Flame on: The greatest cyberweapon ever?
posted at 5:21 pm on May 29, 2012 by Allahpundit
Now that you’re done with the NYT piece on Obama’s Al Qaeda “kill list,” take 10 more minutes and dive into Wired’s fascinating read on the greatest spy machine ever invented. Unlike Stuxnet, this one doesn’t mess with industrial equipment; all it does is record virtually everything you’re doing on your computer — or within earshot of your computer — while leaving almost no trace of its existence.
The apparent target is just who you’d think it’d be.
The [Flame] malware, which is 20 megabytes when all of its modules are installed, contains multiple libraries, SQLite3 databases, various levels of encryption — some strong, some weak — and 20 plug-ins that can be swapped in and out to provide various functionality for the attackers. It even contains some code that is written in the LUA programming language — an uncommon choice for malware…
Among Flame’s many modules is one that turns on the internal microphone of an infected machine to secretly record conversations that occur either over Skype or in the computer’s near vicinity; a module that turns Bluetooth-enabled computers into a Bluetooth beacon, which scans for other Bluetooth-enabled devices in the vicinity to siphon names and phone numbers from their contacts folder; and a module that grabs and stores frequent screenshots of activity on the machine, such as instant-messaging and email communications, and sends them via a covert SSL channel to the attackers’ command-and-control servers.
The malware also has a sniffer component that can scan all of the traffic on an infected machine’s local network and collect usernames and password hashes that are transmitted across the network. The attackers appear to use this component to hijack administrative accounts and gain high-level privileges to other machines and parts of the network.
Current estimates are that 1,000 computers worldwide are infected, a plurality of which are in Iran. Interestingly, though, Flame doesn’t replicate automatically. Stuxnet did — so much so that Richard Clarke theorized there must have been a flaw in its programming. Not only does replication make it more likely that the virus will be detected but these are, after all, the cyber equivalents of atomic bombs. The more freely available the virus is, the more likely it is that hackers and/or U.S. enemies will reverse-engineer the program to wreak havoc. (Then again, hackers can already access virtually any unsecured U.S. network, in which case who needs Flame?) The braintrust behind Flame evidently took care to make sure its exposure was limited, which helps explain why it wasn’t discovered as quickly as Stuxnet.
Apparently there are almost no similarities between Stuxnet and Flame except, per Wired, one possible likeness in their export function as well as the ability to spread via USB sticks by exploiting code vulnerabilities. Does that mean the two programs came from different sources or are the differences simply a function of what they’re designed to do? Flame is vastly bigger and more complex according to cybersecurity experts (one says it’s “20 times” more complicated than Stuxnet), but then it’s designed to perform many more tasks than merely controlling the spin of uranium centrifuges. Another clue: The two viruses seem to have emerged at roughly the same time. Stuxnet has been traced to as early as June 2009 but started circulating more widely in early 2010. Flame apparently started circulating at around the same time although it may have been around as early as 2007, says Wired, noting that Stuxnet is believed to have been written in this same period. Indeed, we already know from the NYT that Stuxnet began development during Bush’s administration and was, reportedly, accelerated by Obama. Looks like Flame might have been on the tasklist too.
We also know from the Times that Stuxnet was likely a joint U.S./Israeli project. ABC sees another common thread there:
A top Israeli official hinted today that his country could be behind the most sophisticated cyber espionage program ever developed, known as Flame, which infiltrated and has spied on computer systems throughout the Middle East, including those in Iran, for the past two years.
“Whoever sees the Iranian threat as a serious threat would be likely to take different steps, including these, in order to hurt them,” Israel’s vice prime minister Moshe Yaalon told Israel’s Army Radio today, referring to the cyber attack. “Israel is blessed to be a nation possessing superior technology. These achievements of ours open up all kinds of possibilities for us.”…
So far, researchers in the U.S. and abroad have said Flame appears to only be used for spying purposes, rather than being used to cause physical damage to systems, like Stuxnet. Still, Kaspersky Labs said in a blog post, “such highly flexible malware can be used to deploy specific attack modules” that could target a country’s critical infrastructure and there could also be variations of the code that have yet to be discovered.
In other words, Flame might have some sort of built-in Stuxnet-like capacity to take over industrial machinery if need be. (One of the UN’s own cybersecurity experts said, “I think it is a much more serious threat than Stuxnet.”) No one knows yet because they’re only just now starting to unpack it; it’s like an alien autopsy where you’re suddenly looking at an advanced physiology you’ve never seen and have to figure out what each of the organs does. Two obvious possibilities, then, on what Flame might be designed to do. One: It could detect Iranian chatter about how far along their nuclear program is, which in turn would tell Israel when time has run out and an attack needs to be launched. Right now they’re impatient with the halting negotiations between the west and Iran but willing to tolerate them, maybe because Flame is telling them that Iran hasn’t reached nuclear “breakout” capabilities just yet. Two: It could be a way to disable Iran’s air defenses in advance of an attack or, more ambitiously, Iran’s enrichment facility at Fordo, which is buried deep inside a mountain and virtually impervious to a conventional attack. If bombs can’t take that out, they’ll need another way in. Then again, if Israel has already penetrated Fordo well enough to get Flame onto the computers there, they probably already have another way in. Anything else I’m missing here, techies? All theories welcome. Exit quotation: “If Flame went on undiscovered for five years, the only logical conclusion is that there are other operations ongoing that we don’t know about.”
Related Posts:
Breaking on Hot Air
Video: Ft. Hood shooter still drawing salary – $278,000 and counting
Chinese breach of Google in 2010 exposed counter-espionage data
Blowback
Note from Hot Air management: This section is for comments from Hot Air's community of registered readers. Please don't assume that Hot Air management agrees with or otherwise endorses any particular comment just because we let it stand. A reminder: Anyone who fails to comply with our terms of use may lose their posting privilege.
Trackbacks/Pings
Trackback URL
Comments
I, for one, welcome our new Chinese overlords.
myiq2xu on May 7, 2013 at 1:26 PM
I for one welcome our new
ChineseMexican overlords.Viva LaBomb-bah!!
PappyD61 on May 7, 2013 at 1:33 PM
Guess Barry has kissed off borrowing any more money from the Chinese.
GarandFan on May 7, 2013 at 1:36 PM
ChiCom hackers? NO surprise here…
Khun Joe on May 7, 2013 at 1:38 PM
I believe the Fed actually holds more US debt than China does now.
Doomberg on May 7, 2013 at 1:44 PM
How do they know the attackers are Chinese? An hour after they block one attack, they want to block another?
The Rogue Tomato on May 7, 2013 at 1:45 PM
Why does the Pentagon have critical computer systems hooked up to the internet in the first place? Closing that door should be fairly simple: Unplug internet access. For critical computer access from off site, manually-accessed dial up (I know, slow) on a secure phone line could be used.
The Chinese can’t hack it if it ain’t hooked up.
Same thing goes for our power infrastructure, NO controls whatsoever should be accessible via internet. Readouts, status? Sure. But no controls.
iurockhead on May 7, 2013 at 1:47 PM
Brought to you by technology stolen from Intel, Apple, Dell, Microsoft, et al, and students educated in the very best universities the United States has to offer.
thatsafactjack on May 7, 2013 at 1:47 PM
Lotsa luck with that. Our policy makers are as insightful as a box of rocks.
Happy Nomad on May 7, 2013 at 1:48 PM
Watch me walk around yellow noodle town
–one of Charles’s sock puppets.
tom daschle concerned on May 7, 2013 at 1:50 PM
The US company was warned and did Nothing/Nada, until it was too late.
Bill Clinton sold the secrets to the Chines. Obama gives them away.
Many aid him in the process, in the US.
Schadenfreude on May 7, 2013 at 1:50 PM
Chinese
Schadenfreude on May 7, 2013 at 1:51 PM
Time to issue a strongly worded statement–And we really, really mean it this time.
mwbri on May 7, 2013 at 1:51 PM
It’s very interesting about socialist and communist countries: they can’t develop ideas and new technologies of their own (because communism doesn’t offer proper incentives to develop them). So instead they steal from others.
It’s like when Canada took pharmaceuticals that were developed in the U.S. at enormous cost and energy and then copied them and sold them at great discounts saying “See! We offer medicine almost for free. That means we’re more caring than our greedy Southern neighbor.”
The Soviet Union put astonishing effort and resources into stealing technology from the U.S. They knew their system couldn’t develop anything on its own, so they just took from us instead. Liberals all over the world were in awe: “Look, the Soviet Union can compete with the U.S. in goods and services sort of. And they don’t have any of that evil capitalism.”
What liberals don’t quite get is that when the U.S. completes its transformation into socialism, it won’t be producing or creating anything new anymore and therefore there won’t be anything worth going to the trouble to get. To adapt Thatcher: “Socialism and progress (in medicine, labor-saving devices, science, etc.) stops working when there’s nothing worthwhile to steal anymore.”
Burke on May 7, 2013 at 1:52 PM
The M.O. of Communist nations since WW2 ended: wait for the West to invent something your oppressed peasants are too uneducated, too poor, and/or too scared to try and make under your regime. Then steal it and make cheap knock-offs.
Though our laziness makes theft easy, it must gall them that they know they can never match us. Their back-asswards, socially unstable nation with a short-fused population bomb simply will not make parity possible.
MelonCollie on May 7, 2013 at 1:54 PM
.
Oh, that’s a GREAT relief. We’ll all sleep better tonight, knowing that. : )
.
Slightly O T:
Are there any Chinese still alive, who would remember aiding Doolittle’s Tokyo raiders elude the Japanese? I don’t know what that has to do with Chinese cyber espionage, but as I was reading it the thought came to mind and I couldn’t shake it.
listens2glenn on May 7, 2013 at 1:55 PM
In 50 years there will be one world, called Russia, capital in DC, run by the Chinese.
Schadenfreude on May 7, 2013 at 1:58 PM
.
There’s some “stupid” book out there, that predicts a ‘one world government’ that will last approx three and one half years (maybe longer).
I don’t know why people pay attention to such far-out books.
listens2glenn on May 7, 2013 at 2:07 PM
One reason may be the number of self-defined “intellectuals” who dream of being the rulers in such a “Perfect State”. They’re probably the ones buying these books.
The trouble is, of course, that any such state would suffer the same fate as the Islamists’ dreamed-of “New Caliphate”. That is, it wouldn’t even last three and a half years, because inside of six months, every one of its leaders would be looking at the others and thinking,
cheers
eon
eon on May 7, 2013 at 2:23 PM
Last time I checked, most of the innovation was coming from those same ‘liberals’ that you brand as socialists. Believe it or now, innovation and scientific progress in this country has never been stronger. Your armchair observations are really bizarre.
Anyway, you don’t seem to understand the form of socialism- state ownership and control of corporations- that Hatcher was addressing.
bayam on May 7, 2013 at 2:35 PM
I don’t think communism of itself has an inherent disincentive for innovation because there could be non-material rewards for innovation, such as public praise, satisfaction in solving problems and so on.
China wasn’t hugely innovative even before it flirted with communism and today, despite the insistence of some HotAir commentators, China is not even remotely a communist society, other than in official rhetoric and propaganda.
My explanation for why the Chinese are (relatively speaking) bad at innovation because of their underlying culture that has traditionally preferred deference to elders and “superiors”, conformity and “keeping face”. These culture traits do not encourage innovation nor nurture prospective innovators; Chinese students and workers alike are more inclined to “receive” and “follow” than to “question” and “lead”. It just so happens that those culture traits are easily co-opted by ideologies such as communism.
Contemporary western students and workers seem to be the opposite — questioning even what is long established (e.g. the basis for marriage) and pursuing individualism even to self-destruction. These traits provide an environment (at least for a few decades until the whole society collapses from self-contradiction) in which innovation flourishes and knowledge expands.
YiZhangZhe on May 7, 2013 at 2:44 PM
There is nothing remotely liberal about the left any longer.
Perhaps you’re right, for once, Bayam. Perhaps I underestimated those technological giants.
Maybe they weren’t so greedy that they rushed to do business in a nation notorious for corporate espionage, deliberately ignoring repeated warnings from BILL CLINTON and others.
Maybe their operations weren’t so poorly designed and managed that it made stealing the secrets of their technology laughably easy.
Maybe, as you seem to suggest, these tech innovators of the left, each a genius in his field, intentionally became the victims of Chinese corporate espionage, thus enabling the Chinese to try to use that technology to hack out military information and control systems.
You know, with you to speak for them, the left doesn’t need any enemies.
thatsafactjack on May 7, 2013 at 2:50 PM
Your reply to listens2glenn is very funny if you were making a sophisticated, ironic joke, and much, much funnier if you were being serious.
:)
YiZhangZhe on May 7, 2013 at 2:51 PM
There must be. The remaining members of the Doolittle raid just held their 71st, and final reunion.
bigmacdaddy on May 7, 2013 at 2:57 PM
Pentagon: Let’s get real here — a lot of this cyber espionage is coming from the Chinese military
Remind me again … why is this so hard to acknowledge?
Jaibones on May 7, 2013 at 3:09 PM
Astounding, I could trace hits on my computer coming from China back in 2007. What ITH is going on at the pentagon?
jake49 on May 7, 2013 at 3:17 PM
Read Tom Clancy’s relatively new book Threat Vector if you want to learn how Chinese cyber espionage is done.
Tom Clancy’s books are considered fiction, but shortly after I finished reading this action-packed book, I started seeing what could have been excerpts taken directly from this book, appearing in actual news stories.
wren on May 7, 2013 at 3:37 PM
Why havent we been treating this as an act of war and reposnding appropriately?
paulsur on May 7, 2013 at 3:54 PM
Innovations like “green energy” and electric cars?
Doomberg on May 7, 2013 at 4:09 PM
Appropriately, you can answer your own question by referring to the ancient Chinese military text, known as “The Art of War”, by SunTzu.
http://www.sonshi.com/suntintro.html
YiZhangZhe on May 7, 2013 at 4:13 PM
This is difficult for the establishment to acknowledge, because China supplies the cheap circus part of the bread and circuses that are required to keep the general public quiet about it’s ever shrinking piece of the economic pie. Economically what happens if we restrict trade with China?
DFCtomm on May 7, 2013 at 5:24 PM
There are many things we can do without restricting trade. How about stopping student visas for engineering and computer science for Red Chinese nationals?
slickwillie2001 on May 7, 2013 at 6:14 PM
You claim that a culture in which “innovation a flourishes and knowledge expands” is doomed to collapse.
That very innovation and expanding knowledge is what makes a society or culture flourish, and it increases its survival chances exponentially over cultures and societies who lack these qualities. These qualities are necessary for adaptability. That which does not adapt to changing conditions ceases to exist.
thatsafactjack on May 7, 2013 at 7:21 PM
So you wish to continue to give favored nation trade status to a hostile nation? I admit that to change the dynamic would create a great deal of pain, but in the end it’s the right thing to do.
DFCtomm on May 8, 2013 at 8:37 AM