Did the U.S. Let the Cyber Security Animals Out of the Zoo?


Last Friday, the New York Times ran this article by David Sanger that lays out a detailed account of how the Obama Administration, following the efforts of the Bush Administration and with great personal involvement by the President himself, implemented America's first sustained use of cyber weapons aimed at crippling Iran's main nuclear enrichment facilities.  The cover was blown on this massively sophisticated effort when one of its elements, the Stuxnet worm, got loose in the wild.

The article sparked hundreds of follow-on pieces, blog posts and analyses of the new information revealed, given widespread credence by security experts who say that the information Sanger presents is accurate and appears to be based on highly placed government sources.  Particularly compelling is the description of how a coding error enabled Stuxnet to get loose "like a zoo animal that found the keys to the cage" and how the Obama Administration opted to continue the still-effective cyber attacks against Iran's nuclear program even after the cover got blown on the top-secret program.

Stuxnet has provided a powerful template for malicious cyber attackers everywhere, posing a threat to industrial control systems that operate critical infrastructure systems around the globe.  Today's big cyber security news suggests that Stuxnet may not be the only animal that escaped from the zoo.

Sanger's article hints at a connection between the Iran cyber attacks and a brand new, large-scale cyber threat, Flame, an espionage virus that is 40 times larger than Stuxnet and which has already infected computers across the Middle East.  Among Flame's capabilities are:
  • it can gather data and information from  from many sources, including computer microphones and web cameras and files; 
  • it has keystroke logging capabilities; 
  • it can communicate with any Bluetooth device; 
  • it can listen to VoIP or cell calls;
  • it can take screen shots;
  • it can replicate itself on any network;
  • it can expand its functionality beyond the above capabilities through 20 modules.
In short, Flame is a complex, sophisticated threat that most experts suspect was only capable of development by a major nation state.  Some experts speculate that Flame is part of a precursor program to Stuxnet, designed to do forward reconnaissance in preparation for the real cyber attacks.  Like Stuxnet, Flame is dependent on a "zero-day exploit" or an undiscovered vulnerability  in Windows technology.

Today's cyber news was the discovery of the likely propagation route of Flame via Windows update features, raising the notion that the newly discovered threat is capable of jumping from machine to machine on any network.  Microsoft quickly issued a patch to protect against the virus, but as was true with Stuxnet, experts are still scrambling to comprehend and protect against the awesome intruder and an accurate assessment of Flame is likely months away.

In both cases, fingers are pointing at the U.S. government (along with its ally Israel) as the progenitor of these big and powerful viruses, which, to date, are the most real cyber security threats to critical infrastructure systems.  As Paul Rosenzweig points out, it seems a little ironic that the Obama Administration is the chief advocate for legislation mandating cyber security requirements on critical infrastructure industries given that the biggest threats to critical infrastructure right now are viruses and worms developed by the U.S. government and set free by the Administration itself.

Rosenzweig quotes Jason Healey in saying that the Administration's call for mandatory cyber security requirements is akin to an arsonist calling for better fire codes, a possibly simplistic analogy that nonetheless shines a light on the dangers of playing with cyber security fire.  Stay tuned for more information as Sanger's new book, Confront and Conceal: Obama’s Secret Wars and Surprising Use of American Power, gets released tomorrow.

0 comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Twitter Delicious Facebook Digg Stumbleupon Favorites More