Wednesday, May 30, 2012

The Newest Cyber Weapon: Flame

What is it?

Flame is the newest piece of super-elite malware (that's "Computer Virus," in the vernacular) that has inflected computers in the middle east. It's big (20 MB compared to Stuxnet's 1 MB) and extremely sophisticated. It can listen in to your voice conversations by activating your computer's microphone. It can take screen shots--and looks for "interesting events" to do so. It uses its own database--a first for computer viruses. It communicates with a Command and Control server network to get instruction and further spread or completely erase itself.

It is an impressive piece of work: a complete espionage toolkit with a complex configuration that is designed to hide, listen, and spread itself.

The majority of the infected computers are in Iran. Israel has sorta hinted they might be behind it.

Here's a handy infographic:

Iran claims they've got it covered. That's what they said about Stuxnet too. NakedSecurity wants us to keep this in perspective (it's no real threat to the average user)--but while his case that the total number of computers infected is small is true, considering that it wipes itself out very, very well--and responds to command and control directives ... do we actually know how many computers were infected? And anyway, it's about quality, not quantity.

What Does This Mean?
When you travel on business to China you are advised to leave your smart phone at home: it will be infected with malware if the government/business is interested in you. Your disposable phone? Take the battery out when you are in a secure meeting. Otherwise the network will activate it and listen in. No joke.

There are firms that painstakingly deconstruct hardware manufactured overseas looking for backdoors that are built in. They find them. Let's, uh, hope they're finding them all. We have seen that someone--probably Israel, possibly with the help of the US is engaged in sophisticated cyber-war against Iran. We hear that there are factions (the Chinese pro-government hactivists) who are taking "battle positions" for cyber-war against the US: this involves intrusions where nothing is taken or damaged but the staging ground is set so that when a massive operation begins they will have trusted resources to attack from.

The US has issued an equivalency doctrine: we can respond to cyber-attacks with "equivalent" conventional weapons. If someone takes out our power-grid with a computer virus we can take out theirs with high altitude bombing (or whatever). That's assuming we know who "they" are. Which we might not.

So what does this mean? It doesn't mean CyberWar is here.

This thing, the Flame virus, was (apparently) active in 2010.

CyberWar has been here for years. It's being fought right now. And you can't really tell.

What Do I Think?
While it's true that "CyberWar' is here I believe what we've really seen is cyber-skirmishes. While what happened (allegedly happened) to Iran's nuclear centrifuges is real damage there has not been, thus far, real give-and-take. And we, the US, haven't been hit yet.

When we do get hit--when the power goes out for a month ... when a dam explodes ... when Satellite TV and Cable are gone "for good" until "all the servers can be replaced" (read: never) I think we're going to see a real change in how Americans see (a) the Internet and (b) the rest of the world.

I have seen it said that 2008 was caused by an "electronic bank run" orchestrated by someone in the middle east (presumably the Saudis?). I do not believe this (the 2008 melt down was first and foremost caused by the housing bubble catastrophically bursting)--but the real damage that could be done by compromising our financial networks could be comparable to that of a nuclear weapon.

So we haven't seen that yet. I'm assured we are preparing for this--that we have talented people in place working to make sure these doomsday scenarios don't happen. But it's all in the shadows: we don't get to know how our forces compare (we can't compare numbers of tanks or argue over who would benefit in a first-strike scenario--we can only guess what the targets and vulnerabilities are). This is a new form of warfare and the available data that's meaningful is all classified.

So what do I think? I think this is some scary, scary shit and the development of these super-virus weapons represents the next level up in terms what we'll see deployed when--and I think it's clearly when--the day comes.

No comments:

Post a Comment