This article is divided into two sections. First, the informational section, laying out the subject in terms of what it is, what it’s used for, what its potential impact is. The second part is our editorial comment on the subject.
Flame, also known as Flamer and sKyWIper, is a recently discovered modular computer malware that attacks computers running the Microsoft Windows operating system.
Flame can spread to other systems over the LAN or via USB sticks, and can record audio, screenshots, keyboard activity and network traffic. The program also records Skype conversations and can turn infected computers into Bluetooth beacons which attempt to download contact information from nearby Bluetooth-enabled devices. These data, along with locally stored documents, are sent on to one of several command and control servers that are scattered around the world. The program then awaits further instructions from these servers.
Flame appears to have been written purely for espionage purposes.
The complexity and functionality of the newly discovered malicious program exceed those of all other cyber menaces known to date. It consists of multiple modules and is made up of several megabytes of executable code in total. Analysing this cyber weapon requires a large team of top-tier security experts and reverse engineers with vast experience in the cyber defence field.
Alexander Gostev, Chief Security Expert at Kaspersky Lab, commented: “One of the most alarming facts is that the Flame cyber-attack campaign is currently in its active phase, and its operator is consistently surveilling infected systems, collecting information and targeting new systems to accomplish its unknown goals.”
[Sources include this Wikipedia article: Flame (malware), and this Kaspersky.com site article: Kaspersky Lab and ITU Research Reveals New Advanced Cyber Threat]
Regarding its origin, Kaspersky’s chief malware expert says, “the geography of the targets and also the complexity of the threat leaves no doubt about it being a nation-state that sponsored the research that went into it.” Iran’s CERT described the malware’s encryption as having “a special pattern which you only see coming from Israel”. The Daily Telegraph reported that due to Flame’s apparent targets, which included Iran, Syria, and the West Bank, Israel became “many commentators’ prime suspect”. Richard Silverstein stated that he had confirmed with a “senior Israeli source” that the malware was created by Israeli computer experts, while The Jerusalem Post wrote that Israel’s Vice Prime Minister Moshe Ya’alon appeared to have hinted that his government was responsible.
If the above information regarding potential origin is correct, it means that Israel has truly turned a corner. By entering into the cyber warfare arena, they have potentially unleashed a method by which a technologically sophisticated country, regardless of its size, could wreak havoc on another technologically sophisticated and therefore dependent country. Currently, the attack is believed to be in use by Israel against its adversaries, including Iran, Lebanon and Syria. However, there is nothing inherent in the code that would prevent it being used against the United States or any other country.
Detection/removal software is now becoming available. However, as with much computer and network security measures, most of the safeguards that are created are only in response to a threat that has already been detected. There seems to be no a priori method by which the potential for being overtaken by unknown threats can be systematically eliminated.
Lending credence to this statement is the fact that the federal government’s lead agencies in the battle against cyber-terrorism, including divisions of Homeland Security NCSD (National Cyber Security Division) and US-CERT (U.S. Computer Emergency Readiness Team), have been revolving doors of directorships since their inception. The most recent high-level departure at US-CERT, when Director, Randy Vickers, abruptly left the agency in July, 2011, led many to speculate that leading the agency is a no-win proposition. For example, over the last five years alone, the number of reported cyber attacks against [U.S.] federal networks has spiked dramatically, from about 5,500 to nearly 42,000.
For a supposed ally like Israel to initiate software as potentially dangerous as Flamer/sKyWIper and for it to be released “into the wild” as it already is, is unconscionable. It’s not much of a leap to envision this threat being used against the U.S. by any other nation/state, or perhaps even a non-governmental group with sufficient funding.
Remember the saying, “Just because you’re paranoid doesn’t mean they’re not out to get you.” There are many entities that could have their own reasons for coming after the United States. Providing them the tools to do it with would not seem to be the kind of favor we would encourage or appreciate from our allies. The fact that we seem to have received such a favor makes us say:
Thank you, Israel.