We were first alerted to the existence of the Stuxnet worm in 2010, due to some interesting security breaches and reporting in the New York Times making it clear that a nation-state–by direct implication and what may have been deliberate misdirection at that time, Israel–must have been behind the worm.
Soon after we were alerted to the existence of Stuxnet, the US Government Department of Homeland Security warned US citizens that the proliferation of such viral “attacks” demonstrates the necessity for the private sector and government to “work together” to “defend” against such cyber-weapons:
“The key thing we learnt from Stuxnet was the need for rapid response across the private sector,” DHS Secretary Janet Napolitano told engineering students at the University of California, Berkeley. “There, we need to increase the rapidity of response, because in that area — as in several other recent attacks — we’ve seen very, very sophisticated, very, very novel ways of attacking. When you’re getting at control systems, now you’re really talking [about] taking things over, so this is an area of deep concern for us.” (Robert McMillan, “DHS Chief: What We Learned from Stuxnet,” Computerworld Government IT, April 25, 2011)
I was among what must have been a minority of readers to find this claim startling given the widespread belief that the US government was one of or perhaps even the only source for Stuxnet.
In the past few days, the US Government has, of course, revealed that it was the source of the Stuxnet worm. Whether this was a deliberate leak on the part of the Obama administration, or due to more intrepid reporting on the part of the New York Times, I leave to better minds to determine.
Centrifuge for Uranium Enrichment
Which was no impediment to the government using its existence to try to whip the private sector, and private citizens, into doing their bidding out of fear of the kind of cyber-attack which Stuxnet represents.
Legitimate or not, reasonable state action or not; at one level, this is also one of the clearest false-flag operations in recent memory, in that the Government acted as if an outside agency was responsible for a weapon of which it, in fact, was the creator, and suggested that all of us need to take measures to defend ourselves against that weapon. The argument DHS uses is just the one it needs to insist that providers of personal information like Facebook and Google must be among those who can provide “rapid response” to government requests/demands for information.
In the past few days, nearly simultaneous with the revelations about Stuxnet, we learned about a malware toolkit called Flame. Technically not a virus because it does not self-propagate, Flame appears primarily to be an espionage tool:
It can record audio, screenshots, keyboard activity and network traffic. The program also records Skype conversations and can turn infected computers into Bluetooth beacons which attempt to download contact information from nearby Bluetooth enabled devices. This data, along with locally stored documents, is sent on to one of several command and control servers that are scattered around the world. The program then awaits further instructions from these servers.
Unlike Stuxnet, which was designed to sabotage an industrial process, Flame appears to have been written purely for espionage. It does not appear to target a particular industry, but rather is “a complete attack toolkit designed for general cyber-espionage purposes”.
Using a technique known as sinkholing, Kaspersky demonstrated that “a huge majority of targets” were within Iran, with the attackers particularly seeking AutoCAD drawings, PDFs, and text files. Computing experts said that the program appeared to be gathering technical diagrams for intelligence purposes. (Wikipedia, “Flame (malware)“)
Much as with Stuxnet, all signs point to Flame being the work of a nation-state; the current US denial of involvement would be easier to accept had the Stuxnet revelation not emerged at almost exactly the same time.
According to Kaspersky’s chief malware expert, “the geography of the targets and also the complexity of the threat leaves no doubt about it being a nation-state that sponsored the research that went into it.” Kaspersky has said that the malware bears no resemblance to Stuxnet, but it may have been a parallel project commissioned by the same attackers.
Iran’s CERT described the malware’s encryption as having “a special pattern which you only see coming from Israel”. The Daily Telegraph reported that due to Flame’s apparent targets—which included Iran, Syria, and the West Bank—Israel became “many commentators’ prime suspect”. Other commentators named China and the U.S. as possible perpetrators.Richard Silverstein, a commentator critical of Israeli policies, stated that he had confirmed with a “senior Israeli source” that the malware was created by Israeli computer experts. The Jerusalem Post wrote that Israel’s Vice Prime Minister Moshe Ya’alon appeared to have hinted that his government was responsible, but an Israeli spokesperson later denied that this had been implied. Some Israeli security officials suggested that the infected machines found in Israel may imply that the virus could be traced to the U.S. or other Western nations. The U.S. has denied responsibility. (Wikipedia, “Flame (malware)“)