1. 11:35 4th Jun 2012

    Notes: 1

    Tags: TechTechnologyComputersComputingcyberwarcybercrimeComputer VirusesWarWarfareStuxnetMalwareFlame

    Flame Malware Could be Repurposed Against Its Creators Flame, as it’s called, is a whopper of a program—20 megabytes, the size of a video file, and 40 times bigger than the Stuxnet virus that took down Iranium centrifuges back in 2010. But Flame is not just another cyber weapon—it could greatly expand the scope of nations capable of carrying out cyberattacks. Flame bears many similarities to Stuxnet. Both are specimens of highly advanced programming and detailed expertise in many specialized areas. Both programs are the products of large teams of experts working hundreds of hours on development and testing. Only a handful of nations have the technical capacity to do this kind of work. The list would include the United States, the UK, Germany, China, Russia, Israel and Taiwan, says Scott Borg, head of U.S. Cyber Consequences Unit, a security consulting firm. But Flame differs from Stuxnet in many important respects. Whereas Stuxnet was designed for a specific purpose—infiltrating and destroying the centrifuges used in Iran’s nuclear fuel enrichment facility at Natanz—Flame appears to be a general purpose tool for espionage. It has a broad ability to gather data from screenshots or through Bluetooth connections with other devices. Once Flame makes it onto a computer, it begins “sniffing the network traffic, taking screenshots, recording audio conversations, intercepting the keyboard, and so on,” says a May 28 report by security firm Kaspersky. It can compress and encrypt the information it captures and hold onto it until it has a reliable Internet connection to send it Flame was apparently targeted to countries in the Middle East—it was showed up mainly in Iran, with infections also in Israel, the Palestinian territories, Sudan and Syria. Perhaps the biggest potential problem is that the programmers who designed Flame did not try and disguise the code in a way that makes it difficult to reverse engineer. The practice, known as “code obfuscation,” is common among commercial software developers as a way to keep competitors from being able to figure out how software products are designed. Flame programmers apparently didn’t take such measures, which means a knowledgeable programmer wouldn’t have too much trouble extracting the pertinent design of Flame and making use of it. Flame, in other words, is a boomerang. (via “Flame” malware greatly expands the scope of cyber warfare | Observations, Scientific American Blog Network)

    Flame Malware Could be Repurposed Against Its Creators

    Flame, as it’s called, is a whopper of a program—20 megabytes, the size of a video file, and 40 times bigger than the Stuxnet virus that took down Iranium centrifuges back in 2010. But Flame is not just another cyber weapon—it could greatly expand the scope of nations capable of carrying out cyberattacks.

    Flame bears many similarities to Stuxnet. Both are specimens of highly advanced programming and detailed expertise in many specialized areas. Both programs are the products of large teams of experts working hundreds of hours on development and testing. Only a handful of nations have the technical capacity to do this kind of work. The list would include the United States, the UK, Germany, China, Russia, Israel and Taiwan, says Scott Borg, head of U.S. Cyber Consequences Unit, a security consulting firm.

    But Flame differs from Stuxnet in many important respects. Whereas Stuxnet was designed for a specific purpose—infiltrating and destroying the centrifuges used in Iran’s nuclear fuel enrichment facility at Natanz—Flame appears to be a general purpose tool for espionage. It has a broad ability to gather data from screenshots or through Bluetooth connections with other devices.

    Once Flame makes it onto a computer, it begins “sniffing the network traffic, taking screenshots, recording audio conversations, intercepting the keyboard, and so on,” says a May 28 report by security firm Kaspersky. It can compress and encrypt the information it captures and hold onto it until it has a reliable Internet connection to send it Flame was apparently targeted to countries in the Middle East—it was showed up mainly in Iran, with infections also in Israel, the Palestinian territories, Sudan and Syria.

    Perhaps the biggest potential problem is that the programmers who designed Flame did not try and disguise the code in a way that makes it difficult to reverse engineer. The practice, known as “code obfuscation,” is common among commercial software developers as a way to keep competitors from being able to figure out how software products are designed. Flame programmers apparently didn’t take such measures, which means a knowledgeable programmer wouldn’t have too much trouble extracting the pertinent design of Flame and making use of it. Flame, in other words, is a boomerang.

    (via “Flame” malware greatly expands the scope of cyber warfare | Observations, Scientific American Blog Network)

     
    1. joshbyard posted this