ADVERTISEMENT
  About the SA Blog Network













Observations

Observations


Opinion, arguments & analyses from the editors of Scientific American
Observations HomeAboutContact

“Flame” Malware Greatly Expands the Scope of Cyber Warfare

The views expressed are those of the author and are not necessarily those of Scientific American.


Email   PrintPrint



The discovery of a new species of highly sophisticated malware earlier this week adds another puzzle piece to the contemporary cyberwar battleground. Flame, as it’s called, is a whopper of a program—20 megabytes, the size of a video file, and 40 times bigger than the Stuxnet virus that took down Iranium centrifuges back in 2010.  But Flame is not just another cyber weapon—it could greatly expand the scope of nations capable of carrying out cyberattacks.

Flame bears many similarities to Stuxnet. Both are specimens of highly advanced programming and detailed expertise in many specialized areas. Both programs are the products of large teams of experts working hundreds of hours on development and testing. Only a handful of nations have the technical capacity to do this kind of work. The list would include the United States, the UK, Germany, China, Russia, Israel and Taiwan, says Scott Borg, head of U.S. Cyber Consequences Unit, a security consulting firm.

But Flame differs from Stuxnet in many important respects. Whereas Stuxnet was designed for a specific purpose—infiltrating and destroying the centrifuges used in Iran’s nuclear fuel enrichment facility at Natanz—Flame appears to be a general purpose tool for espionage. It has a broad ability to gather data from screenshots or through Bluetooth connections with other devices.  Once Flame makes it onto a computer, it begins “sniffing the network traffic, taking screenshots, recording audio conversations, intercepting the keyboard, and so on,” says a May 28 report by security firm Kaspersky. It can compress and encrypt the information it captures and hold onto it until it has a reliable Internet connection to send it Flame was apparently targeted to countries in the Middle East—it was showed up mainly in Iran, with infections also in Israel, the Palestinian territories, Sudan and Syria.

Perhaps the biggest potential problem  is that the programmers who designed Flame did not try and disguise the code in a way that makes it difficult to reverse engineer. The practice, known as “code obfuscation,” is common among commercial software developers as a way to keep competitors from being able to figure out how software products are designed. Flame programmers apparently didn’t take such measures, which means a knowledgeable programmer wouldn’t have too much trouble extracting the pertinent design of Flame and making use of it. Flame, in other words, is a boomerang.

That’s not to say that just anyone can download Flame and start using it, of course. It still requires expertise to understand how the program works. But the lack of code obfuscation adds “dozens” of states to the list of those capable of carrying out sophisticated cyber attacks, says Borg. That may very well include Iran, whose programmers almost certainly are studying the malware as we speak. The failure to protect the Flame code from being reverse engineered may turn out to have been a monumental error.

Who designed Flame isn’t clear.  David Sanger’s article in today’s New York Times confirms that Stuxnet was authored by the United States. Indeed, a clear pattern of U.S. offensive cyber warfare has been taking shape in recent years. In December, a security expert asserted that the Conficker worm, which has infiltrated millions of ordinary PCs over many years, could have served as a “door kicker” for Stuxnet—a program that went out into the field and set the stage for the Stuxnet invasion. At this point, there isn’t enough information about Flame to know who authored it.  It’s safe to assume, however, that the cyber battlefield is about to get more crowded.

ed note: Stuxnet code was not protected against reverse engineering, either, but this is less of a problem because its purpose is narrow and hence the programming is less useful as a weapon than the more general-purpose Flame. This post was corrected to reflect this.

Fred Guterl About the Author: Fred Guterl is the executive editor of Scientific American and author of Fate of the Species (Bloomsbury). Follow on Twitter @fredguterl.

The views expressed are those of the author and are not necessarily those of Scientific American.





Rights & Permissions

Comments 4 Comments

Add Comment
  1. 1. kjweber 5:12 pm 06/1/2012

    I find it pretty funny that the head of U.S. Cyber Consequences Unit is named Borg. C’mon, BORG!!! That’s major cyber consequences if you ask me. If Flame is indeed that dangerous and a “boomerang” then hopefully we will adapt, or else resistance is futile.

    Link to this
  2. 2. promytius 6:05 pm 06/1/2012

    The announcement expanded the scope, not the program! Does anyone really think this is the first application in the “cyber-war”? The difference is that it’s no longer a ‘secret’, and put this together with the Patriot Act, our newly announced “kill list” and what has actually happened, is the end of Democracy, as we know it. You can’t separate the science from the politics here or any more; we are headed toward a global infrastructure catastrophe. That is the significance of the announcement.

    Link to this
  3. 3. Trafalgar 10:16 pm 06/1/2012

    Iranium centrifuges

    Link to this
  4. 4. pinetree 11:41 am 06/4/2012

    Sci Am is hyping the technical aspect. It is worth noting that the knowledge to build such things is not merely found beyond a few nation states, it is widespread throughout the Internet. A huge underground economy exists around it. Barnes and Noble is full of books on how to write root kits and network code. Access to any executing code trivially reveals it. Ultimately code execution boils down to a stream of very simple machine instructions. The program analyst simply follows the stream. Thus any code that executes can be reversed engineered. The art of reverse engineering (aka “debugging”) is not exactly rocket science or the art of building atom bombs, which are protected largely by being expensive. Any kid, student, or half way intelligent criminal from Albania to Tanzania can do it.

    The Chinese hack in undetectably at the hardware level through control of the manufacturing process, the result of which is undefendable at the software level. You want a disturbing topic technically try that one. This bot net software is child’s play to them, which they have already demonstrated repeatedly.

    The real story may be the US is going on the offensive when it lives in the largest glass house on the planet thanks to America’s sacrosanct private sector being so utterly indifferent to the threat.

    Link to this

Add a Comment
You must sign in or register as a ScientificAmerican.com member to submit a comment.

More from Scientific American

Scientific American Dinosaurs

Get Total Access to our Digital Anthology

1,200 Articles

Order Now - Just $39! >

X

Email this Article

X