17 July, 2012

Stuxnet and Flame

Depiction of a compartmented "Behind the ...
Depiction of a compartmented "Behind the Green Door" US secure communications center (Photo credit: Wikipedia)
Cyberwarfare is getting interesting, and not just because of what it means for "traditional" international relations.  Increasingly, it looks like anyone can run a serious cyber-espionage operation.  How long until these tools are in the hands of more non-state actors?  When do they become a major tool in domestic politics?  IntelNews reviews the situation.  Excerpts:
Stuxnet, which caused unprecedented waves of panic among Iranian cybersecurity experts, was 500 kilobytes in size. Flame is over 20 megabytes in size, consisting of 650,000 lines of code; it is so complex that it is expected to take programming analysts around a decade to fully comprehend. The two are different, of course. Stuxnet was an infrastructure-sabotaging malware, which destroyed hundreds —maybe even thousands—of Iranian nuclear centrifuges. Flame, on the other hand, appears to be an espionage tool: it aims to surreptitiously collect information from infected systems.
Both, of course, were directed against Iran.  But they don't end there.
...there is no little doubt that Flame’s handlers have collected massive amounts of intelligence for at least two years. The program was apparently able to record conversations conducted over Skype; take desktop snapshots every 15 seconds or so; and collect usernames and passwords, among other capabilities. And all that while circumventing even the strongest antivirus software. But there is also the other side of the equation: as in the case of Stuxnet, Flame is now effectively freeware. Anyone can ostensibly access it, copy it, modify it, and re-launch it against his or her target of choice...
Cover of "The Transparent Society: Will T...
Cover via Amazon
Over 100 Israeli systems are already reported to have been infected by Flame, as well as systems in several other countries in the region.  The United States?  I have found no conclusive reports one way or another.  And even then, we'd have to distinguish between government and corporate and other systems.  But the "freeware" aspect intrigues me.  How much trouble would it be for the next PFC Manning to insert a version of Flame into SIPRNet?  Or something more restricted?  I can't help but wonder how many cyberactivsts are pouring over the code.

Are we approaching the land of "No More Secrets"?  Is this The Transparent Society discussed by Brin?  Not really, if only for the reason that those who uncover secrets may not be able to understand what they have, or may choose not to share it with the world.  But it does raise the prospect that while the NSA plugs away at monitoring everything we do, there might be a lot more states and non-state actors doing the same to them.  How will that change the game?

Comment: Who authored computer virus that ‘dwarfs Stuxnet’? « intelNews.org