By James Lewis, Special to CNN
Is it wrong to be blasé about the most frightening malware ever invented? Some people worry that Flame is "bigger" than Stuxnet, weighing in at 20 megabytes. Flame is "bigger" than Stuxnet, but size and sophistication aren't the same.
Let's
look at some of the tricks Flame uses. Recording keystrokes (a
"keylogger") is about 20 years old. Turning on the microphone of your
computer is also mid-90s (turning on the camera is more recent, but also
not news). The same is true for taking screen shots of your e-mail. You
can buy some of these features on the black market. This is not
cutting-edge stuff - somebody cobbled together existing exploits into a
big package.
It's true that someone does seem to have it out for Iran in cyberspace. We know of Stuxnet, of course, and cyber-exploits against Iranian oil terminals. Flame is a third example, and there may be others we don't know about. Any story that has the words "Iran," "espionage" and "attack" is bound to attract attention, but we don't know who is responsible and this certainly isn't war.
What is a cyberweapon, anyhow? This is software designed to collect information. Once you have control of a network you can do what you want (and Flame provides a degree of control), but this appears to be a collection program.
Big cyberespionage programs aren't new either. The Russians were penetrating computer networks and exfiltrating information in the early 1980s, before the commercial Internet even existed. Then there was Moonlight Maze in the late 1990s, then Ghostnet and Shady Rat.
Long-running cyberdata-collection programs have been part of the espionage portfolio for years - this is "Advance Persistent Threat" - and sometimes they come to the surface where we can see them. Russia can do this kind of thing quite well, but so can the United States, the United Kingdom, Israel, China and perhaps others. Flame is not unique and there are certainly other programs like it out there that we haven't found.
There are some odd coincidences with Flame that have nothing to do with its alleged sophistication. The International Telecommunications Union, a U.N. body that wants to play a dominant role in cybersecurity and Internet governance, asked Kaspersky, a Russian firm, to help find an unknown piece of malware that was deleting sensitive information across the Middle East. The ITU issued a confidential warning, now plastered all over the Internet. These are unprecedented actions.
How did the ITU learn of this? Why did it go to Kaspersky? There is a political context here, since Russia is pushing the ITU to play a bigger role in order to undercut what it perceives as American control of the Internet. Where the Flame story fits into this political battle is unclear, but there are alternative hypotheses to serendipity when it comes to explaining Flame that we might want to test.
That might be the most interesting part of this story.
Flame is not a weapon, it's not the most sophisticated, it's not really that new, but it might be part of a large battle shaping up over the future of the Internet. Cyberespionage happens every day. This should not be news.
The coincidence around Flame and where it fits into the future of the Internet - those might be worth a second look.
http://edition.cnn.com/
Is it wrong to be blasé about the most frightening malware ever invented? Some people worry that Flame is "bigger" than Stuxnet, weighing in at 20 megabytes. Flame is "bigger" than Stuxnet, but size and sophistication aren't the same.
Let's
look at some of the tricks Flame uses. Recording keystrokes (a
"keylogger") is about 20 years old. Turning on the microphone of your
computer is also mid-90s (turning on the camera is more recent, but also
not news). The same is true for taking screen shots of your e-mail. You
can buy some of these features on the black market. This is not
cutting-edge stuff - somebody cobbled together existing exploits into a
big package.It's true that someone does seem to have it out for Iran in cyberspace. We know of Stuxnet, of course, and cyber-exploits against Iranian oil terminals. Flame is a third example, and there may be others we don't know about. Any story that has the words "Iran," "espionage" and "attack" is bound to attract attention, but we don't know who is responsible and this certainly isn't war.
What is a cyberweapon, anyhow? This is software designed to collect information. Once you have control of a network you can do what you want (and Flame provides a degree of control), but this appears to be a collection program.
Big cyberespionage programs aren't new either. The Russians were penetrating computer networks and exfiltrating information in the early 1980s, before the commercial Internet even existed. Then there was Moonlight Maze in the late 1990s, then Ghostnet and Shady Rat.
Long-running cyberdata-collection programs have been part of the espionage portfolio for years - this is "Advance Persistent Threat" - and sometimes they come to the surface where we can see them. Russia can do this kind of thing quite well, but so can the United States, the United Kingdom, Israel, China and perhaps others. Flame is not unique and there are certainly other programs like it out there that we haven't found.
There are some odd coincidences with Flame that have nothing to do with its alleged sophistication. The International Telecommunications Union, a U.N. body that wants to play a dominant role in cybersecurity and Internet governance, asked Kaspersky, a Russian firm, to help find an unknown piece of malware that was deleting sensitive information across the Middle East. The ITU issued a confidential warning, now plastered all over the Internet. These are unprecedented actions.
How did the ITU learn of this? Why did it go to Kaspersky? There is a political context here, since Russia is pushing the ITU to play a bigger role in order to undercut what it perceives as American control of the Internet. Where the Flame story fits into this political battle is unclear, but there are alternative hypotheses to serendipity when it comes to explaining Flame that we might want to test.
That might be the most interesting part of this story.
Flame is not a weapon, it's not the most sophisticated, it's not really that new, but it might be part of a large battle shaping up over the future of the Internet. Cyberespionage happens every day. This should not be news.
The coincidence around Flame and where it fits into the future of the Internet - those might be worth a second look.
http://edition.cnn.com/
