Global Security, Privacy, & Risk Management

“Flame On!”- New CyberWeapon Discovered in Middle East May 28, 2012

Complementing the post CyberEspionage, researchers have discovered a new cyberweapon.  First there was Stuxnet, then there was Duqu..now there is Flame.  Called by a researcher: “…the most complex piece of malicious software discovered to date…” the recently discovered virus is designed to capture data but can also change computer setting and turn on integrated microphones to record what is being said in the room.  Kapersky labs discovered the virus, dubbed “Flame”,  which has been lurking undetected inside of thousands of computers in the Middle East for as long as 5 years.  According to Kapersky, the countries with the most infections include Iran with the most infections followed by Israel/Palestine area, Syria, and Sudan.  According to Kapersky senior researcher Roel Schouwenberg: “The virus contains about 20 times as much code as Stuxnet, which attacked an Iranian uranium enrichment facility, causing centrifuges to fail. It has about 100 times as much code as a typical virus designed to steal financial information”.  Schouwenberg also said there was evidence to suggest the code was commissioned by the same nation or nations that were behind Stuxnet and Duqu, which were built on a common platform. Both Flame and Stuxnet appear to infect machines by exploiting the same flaw in the Windows operating system and employ a similar way of spreading.

If this virus has been lurking undetected for 5 years, it is not difficult to imagine that much more sophisticated, much more complex and surreptitious code has been released by whomever built Stuxnet, and virtually all other industrialized nations.  While some may dispute the reality of a cyberwar, this simply demonstrates that we are in the early stages of intelligence gathering while preparing for a cyberwar.

A more interesting question is what, if any, role a US based security company could or would have in such an effort?  The military industrial complex includes both the military and industrial components.  It would seem logical that a Russian Security company may have incentive to NOT detect malicious software developed by the Russian Government, a US Security company would have incentive to NOT detect US created code and so on.  Understanding this point, should a US based company use only US security tools? What about a French company?  Russian?  As we continue to find cyberweapons, these questions will invariable be raised again.

Source: http://www.msnbc.msn.com/id/47590214