Follow Us

War on Error

Flame is good, too good. Is Cyberwar now in the hands of Dr Strangelove?



The security experts and vendors will surely be delighted by the sudden and shocking outing of Stuxnet as part of a US Government malware programme. Long suspected of having been developed by a well-resourced state full of old-school Highway 101 programmers recent revelations now suggest that the commentators were, embarrassingly, spot on.  

Something was going on and then some, taking in, many now believe, several other pieces of odd-looking malware, including Duqu and almost certainly the recently-discovered and disturbing follow-up to Stuxnet called Flame.

Dr._Strangelovel_Mandrake.pngLet’s spell out the implications. If states such as the US have been developing and deploying sophisticated malware with omnipotent nonchalance, that realisation contains a threat. Security systems can’t stop this sort of stuff easily if at all and indeed took years to spot Stuxnet once it had escaped from its ostensible target, the Iranian Natanz nuclear enrichment plant.

The design of Flame in particular shows us how this sort of malware can call on unknown zero-day vulnerabilities at will, using forged certificates that undermine basic authentication systems, and even finessing the Windows Update system with fake servers and cryptographic brilliance.

This sort of stuff makes everyday cyber-criminals look like rank amateurs. Instinct alone should tell us this is scary because it sets a precedent that will be followed if indeed it that hasn’t already happened.

Far from feeling vindicated, the security community is feeling very uneasy. Flame initially divided opinion between those who thought it interesting but oversold and others who believed that, if anything, the implications were too large to take in.

As revelations of its inner workings trickle out, the sceptics are starting to melt. Whoever created it, Flame went to work on its targets with terrifying ease, ripping the heart out of some long-cherished pieces of the global security defence as if it was mere software bureaucracy.

This might suit the ends of short-term realpolitik, but it is misconceived madness to toss aside security protocols as if they were paper fences. The claim that successive US Presidents sanctioned cyber-warfare on this scale without any semblance of a contingency plan should it become public or spread beyond its intended targets is incredible.

This programme suggests that the policy-makers don’t understand that techies can’t simply be tasked to attack a target and left to get on with it. Programmers, even very clever ones, make mistakes, and adopt assumptions about acceptable parameters in ways that won’t be evident to their paymasters.

Presidents and chiefs-of-staff can guess at the effects of a drone strike in a hostile zone but can they do the same for a software strike? Can anyone? This is new territory and there are many unknowns.

There will be voices dismissing such concerns as the anxiety of naïve minds; the security services have in the past employed unsavoury and illegal acts, including killing, to further their aims in the name of a greater good.  This was seen as fine as long as the scale was small, the targets well chosen and plausible deniability maintained.

Stuxnet and Flame were simply this modus operandi by another name and if it disrupted Iran’s alleged nuclear weapons programme then its creation will have been vindicated.

Unfortunately, cyber-weapons aren’t casual creations. Just as they set out to operate in a hidden way so their effects and unintended consequences can remain out of sight too. Flame in particular looks like an exercise in software subversion that offers every state interested in cyber-warfare - not to mention criminals - a live laboratory of state-of-the-art thinking.

Flame’s command and control was disconnected on the very afternoon that security firms publicised its behaviour and has since attempted to erase the evidence of some of its activities. It’s too late, though; the world knows enough.

As respected and extremely sober security expert Mikko Hypponen of F-Secure said in a piece published this week in the New York Times:

“The cyber-arms race has now officially started. And nobody seems to know where it will take us. By launching Stuxnet, American officials opened Pandora's box. They will most likely end up regretting this decision.”

Tags: flame, iran, security, strangelove, stuxnet, windows update

RSSSubscribe to this blog

More from Techworld

More relevant IT news

Contact Us

For editorial queries:
Mike Simons Mike_Simons@idg.co.uk

For website issues:
Email webmaster@techworld.com

For commercial queries
Russell Kearney russell_kearney@idg.co.uk


For more contact details click here.


Email this to a friend

* indicates mandatory field





Techworld White Papers

Optimising data protection for virtual environments

VM environments require the same level of data protection as does the physical server environment. Companies may use data protection tools built for the physical environment in the virtual world, but this has serious disadvantages.

Download Whitepaper

PCI Compliance: Are UK businesses ready?

Exploring the results of a recent survey, including: ? Levels of understanding of the standard ? Current perceptions of actual compliance status ? Attitudes toward addressing compliance

Download Whitepaper

Mobility Management for Dummies

Your complete guide to managing and securing mobile devices such as laptops and smartphones.

Download Whitepaper

Magic Quadrant for midrange and high-end NAS solutions

It is difficult to find one midrange or high-end NAS product that can cater to all needs. File systems embedded in NAS are often designed to solve one major pain point, with additional features being added later to broaden use cases and benefits.

Download Whitepaper

Techworld UK - Technology - Business

Oracle Video

Enabling agile and intelligent businesses

 Changing markets, competitive pressures and evolving customer needs are placing increasing pressure on IT to deliver greater flexibility and speed. Explore truly flexible SOA foundations with this Oracle video.

Watch
COLT White Paper

IT Misuse Survey

Complete this survey and you could win a Nexus One

Techworld are running a short survey to discover how UK businesses are managing Internet and email misuse in the Enterprise.

Complete Survey

Complete our survey and you could win a Sony E-book Reader.
Techworld have teamed up with HP to compile a survey relating to server virtualisation. Complete the short survey and you could be the lucky winner of a Sony E-book reader.

Complete the survey here

Site Map

Test