don’t remember Stuxnet, it was the alleged state-sponsored virus which wreaked havoc on Iran’s uranium centrifuges.  This new malware, according to the BBC story, “appears not to cause physical damage,” but instead collects “huge amounts of sensitive information.”

Wired also adds to the story, reporting Flame was “written by different programmers, its complexity, the geographic scope of its infections and its behavior indicate strongly that a nation-state is behind Flame, rather than common cyber-criminals.”

Wired went on to report that “Early analysis of Flame by the Lab indicates that it’s designed primarily to spy on the users of infected computers and steal data from them, including documents, recorded conversations and keystrokes. It also opens a backdoor to infected systems to allow the attackers to tweak the toolkit and add new functionality.”

Recorded conversations?

Yes, indeedy.  According to Wired, one of the modules in Flame is “one that turns on the internal microphone of an infected machine to secretly record conversations that occur either over Skype or in the computer’s near vicinity.”

It also allegedly contains a module that turns “Bluetooth-enabled computers into a Bluetooth beacon,” scanning for other Bluetooth-enabled devices in order to “siphon names and phone numbers from their contacts folder.”

It can also store “frequent screenshots of activity on the machine,” screenshots that include everything from emeetings to instant messages, email….you get the picture.  Literally.

I don’t know about you, but I sense a whole new genre of cyber espionage novels looming on the horizon.

More details on Flame as they emerge…
%d bloggers like this: