Flame, Stuxnet fanning the flames of cyber world war 5

This Blast Staff illustration includes an image of Flame code by Kaspersky from securelist.com, and Stuxnet code from f-secure.com

This Blast Staff illustration includes an image of Flame code by Kaspersky from securelist.com, and Stuxnet code from f-secure.com

This article is written anonymously, by The Green Geek, an IT policy professional.

The stakes in cyber war increasingly are raised as more information is known about two viruses, Stuxnet and Flame. Stuxnet and Flame are so sophisticated and complex, it was assumed they were government-sponsored. The developing news about Stuxnet and Flame sheds light on the practice of governments to use viruses to commit sabotage and espionage.

Stuxnet and Flame have opened a new door leading to heightened cyber war, if not world war, through which we cannot easily reverse. Governments are stepping into cyber war to commit or defend against terrorism, or to disable a nation’s infrastructure (for example, to disable Iran’s nuclear capabilities). Cyber warfare is expected, directly or indirectly, to impact everyday people with widespread and disruptive damage to financial, commercial, utilities, and other services.

Stuxnet

Stuxnet was first discovered in 2010 after the virus inadvertently “escaped” its original target, Iran’s Natanz nuclear plant, and propagated on the internet. This past Friday, David Sanger reported in the New York Times how Stuxnet was developed as a joint effort by the United States and Israel to strike against Iran’s nuclear program. Beginning in the Bush administration, the NSA derived intelligence about the Natanz network using “beacon” code, which was apparently precursor to the more sophisticated Stuxnet virus. President Obama allowed the program to continue.

The Stuxnet worm virus was planted into Natanz via a thumb drive. Stuxnet targeted Siemens computers inside the plant, which were controlling plutonium processing. The virus made it appear to Natanz operators that plutonium was still being processed, when in fact the processes had been terminated. Thus for a period of time, the Iranian nuclear program was halted. According to Sanger, the US and Israelis had designed the Stuxnet code so that it could only work inside the Natanz plant. The virus’ inadvertent release to the internet was from a “rogue” laptop. Whether intended or unintended, the consequences of its exposure to internet have resulted in the analysis and sharing of this code for all the world to study and analyze.

Flame

One week ago, Eugene Kaspersky announced his Kaspersky Labs discovery of the Flame virus and provided a FAQ primer about Flame. Flame is a sophisticated attack toolkit, comprising about 20 modules that sniff the network traffic, take screenshots, record audio conversations, intercept the keyboard. Server operators are able to command and control Flame’s functions, and update enhancements. Flame can regularly take screenshots; but can increase its screenshots when certain applications are run, for instance, instant messaging. Recorded audio and screenshots are stored in compressed format. Data is routinely sent to the command and control center through a covert SSL channel. Flame uses Lua, the same language used in Angry Birds. In response to the news about Flame, Iranian President Mahmoud Ahmadinejad has called for Iranian hackers to retaliate.

Anti-virus companies in over their heads

Mikko Hypponen, F-Secure’s Chief Research Officer, lamented in an Ars Technica an article, Why antivirus companies like mine failed to catch Flame and Stuxnet. He states “Flame was a failure for the antivirus industry. We really should have been able to do better. But we didn’t. We were out of our league, in our own game.” Anti-virus companies like F-Secure had been sitting on sample copies of Flame since 2010 and earlier for other companies. Flame is not new, it’s newly discovered. These companies didn’t detect it because they weren’t looking. Anti-virus protection is reactive. A/V companies must detect a virus and disable it before they can protect consumers against it. At the 2011 TED, Mikko Hypponen, gave a popular lecture about the pervasiveness and potentially devastating impact of computer viruses. At the conclusion of his TED lecture, Hypponen called for a (non-specific but implied uber-) governmental body to find a way to control the imminent cyber warfare. What did he mean? Was he proposing the USA, EU, or United Nations get more involved in cyber crime, war, and virus prevention? What role can private A/V companies serve in the future, given their failure to protect from Flame and Stuxnet?

Eugene Kaspersky issued a cyberwar warning in yesterday’s New York Times. Like the weather experts who issue a hurricane warning, Kaspersky and Hypponen are using credible media outlets to issue repeated warnings about cyberwar. Curiously, Kaspersky is Russian and Hypponen is Finnish. They give you cause to wonder about the technical knowhow or ethical dilemma of those [US nationals] in the anti-virus or IT security industry, to detect or protect against sophisticated and high-stakes cyber warfare.

Also from yesterday’s NYT Op-Ed titled, Asleep at the Laptop, Preet Bharara sounded a similar warning bell. Preet Bharara, the United States attorney for the Southern District of New York, offers his credibility. As if Kaspersky and Hypponen’s warnings were not enough, Bharara said these warnings are not only not overstated but that we are not prepared – just as unprepared as 9/11.

What’s a user to do?

Everyday people – who use internet for benign social, professional and creative functions – might toss up their arms in apathy, depression, and/or fatalism. After all the A/V companies are scratching their heads. People can and should take heed. Here’s a couple tips – though not intended to be the be-all/end all.

  • As a 1st step – improve your IT Security Awareness. See The Green Geek’s article about that…
  • If you use Windows, practice safe computing, for example, with a Trend Micro virus protection, or any other trusted anti-virus software, practice safe computing with virus protection, etc. Or, try a non-Windows operating system, since these viruses do come courtesy of Windows.
  • For example, try an Apple Mac; a Chromebook (Google cloud to the defense), or – here’s the tip from one commenter who posted on the Ars Technica article – “If your objective is to secure your laptop as much as possible, may I suggest using one of the *BSD OS variants? I’m running PC-BSD 9 (essentially FreeBSD with a nice package manager, installer, and multiple GUI choices – I’m using LXDE) on one of my netbooks and its fantastic… While FreeBSD, etc is similar to Linux it also has some key differences – improved security being one of them. See: http://en.wikipedia.org/wiki/Freebsd#Security
  • And Hypponen’s tip from his TED lecture? Prepare to fall back to being offline, the old-fashioned way.

What do you do to protect yourself? Please comment.