|By: J. D. Heyes
Anyone who has spent longer than a day on a computer knows how dangerous to your hard drive malware and other malicious code can be. Most of us have fallen victim to one or the other and have cursed the day the hacker who developed it was born.
Now, according to reports, some of the most sophisticated malicious code ever developed is a product of the United States government, leaving more than a few tech experts and analysts concerned that maybe now, Washington has become a bigger info-terrorist than some of the country’s worst enemies.
If you’ve been following the so-called “shadow war” the U.S. and Israel have been waging
against Iran (you didn’t know about that?) then you are aware of a malicious code called Stuxnet, a computer worm reportedly developed jointly by Tel Aviv and Washington and dissected in 2009 and 2010, that created havoc among the computer systems managing Iran’s nuclear facilities.
Now, analysts believe some of the same code used in Stuxnet was also used in Flame, the latter of which was just identified recently, to form two of the foremost cyber-weapons ever developed.
Two different platforms that shared some of the same code
“We are now 100 percent sure that the Flame and Stuxnet groups worked together,” Roel Schouwenberg, a senior researcher at Russia-based Kaspersky Lab, said during a press conference. “The fact that the Flame group shared their source code with the Stuxnet group shows they cooperated at least once.”
“We believed that the two teams only had access to some common resources, [but] that didn’t show any true collaboration,” Schouwenberg continued, in an interview with ABC News. “However, now it turns out that the Stuxnet team initially used Flame to kickstart the project. That proves collaboration and takes the connection between the two teams to a whole new level.”
Analysts believe Flame and Stuxnet viruses were built on two completely different platforms and were probably developed independently. Despite that, however, the two shared key pieces of code at some point during the development process, Kaspersky officials said.
“What we have found is very strong evidence that the Stuxnet/Duqu and Flame cyberweapons are connected,” Alexander Gostev, Kaspersky Lab‘s chief security expert, said in a statement explaining that the security firm was able to link the two viruses together.
“In 2009, part of the code from the Flame platform was used in Stuxnet,” he said. “We believe that source code was used, rather than complete binary modules,” suggesting some degree of crossover. That said, “after 2009, the evolution of the Flame platform continued independently from Stuxnet,” he added.
At issue is a module known as “Resource 207,” which was found as being earlier versions of Stuxnet and which bears a list of “striking resemblance” to Flame and includes “names of mutually exclusive objects, the algorithm used to decrypt strings and similar approaches to file naming.”
Cyber weapon targeting Iran’s oil, nuclear industries
Kaspersky says he thinks the two teams worked independently but probably collaborated from time to time, putting forth a theory that Stuxnet was used for the kind of sabotage employed against Iran’s nuclear computer infrastructure while Flame, on the other hand, was a general cyber-espionage tool that developers didn’t want to mix.
“We think that these teams are different, two different teams working with each other, helping each other at different stages,” said Vitaly Kamluk, Kaspersky’s chief malware expert.
Both cyber-weapons have been employed against the Islamic republic, reports said. Iran’s military said in May that the country’s all-important oil industry was affected for a short time by the Flame virus, which has unprecedented capabilities to grab data and eavesdrop on computers. While the extent of the damage isn’t known, Iran had to cut the Internet ties to its main oil export terminal, likely to try to contain the virus.
Stuxnet, according to Kaspersky officials, was the first cyber-weapon used to target industrial facilities. “The fact that Stuxnet also infected regular PCs worldwide led to its discovery in June 2010, although the earliest known version of the malicious program was created one year before that,” the firm said.
New age of warfare?
More than anything, the security lab’s discovery of a link between the two viruses suggests that the U.S. and its allies are actively developing a host of cyber-weapons as part of an asymmetrical arsenal of high-tech tools aimed at degrading a competitor nation’s infrastructure and capabilities, all the while protecting domestic assets from penetration.
Following the discovery of Stuxnet and the alleged cyber attack on Iran, a December 2010 Congressional Research Service report put the U.S. and Israel on a short list of countries that included the U.K., France, China and Russia as capable of developing such a sophisticated virus.
“Iranian officials have claimed that Stuxnet caused only minor damage to its nuclear program, yet the potential impact of this type of malicious software could be far-reaching,” said the report. “The discovery of the Stuxnet worm has raised several issues for Congress, including the effect on national security, what the government’s response should be, whether an international treaty to curb the use of malicious software is necessary, and how such a treaty could be implemented. Congress may also consider the government’s role in protecting critical infrastructure and whether new authorities may be required for oversight.”
Welcome to the next new age in warfare.
Sources for this article include: