Slashdot Mirror
Flame: The Massive Stuxnet-Level Malware Sweeping the Middle East
An anonymous reader writes "Wired is reporting on a massive, highly sophisticated piece of malware has been newly found infecting systems in Iran and elsewhere and is believed to be part of a well-coordinated, ongoing, state-run cyberespionage operation. Kaspersky Lab, the company that discovered the malware, has a FAQ with more details."
TFA purports that somebody wrote a bunch of code that is a virus, trojan, malware and toaster driver all at once. Nobody knows who did it or why, but they must be very smart. It hijacks data, voice, video and neural transmissions and appears to be able to perform telekinesis. It was likely written sometime after 1996 and before 2021.
It's big.. Really big. So big that it would fit on any USB drive or email attachment created since, well, 1996.
It's smart. Really smart. So smart that it's going to take us literally months of press reports to get it out.
It goes after the Usual Suspects. It may or may not be related to Stuxnet, tilde, Steven P. Jobs or George Bush (either or both of them).
For some strange reason, the coders wrote the thing pretty much unobfuscated. Except that unobfuscated isn't a word.
Be afraid. Be very afraid.
Faster! Faster! Faster would be better!
What about keeping the general population informed about what the world is up to? You know, so that the electorate can make electoral decisions based on actual information rather than fear-mongering? Or is this just an outdated concept, and we should let our politicians just tell us what we should worry about?
Those who can, do. Those who can't, sue.
Why should they care about 'national intelligence' as it pertains to other countries? They have no duty to protect whoever created this. Hell, until they've done the analysis, they don't even know who the hell it is.
If you have code out there that's an attack vector, it's a vulnerability for everyone. If someone repurposed the attack, it's something which can be exploited.
Do you think people should have laid low on the topic of the Sony rootkit on CDs because, clearly they were justified?
I don't buy your argument -- security researchers are looking for vulnerabilities we could all be subject to.
National intelligence be damned ... how the hell are you supposed to know what is being targeted and by whom? Did China write this? The US? Russia? Tuvalu?
That's like saying people should stop worrying if the police are breaking laws because they're doing it for our own good. Then ends don't always justify the means.
Lost at C:>. Found at C.
Who made Flame?
Flame seems to use libraries with permissive licenses only. No hacktivists or cybercriminals would care about this issue, they would use whatever works best.
This leaves governments, they might. Why? Because if it ever becomes known who actually made it, that party would need to release all of the sources, had they used libraries under some copyleft license! Why? Well, whoever made Flame has already obviously distributed binaries, so suing for copyleft violation would happen in court, and it would be many people suing, especially the counterparty is the government. It would be a PR disaster, and to risk that on an election year? No way.
Also, Flame requires a considerable infrastructure to store and analyze the spied information. Which governments would be capable of pulling this off? All the big ones with a lot of money to spend: China, Russia, Great Britain, France, USA, Japan, ...
So, which government cares a lot about intellectual property? China? Nope. Russia? Nope. Great Britain - well, yeah. Personally, I don't think it was Great Britain. It would be enlightening to check the Flame Lua-parts (or other plaintext in the main Flame) for spelling of -ise vs. -ize. I bet there's -ize and not -ise.
It is said that Stuxnet and Flame share similar 0-day holes. The nation which developed Stuxnet is Israel and they have a strong history of military and intelligence collaboration with USA. Israel would not have had the capability or capacity to run two such parallel programs on its own.
So who HAS likely NOT made Flame? Drop the nations which are one way or another unlikely candidates, and only one name is really left.
So, who made Flame?
USA made Flame. This is what I think. What's your analysis?
Should the details of the latest stealth aircraft technology be publicly disclosed so voters can make informed decisions? The latest in radar-absorbing paint, if it exists in a usable form? Nuclear weapon design details (the important details, not the general info that's already public)? Every detail of the President's personal security? Come on. Some things are relevant enough to the political process that voters must be informed. Other things are not, and secrecy is critically important for some of them.
I am a geek attorney, but not your geek attorney unless you've already retained me. This is not legal advice.
TFA purports that somebody wrote a bunch of code that is a virus, trojan, malware and toaster driver all at once.
You mean it's like a Facebook phone?
Apart from the toaster bit, which might be useful...
Those who can make you believe absurdities can make you commit atrocities. - Voltaire
Kaspersky discovered the malware about two weeks ago after the United Nations' International Telecommunications Union asked the Lab to look into reports in April that computers belonging to the Iranian Oil Ministry and the Iranian National Oil Company had been hit with malware that was stealing and deleting information from the systems.
Why do you jump to the conclusion that if it is targeting Iran it must be a good thing? Do you ever question what you see in the media? What if it was written by programmers hired by wall streeters that were trying to gain an upper hand on the oil market, thereby basically stealing money from the Iranians and from you? Still a good thing? This is probably not the case, but that's just it: until we find out all of the details we need to keep our minds open and quizzical, and question who is feeding us what bullshit and why.
Propaganda is getting more and more sophisticated; it is coming at you from all directions. I'm not saying be paranoid, just to realize that most media that gets presented to you has a purpose. Once in a while see if you can divine that purpose.
Try some critical thinking.
Look where all this talking got us, baby.
1. a scarier version of stuxnet
2. a Facebook smarphone
3. secret backdoors on military chips
4. workplace havoc because of OS fake holidays
I was going to accuse Slashdot of fearmongering, until I doublechecked and found out that, yes, Facebook really is trying to build a smartphone.
The Apocalypse is near.
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
Liberty is less threatened by foreign evildoers than by domestic injustice. Laws that stack the deck, and laws that are selectively enforced, are what any lovers of freedom should fear.
It's not secret technology that protects us. Freedom's only hope is a people that won't take crap from their government.
I think armed revolution would be a stupid and counterproductive idea. But bloodless or bloody, technical tactical details of the hardware we've bought with our own money could be handy to know.
Of course it's not as simple as I portray it, but progress and freedom depend on transparency, warfare and tyranny depend on secrecy. When so much is secret, even our laws, we must ask ourselves if our priorities are straight.
In the case of Stuxnet, your average hacker doesn't have access to nuclear centrifuge controllers to develop and debug on. For code that is as finely tuned as it was, you need a development lab that includes the target systems or at least true simulations thereof.
For something like Flame, with it being as targeted as it is, you'd expect something similar.
Learning HOW to think is more important than learning WHAT to think.
There comes a point with even the most successful cyberattack vector-- think stuxnet-- of diminishing returns. Sooner or later the nation under attack is going to wise up and put in place some sort of protection.
However the attacker can change the game and go public just before that point, and do so in a way that can create enough confusion and fud to further damage his opponent. The way the news about stuxnet was dribbled out, with lots of caveats and plausible conspiracy theories, Iran has had to spend a lot more than they had budgeted for on system reviews. And all those Iranian tech people who have been tied up in assuring that military and critical civilian systems are clean-- well, they are no longer available for other pursuits, like refining nuclear detonation models or missile control systems. This is significant: if you can tie up the intellectual resources of a country with a few thousand lines of code, you can bring the development of their war machine to a grinding halt. And do it without anyone having to dodge real bullets.
It is plausible that we are now learning about Flame because its controllers have decided that it is time to go public. Kaspersky might be simply an unwitting player in moving the game to the next level. Or perhaps they are very much in the loop. From the perspective of a third party, it doesn't matter. What matters is that Flame makes it more likely that any clandestine business arrangements with repressive Middle East countries will become public. That shifts the risk - benefit analysis of companies that are thinking about doing business with those governments, and those governments will find some purchases will be harder to make and more expensive.
Of course this post adds to the fud; it suggests a complex conspiracy theory operating on several levels. I can say that I am not a party to such a conspiracy, but most readers would not be able to verify that. I can also say that as I do not much like the current regimes in Iran and Syria, I think it would be a good thing if they had to spend more of their resources on assuring that all their computers were clean of nasty little surprises. It seems to me that talking up the possibility of some kind of international conspiracy of many, many levels would be a good thing, whether it is true or not. Could the intelligence agencies of the USA, UK, Israel, Russia, Denmark (why not Denmark?) and so on have formed their own little Anonymous group? Can you not picture Ninja Hackers in Guy Fawkes masks?
Will