July 02, 2012
Credit: Credit: Cassidian
Angus Batey London
The discovery of the advanced computer spyware Flame capped a recent spate of news that has implications for the cyberdefense policies and preparations of corporations and nations alike.
Reports of Flame's advanced technologies and extensive capabilities—uncovered by researchers in Iran in late May, before being verified by computer security laboratories worldwide—were at risk of being pushed out of the headlines when, on June 1, The New York Times reported U.S. officials all but declaring that Stuxnet—the 2008-10 malware used in an attack credited with destroying centrifuges at the Natanz, Iran, nuclear plant—was part of a covert cyberweapons program instituted by the George W. Bush administration and accelerated under President Barack Obama.
The in-depth Times report—drawn from numerous, international interviews—had the effect of making widespread assumptions and earlier reporting about Stuxnet's political authorship more concrete (AW&ST May 23, 2011, p. 43). Initiated by the Bush administration in 2006, the program—codenamed Olympic Games—saw the Defense Department's National Security Agency working with Israel's military signals intelligence and code-breaking group, Unit 8200. After an intelligence-gathering phase in which the Natanz plant was digitally mapped, code designed to destroy centrifuges was tested on working replicas of the Iranian centrifuge cascades, constructed at a number of U.S. national laboratory sites, before being deployed against the Iranian facility.
The Times stresses that deterring Israel from launching a kinetic strike against Iran's nuclear program was a key part of the U.S. rationale for the policy. While political reaction in Washington saw Republican calls for an end to White House leaks relating to classified operations, there were no denials.
Flame's emergence had already reignited the debates around the offensive cyberwarfare capabilities and policies of nation states (AW&ST June 4, p. 28). The malware, which appears to be a surveillance tool rather than a weapon with a destructive capability, was immediately identified as the product of a state program, its complexities judged by researchers to be beyond the capacity of individual programmers.
The malware used stolen digital signatures to fool the infected computer into believing that the Flame installation was a legitimate update to the Windows operating system—a capability described by more than one research lab as “the Holy Grail” of exploit coding, and which pushed Microsoft into a rare emergency patch release to close the vulnerability. Yet there were also critical voices. Graham Cluley, of anti-virus provider Sophos, stressed the tiny number of infected devices, and Rik Ferguson, director of security research and communication at Trend Micro, wrote that the code was “unique in malware terms certainly, but not impressive in and of itself.”