06.12.12
Posted in Cyberterrorism, Virus Creation Labs at 2:41 pm by George Smith
You can count there being no end to the hypocrisy of the US national security complex, “the self-licking ice cream cone.”
It looks in the mirror, sees its own menacing face, grins and runs screaming that it’s seen someone else preparing to attack.
So now we have the news of the US virus war program being used to justify the argument that others, Iran included, are readying cyberattacks on us. Digital 9/11s.
It takes a special kind of low and shady character to do this so smoothly. And a special lousy mainstream press not to point it out.
One example, from The Hill:
The revelation that the United States used a computer virus to damage Iranian nuclear facilities has added urgency to a push in Congress for cybersecurity legislation.
Top administration officials, such as National Security Agency Director Keith Alexander and Homeland Security Secretary Janet Napolitano, have long argued that the nation is at risk of suffering a devastating cyber attack …
Paul Wolfowitz, a former Deputy Secretary of Defense under President Bush, said he hopes the news of the attack would “put some added urgency” on Congress to pass cybersecurity legislation.
“Maybe it will raise awareness,” Wolfowitz said. “I hope we don’t have to wait for the cyber-equivalent of 9/11 before people realize that we’re vulnerable …”
“I hope the urgency with which we must treat cybersecurity issues is becoming clear to policymakers,” Rep. Jim Langevin (D-R.I.) said. “Putting aside the anonymous sources in that story, we know that foreign adversaries are developing capabilities to harm us and our interests in cyberspace. We must be proactive in strengthening our cyber defenses now, before a major attack, and this requires comprehensive cybersecurity legislation.”
Yes, it takes mucho gall to twist the American virus war against Iran around until it’s a convenience for claims that others are about to launch “devastating” attacks and that we should immediately beef up cybersecurity.
It’s so rotten to the core the eyes water just scanning it.
As for Paul Wolfowitz, he’s certainly a man for the job. Everyone will remember (although the Hill chooses not to recover the ground) he was one of the disgraced architects of the pre-emptive war to find the non-existent WMDs in Iraq. His name, as it turns out, is not to difficult to find associated with the praiseworthy description — “war criminal” — through Google.
“He is a bad man,” said one e-mail to yours truly today.
Further:
[Adam Segal], a fellow at the Council on Foreign Relations, said the attack may actually undermine the moral authority of the U.S. government.
“If the U.S. is trying to get the owners of critical infrastructure to agree to certain standards for security, and it turns out we’re creating the malware to attack it, it becomes slightly more difficult,” he said.
Slightly more difficult is a bit of an understatement. The situation is untenable and I’ll explain why.
Our national malware writers have created an environment where the
objective is to discover and keep secret security vulnerabilities so that they may be exploited in ongoing and future attacks. This is anathema to the international computer security model which spends considerable time and money researching and finding holes so they can be patched.
You can’t have both operations existing side by side. It’s indefensible and a conflict of interest. However, arms manufacturing companies have no problems with such things. They will only be too happy to provide defense and offense at the same time, with one operation discovering flaws and keeping them secret and another operation, allegedly, doing the opposite.
But, internationally, how can you trust such a business? You can’t.
The anti-virus companies know this. So do most computer security companies, I would think. In fact, at the beginning of the a-v industry, and I’ve written about this, there was always a suspicion among a hard core of conspiracy minded people that the anti-virus industry wrote viruses to help grease its business. It did not although one minor company did hire the hacker who wrote the virus that knocked the US Secret Service’s network off-line in 1993 to write cures for his viruses.
And I’ll get to this, as an addendum, in a little bit.
This defines the problem with writing viruses for the military.
The US academy has been charged with training people in computer security and it is these programs which will furnish graduating students, some of whom may be hired by arms manufacturers/contractors to write malware. In fact, they have probably already trained people presently working in the US virus war program.
In such cases the computer security academics will be put in the same hard position as anti-virus companies. Some of them will know they have readied people who are producing state-sponsored malware.
Maybe some will be OK with it. But some will find it ethically troubling just as many scientists don’t want money from DARPA because they believe it will largely result in things that make the world a worse place.
In other words, the US has created an untenable situation for itself. It has cultivated a poison tree and wants everyone else to trust the fruit.
Once again, we are shamed by the national security infrastructure and our leadership for reasons of short term, short-sighted, often just plain venal business gain.
This is hardly new. Unfortunately it’s been the on the record of standard behavior for the last dozen years, at least.
And now to addendum from The Virus Creations Labs.
After Priest wrote a virus that knocked the US Secret Service’s network off-line in 1992 he was hired by a minor anti-virus firm.
Here it is, excerpted.
From A Priest Deploys His Satanic Minions
Programming the Satan Bug computer virus in 1992 had turned out to be richly rewarding for Priest. Not only had it made him immediately recognized in the computer underground, he was also feared in the trenches of corporate America to the point where the Secret Service had felt compelled to intervene.
But the most interesting fallout from the Secret Service visit was a job offer from a small anti-virus company called Norman Data Defense Systems, said Priest. A director at the company wanted the virus programmer to come to work for them, starting in the summer of 1994, after the hacker finished high school.
Priest said they were interested in his opinion about the use of virus code in anti-virus software. Such code wasn’t copyrighted, so it was fair game.
Priest thought this was a bad idea. Too much virus code, in his opinion, was crappy anyway, so why would anyone want to use it? But Priest said he would think about the job offer.
By May 1994, a different Priest virus called Natas — that’s Satan spelled backwards, haw-haw — had cropped up in Mexico City, where, according to one anti-virus software developer, it had been spread by a consultant providing anti-virus software services. Through ignorance and incompetence, the consultant had gotten Natas attached to a copy of the anti-virus software he was using, sort of like some scrap of dog dirt you have neglected to scrape from your shoe.
However, like most of Priest’s viruses, Natas was a bit more than most software could handle. The software detected Natas in programs but not on itself or another critical area of the machine where the virus also took up shop. The result was tragicomic.
The consultant would search computers for viruses.
The software would find Natas!
Golly, the consultant would think, “Natas is here! I better check other computers, too.”
And so, the consultant would take his Natas-infected software to other computers where, quite naturally, it would also detect Natas as it spread it around and could not remove it fully from new, formerly uninfected computers!
Natas had come to Mexico from Southern California. The consultant frequented a computer underground bulletin board system in Santa Clarita which stocked Natas. He had downloaded the virus, perhaps not fully understood what he was dealing with, and a month or so later uploaded a desperate plea for help with Priest’s out-of-control program. You could tell from the date on the electronic cry for help — May 1994 — when Natas began being a real problem for him in Mexico.
Back in San Diego, Priest was still being interviewed on the telephone by people from Norman anti-virus. They were concerned that Priest might leak proprietary secrets to competitors after hiring so it was a must he be absolutely sure of the seriousness of his potential employment.
By the end of the interview, Priest thought he didn’t have much of a chance at the job, but by July he’d accepted an offer and moved to Fairfax to begin working for them. Paradoxically, this was the same company that had removed Priest’s Satan Bug virus from the US Secret Service’s crippled network.
But what was Priest working on at the anti-virus company?
“A cure for Natas,” he laughed softly one afternoon in late July, 1994, in telephone interview from the company office. Looking over the virus once more, Priest sardonically concluded that his disinfector made it clear the hacker had made Natas a little too easy to remove from infected systems.
By the end of the summer things were ending badly. Another manager at the anti-virus company, unsurprisingly, didn’t like the idea of the hacker working for the company, Priest said. And when management representatives arrived from the parent corporation in Norway on an inspection tour and were appraised of Priest’s status at a meeting, the hacker heard, they were also not warmed upon learning a virus writer was on staff. Officially, said Priest, there was no reaction, but in reality, the hacker felt, the atmosphere was deeply strained.
Jack Lewis, one of the Secret Service agents who had interviewed the hacker after learning he was the author of the virus that had knocked over the agency’s network, had contacted the anti-virus company to set up a luncheon date with the hacker to discuss more technical issues, Priest said.
However, the luncheon eventually fell through. The Secret Service, said Priest, thought it might be construed as a conflict of interest. Unknown to him at the time, the agency had also started spying on his comings-and-goings in Fairfax.
The entire business relationship of a famous virus writer at an anti-virus company proved totally unworkable. Paranoia escalated, trust was impossible. Priest was a hot potato. He was eventually let go.
Permalink
Posted in Cyberterrorism at 9:49 am by George Smith
After 20 years of national leaders and various experts making hay and fortunes on warning about others gathering to attack the US with cyberwar, what’s the sound when the US is exposed as the now most famous virus-writing machine for attacking others? Crickets.
Well, that’s only a small bit of it.
There’s still no shortage of politicians and arms developers/national security company profiteers going before Congress to warn of the deadly cyberthreat to the nation.
You can smell the stench of their hypocrisy everywhere. It is impossible to shame them although Kaspersky’s public dissection of the Flame virus appears to have caused its US handlers to pull the plug on it. But for how long?
A sampling from the Cyberwarhawks tab at Cryptome:
“We are being attacked in cyberspace now and we need to respond now. Our enemies would enthusiastically welcome to further postpone this bill in favor of more ‘process.’ — Sens. Lieberman, Collins, Rockefeller and Feinstein.
“We have spoken a number of times in recent months on the cyberthreat … that it is imminent and represents one of the most serious challenges to our national security since the onset of the nuclear age sixty years ago … We carry the burden of knowing that 9/11 might have been averted with the intelligence that existed at the time. We do not want to be in the same position when cyber-9/11 hits — it is not a question of whether this will happen, it is a question of when … — Michael Chertoff, Michael McConnell, Paul Wolfowitz, Michael Hayden.
[Readers will note the presence of McConnell, well known for ginning up fear of cyberwar for the benefit of the cyberdefense business he fronts at Booz Allen Hamilton as well as Paul Wolfowitz, one of the famous architects of the Iraq War disaster.]
As a leading cybersecurity provider of the federal government we recognize that cyber attacks one of the greatest threats to our national and economic security … — Northrop Grumman, arms manufacturer
From Secrecy Blog, on June 8:
The U.S. military is placing too much emphasis on defense against cyber attacks when it should be developing offensive cyber capabilities, according to Sen. John McCain.
“???I am very concerned that our strategy is too reliant on defensive measures in cyber space, and believe we need to develop the capability to go on the offense as well,??? Sen. McCain wrote in remarks appended to the Senate Armed Services Committee report on the FY 2013 defense authorization bill.
“I believe that cyber warfare will be the key battlefield of the 21st century, and I am concerned about our ability to fight and win in this new domain.”
To describe the McCain statement as without clue in light of current events probably doesn’t quite do it enough justice.
From Counterpunch:
Stuxnet has once again exposed American exceptionalism. Espionage and sabotage are presented as intolerable criminal transgressions, normally causing our elected officials and military leaders to erupt in fits of righteous indignation. That is, unless the United States is doing the spying and the sabotaging (in which case we’re seemingly rather proud of our status as leading rogue state). By crossing the Rubicon, our leaders have irrevocably lost the moral high ground. Not a wise decision for a country that, itself, depends heavily on the same buggy software that it regularly subverts.
For many years I have seen comment from F-Secure’s Mikko Hypponen in press articles and analyses on the worldwide virus problem.
Not at all prone to exaggeration, Hypponen has always tried to be scrupulously accurate.
For the New York Times, Hypponen had this to say about US virus war:
If somebody would have told me five years ago that by 2012 it would be commonplace for countries to launch cyberattacks against each other, I would not have believed it. If somebody would have told me that a Western government would be using cybersabotage to attack the nuclear program of another government, I would have thought that’s a Hollywood movie plot. Yet, that’s exactly what’s happening, for real.
Cyberattacks have several advantages over traditional espionage or sabotage. Cyber attacks are effective, cheap and deniable. This is why governments like them …
By launching Stuxnet, American officials opened Pandora’s box. They will most likely end up regretting this decision.
Hypponen notes the coincidence of American Stuxnet operation revealed by the Times just days ahead of the Kaspersky analysis linking Flame to it.
To reiterate, this shows the US national security structure has been devoting significant time to the development of cyberweapons while hypocritically warning about the the threat to this country from other cyber-attackers — often for its own benefit, part of what the insiders call “the self-licking ice cream cone.” It uses the arms contractors/war profiteers interested in expanding their cybersecurity business operations.
On the 4th the New York Times, in one of many pieces of Flame, focused on describing the Kaspersky Labs anti-virus business, mostly concerned with the fact that it is Russian and therefore allegedly untrusted by US companies and defense contractors. Left unsaid is that many US defense contractors want the dollars for cyberdefense all for themselves and that home users, for many many years, have had no doubts at all about Kaspersky Anti-virus.
Key excerpts:
Sean Sullivan, from F-Secure, said: “[Flame is] interesting and complex, but not sleek and stealthy. It could be the work of a military contractor — Northrop Grumman, Lockheed Martin, Raytheon and other contractors are developing programs like these for different intelligence services. To call it a cyberweapon says more about Kaspersky’s cold war mentality than anything else. It has to be taken with a grain of salt.”
[Another anti-virus vendor, the minor Webroot, commented it had isolated Flame virus in 2007 but considered it “unsophisticated.” This type of argument on the features of virus code — whether it’s technically spectacular or not — has been in the anti-virus industry since its inception. Which readers will eventually see as I continue to serialize The Virus Creation Labs online.]
“Antivirus companies are in a not easy situation,” Mr. Kaspersky said. “We have to protect our customers everywhere in the world. On the other hand, we understand there are quite serious powers behind these viruses.”
Even though finding viruses first is usually a boon for antivirus companies, cracking Flame, Mr. Kaspersky said, might hurt his business in one regard. “For the next five years, we can forget about government contracts in the United States.”
From me, GlobalSecurity.Org on June 1:
An anti-virus company may depend a great deal on government contracts. So what to do, what to do, when malware inevitably crawls into non-target computers in non-designated-enemy nations and your analysts and coders have a good idea of who’s behind it?
You develop an antidote and distribute it to everyone. But do you spill the beans? You have a conflict of interest, moral and ethical hazard. Doing the right thing might cost business.
Or if you’re a security company not in the US does it matter at all? You know who’s behind the attacks and you have a nice story to tell based on your pulling apart viruses. Lots of people might want to hear it.
While anti-virus software developers and others are still talking about the difficulty of attribution in virus attacks, there will come a time — just as there has in the past with regards to a handful of other famous virus writers — when they find out who, specifically, is behind the code from a national program. Everyone slips up sooner or later and someone in the international or domestic anti-virus business will have a name, or names. When they get them they should immediately publicize the information.
Permalink
06.11.12
Posted in Cyberterrorism at 12:32 pm by George Smith
From last week:
Putting viruses on the computers of others is a criminal act whether or not those who own the infected computers are popular or unpopular.
Always been this way, always will be. Eugene Kaspersky and the anti-virus industry know this well. Globally, they should triple and quadruple their efforts to expose cyberwar operations. It could be very good for the image and will make for interesting stories. Meting out embarrassment and odium where it is deserved is appropriate.
It might also eventually serve to deter lousy decision-making at the top in the United States. Or at least make it more risk averse. At any rate, it couldn’t hurt.
Today, from Kaspersky:
Flame and Tilded are completely different projects based on different architectures and each with their own distinct characteristics. For instance, Flame never uses system drivers, while Stuxnet and Duqu’s main method of loading modules for execution is via a kernel driver. But it turns out we were wrong. Wrong, in that we believed Flame and Stuxnet were two unrelated projects.
Our research unearthed some previously unknown facts that completely transform the current view of how Stuxnet was created and its link with Flame …
Our analysis suggest several important conclusions, which we summarize below:
By the time Stuxnet was created (in January-June 2009), the Flame platform was already in existence (we currently date its creation to no later than summer 2008) and already had modular structure.
The Stuxnet code of 2009 used a module built on the Flame platform, probably created specifically to operate as part of Stuxnet.
The module was removed from Stuxnet in 2010 due to the addition of a new method of propagation …
The Flame module in Stuxnet exploited a vulnerability which was unknown at the time …
After 2009, the evolution of the Flame platform continued independently from Stuxnet …
In case you’ve missed the import of it, Kaspersky Labs is rather quickly unraveling key details of the engineering used in the US computer virus warfare program.
And that shows the program has been developing viruses for some time. That cat is now well out of the bag, as I wrote two weeks ago here.
One bit:
Will the worldwide computer security industry work to expose and defeat, say, US cyberwar operations even more vigorously just as it pursues botnets and the work of cybercriminals? Will they now begin to spill the beans when the trail leads right back to a western government office?
Kaspersky Labs is doing all the right things.
It’s also time for whistle-blowers to act. Thoroughly expose US virus war.
Unlike drone war, US virus war is something the global security industry and academy can inhibit.
While it may not be able to stop national virus writing it can reduce the potential return on the attacks while simultaneously making them a political embarrassment and source of damaged reputation.
We should also not overlook the possibility that some in the US anti-virus and computer security industry may either know, or have a good hunch, who is directly behind it. On a name basis.
The global anti-virus/security business, beyond the control of the US government, can also degrade the effectiveness of our virus war by scrutinizing even more closely the networks and computers of obvious targets.
From the wire, the secret action of the US virus war-making operation — trying to cover its tracks:
The Flame computer virus that has been attacking Middle Eastern energy facilities, primarily in Iran, has been ordered to self destruct, the Symantec anti-virus company said on Sunday.
In an official blog post, Symantec revealed that its command-and-control (C&C) servers had sent an updated directive to the virus, which it termed “Flamer,” designed to remove it from compromised computers.
But the anti-virus researchers have it for good. Sunlight, it appears, can be disinfectant to virus war.
Also of interest — and timely — the serialization of Virus Creation Labs.
Pass it around. Help get the phonies, national security industry parasites and miscellaneous bad people who think national virus-writing is a neat thing out of the popular debate.
Permalink
06.08.12
Posted in Culture of Lickspittle, Cyberterrorism at 8:51 am by George Smith
From the wire:
President Obama angrily denied today that his White House team is the source of national security leaks on alleged terrorist “kill lists” and cyber attacks against Iran’s nuclear program.
“The notion that my White House would purposely release classified national security information is offensive,” Obama said at a brief White House news conference. “It’s wrong.”
Obama added the leaks were potentially criminal acts.
Putting viruses on the computers of others is a criminal act whether or not those who own the infected computers are popular or unpopular.
Always been this way, always will be. Eugene Kaspersky and the anti-virus industry know this well. Globally, they should triple and quadruple their efforts to expose cyberwar operations. It could be very good for the image and will make for interesting stories. Meting out embarrassment and odium where it is deserved is appropriate.
It might also eventually serve to deter lousy decision-making at the top in the United States. Or at least make it more risk averse. At any rate, it couldn’t hurt.
Obama continued:
“When this information or reports — whether true or false — surface on the front page of newspapers, that makes the job of folks on the front line tougher,” Obama said. “And it makes my job tougher. Which is why, since I’ve been in office, my attitude has been zero tolerance for these kinds of leaks and speculation.”
Only bad people care if those on the “front lines” of virus-writing have it tougher. The world, and this country, will not derive net benefit from more feverish and secretive military and intelligence malware manufacturing and distribution.
Further:
“We’re dealing with issues that can touch on the safety and security of the American people, our families or our military personnel or our allies, and so we don’t play with that.”
You’ll have to explain how the families or acquaintances of our state-run virus-writing operation are made less safe by its vague exposure in a newspaper, Mr. President.
Anyway, leaks and subsequent press on virus war won’t stop our virus-writing operation any more than bad press and damaged national reps stop the bombing of paupers with drones. At least not yet.
In the last ten years you’ll have noticed nothing impedes US weapons shops, so why should anything slow down state mischief in the virtual realm? Our ruling class does not care to exert true oversight and is quickly sold on just about any escalating military and secret solution to world problems.
This is because no one whose job does not depend on the expansion of armories and attack plans is ever listened to.
Permalink
06.06.12
Posted in Cyberterrorism at 6:19 am by George Smith
From the wire:
Eugene Kaspersky, whose lab discovered the Flame virus that has attacked computers in Iran and elsewhere in the Middle East, said on Wednesday only a global effort could stop a new era of “cyber terrorism”.
“It’s not cyber war, it’s cyber terrorism and I’m afraid it’s just the beginning of the game … I’m afraid it will be the end of the world as we know it,” Kaspersky told reporters at a Tel Aviv University cyber security conference.
“I’m scared, believe me,” he said.
Now where would we be without hyperbole I ask you?
Permalink
06.01.12
Posted in Crazy Weapons, Cyberterrorism at 7:38 am by George Smith
Told it was unclear how much the Iranians knew about the code, and offered evidence that it was still causing havoc, Mr. Obama decided that the [Stuxnet] cyberattacks should proceed. In the following weeks, the Natanz plant was hit by a newer version of the computer worm, and then another after that.
From the New York Times. Google.
Earlier this week:
I’ve emphasized this is a good thing. Vigorous anti-virus company competition in the global industry makes finding and neutralizing state-designed viruses a business asset. So the social good on the Internet is served by messing up, terminating or exposing various aspects of cyberwar operations.
So making the paranoid mullahs more paranoid is good, eh?
In the Nineties I set out in my book Virus Creation Labs to tell some of the story of the anti-virus industry. As part of the job its programmers were keen to discover the identity of various virus-writers and they became good at it. Now they have hard news the US government, one of their clients, has been writing computer viruses they have to treat.
Finding some of the virus writers was easy work. The original hackers who wrote them often revealed themselves, anyway. They liked to brag about it. There was no thrill in the activity if people who knew about viruses didn’t know they were yours. Since there was no money in it back then it’s easy to grasp the motivation.
Sometimes it took more analysis of code on the part of the industry to narrow it down to one individual, perhaps unnamed but recognized as the writer.
With the US government now exposed as involved in virus-writing there are different pullers at work in exposing the perpetrators of the operation.
A company may depend a great deal on government contracts. So what to do, what to do, when malware inevitably crawls into non-target computers in non-designated-enemy nations and your analysts and coders have a good idea of who’s behind it?
You develop an antidote and distribute it to everyone. But do you spill the beans? You have a conflict of interest, moral and ethical hazard.
Doing the right thing might cost business.
Or if you’re a security company not in the US does it matter at all? You know who’s behind the attacks and you have a nice story to tell based on your pulling apart viruses. Lots of people might want to hear it.
Be the whistleblower.
Virus-writers, professional or amateur, criminal or state-operated, don’t operate in a vacuum. No matter how classified or expert they think they are, they make mistakes. The code is never perfect. As the complexity of an operation rises so does the potential for error.
Do the state’s virus writers go to anti-virus conventions? Do they chat it up with the industry as virus-writers from many many years ago did?
The anti-virus industry knows. Perhaps some have held their tongues even though they don’t wish to.
Is American virus-writing outsourced, in part or in toto, to arms developers or other small businesses doubling as cybersecurity vendors?
Questions, questions.
When I wrote Virus Creation Labs there was always a small but hard-headed segment of people in information technology (and the computer savvy public) who believed anti-virus companies wrote viruses to help their businesses.
There was never any evidence of it. In fact, it was a ludicrous idea as their was never a shortage in virus writing and distribution.
In the late Eighties a small operation of the US Army made an offer looking for virus-writers. It was met with opprobrium in the a-v industry as well as general computer security circles. Nothing appeared to come of it although the publisher of my book claimed he had worked for a US military operation in NATO on the production of viruses. (He wrote many viruses for all his books on the subject, too.)
There is much more money in virus-writing now. And there is no reason to believe the national security companies, particularly those with government contracts in defending against cyberwar, don’t also want to be in the offensive side of the business.
They do.
They would love to write malware for Uncle Sam for taxpayer moolah.
Some would view it as fun, too, just like the old timey amateur virus-writers.
And the opportunity for early sales pitching is there. The cyberwar hype machine has been operating for so long the pump is primed in national leaders who don’t delve very deeply into these things. Many believe all the wild claims about cyberwar. If someone offers them malware options in attacking an enemy they will take it. And now it is known they have done so.
So when your secret war using malware is no longer secret, what is to be done? Is malware just like lobbing tear gas rounds or random cluster bombs with made in some comoany in the USA clearly embossed on some of the parts, only much less violent and directly hazardous to civilians?
If political leaders openly speak about how cyberwar threats can put lives at risk in the US what’s the difference when we’re caught doing it to someone else? Shouldn’t the president appear to be more thoughtful in such affairs rather than someone giving the OK to fuck up trust on the Internet even more for the sake of going after a pariah country? Do you think it might have been better if someone not in government or the military or intelligence had explained to him how computer viruses work?
Will the worldwide computer security industry work to expose and defeat, say, US cyberwar operations even more vigorously just as it pursues botnets and the work of cybercriminals? Will they now begin to spill the beans when the trail leads right back to a western government office?
Will they let us know when they have suspicions that some employees who’ve either worked for them or become ‘friends’ appear to have advanced the next step of their career in state-sponsored virus-writing?
Will diminishing returns now be a part of state-sponsored virus-writing? That is, is the US government’s virus-writing operation impeded now that the cat’s out of the bag and everyone knows it’s doing it?
Or do people not care? Just another day of bad business as usual on the Internet. And so what if it was against Iran? They had it coming and it’s better than bombing.
And we always trust our guys, anyway. Not a chance of a reliability problem or a crazy Bruce Ivins among ’em.
Just don’t be in the wrong country or line of work. And if it splattered onto you in … Hungary? Well, ha-ha, oops! Sorry ’bout that. Couldn’t be helped. Contact the American consulate.
Permalink
05.30.12
Posted in Crazy Weapons, Culture of Lickspittle, Cyberterrorism at 1:40 pm by George Smith
Robert Windrem used to be a national security affairs journalist who wrote books and did television. He was often very good and twenty years ago I saw him as a brief lecturer at a Knight Fellowship seminar on nuclear proliferation for reporters given at the University of Maryland. (I was a journalist granted a fellowship to attend it.)
But now he’s a much older man. Journalists sometimes don’t age well. Once cutting edge, then out of it and turned to shite when subjects and the times advance.
Today Windrem tackles the Flame virus for MSNBC.
It’s an opportunity to talk with people eager to give the United States credit for it. And to brag some more about how sophisticated and everything else it is:
As the United Nations and Iran warn that the newly discovered Flame computer virus may be the most potent weapon of its kind, U.S. computer security experts tell NBC News that the virus bears the hallmarks of a U.S. cyber espionage operation, specifically that of the super-secret National Security Agency …
“It was U.S.,??? said [one anonymous] official, who acknowledged having no first-hand knowledge of how the virus operates or was introduced into the Iranian computers …
U.S. intelligence officials declined to discuss the virus. “We have no comment,??? said one …
The virus was first discovered and announced over the weekend by a Russian cybersecurity organization after reports of massive data losses in Iranian government computers …
[I guess you could call Kaspersky Labs a “cybersecurity organization.” No one seems to have informed Windrem that the global corporate anti-virus business has been around for a long time and has a sizable US sales and advertising footprint.]
“From reading press reports, this appears to be penetrating networks to surveil, as opposed to destroy, as was the case with Stuxnet,??? said Michael Leiter, former director of the National Counter Terrorism Center and now an NBC News analyst …
If this is indeed a U.S. cyberwarfare operation, said computer security expert Roger Cressey, the target is likely to be Iran’s nuclear program and its decision-making apparatus.
“Whoever has developed this is engaged in very sophisticated intelligence gathering on computer networks throughout the region. Clearly, Iran is a top priority for this program,” said Cressey, former chief of staff of the President’s Critical Infrastructure Protection Board under George W. Bush and now an NBC News analyst …
[Roger Cressey is a long-time flunky associate of Richard Clarke’s at Good Harbor although now he is at Booz Allen Hamilton. Both are sources of cyberwar hype because defense against it is a core business operation. Windrem does not disclose this. Notice this is a good gig. You can be a paid “analyst” for a news operation on the same subject as your core business role and the news operation won’t tell the rubes.]
Iran’s President Mahmoud Ahmadinejad has said that the work of Kaspersky Labs helped Iran uncover the infection and remove it from the centrifuge control program.
[I’ve emphasized this is a good thing. Vigorous anti-virus company competition in the global industry makes finding and neutralizing state-designed viruses a business asset. So the social good on the Internet is served by messing up, completely terminating or exposing various aspects of cyberwar operations.]
Cybersecurity officials have told NBC News that the [Stuxnet] infection, while heavily publicized, was not as effective in disrupting Iran’s nuclear program as has been portrayed in some media accounts.
And that’s never been a surprise.
One of Windrem’s sources tells him the virus attacks make Iranian officials “paranoid.”
They’ve always been paranoid, though. So making them more so means better?
Permalink
05.29.12
Posted in Culture of Lickspittle, Cyberterrorism at 4:42 pm by George Smith
I’ve certain Wired exists only as a groupie publication for high tech arms manufacturing, anyone wealthy in the Silicon Valley, and cybersoldiers. It will infrequently publish articles claiming cyberwar is hyped. Doubtless, this is some kind of sham.
It’s also into misusing the English language through use of humiliatingly exaggerated praise employed to hook readers on the idea that what is being spoken of is always the [DROP IN YOUR BESTEST SINGLE OR DOUBLE ADJECTIVES] SOMETHING EVER!
Today, on the Flame virus, some headlines and bits:
Meet ‘Flame,’ The Massive Spy Malware Infiltrating Iranian Computers
Dubbed “Flame??? by Kaspersky, the malicious code dwarfs Stuxnet in size — the groundbreaking infrastructure-sabotaging malware that is believed to have wreaked havoc on Iran’s nuclear program in 2009 and 2010.
Kaspersky Lab is calling it “one of the most complex threats ever discovered.???
“It’s pretty fantastic and incredible in complexity …,???
“It will take us 10 years to fully understand everything.???
How Digital Detectives Deciphered Stuxnet, the Most Menacing Malware in History
No link. Google.
One Wired piece informs:
“Wired senior staff writer Kim Zetter won a feature writing award from the Society for Professional Journalists of Northern California last week for her riveting story on how researchers discovered and dissected Stuxnet, a worm intricately programmed to wreak havoc on an Iranian nuclear facility.
“And in a bit of nice timing, Zetter has officially committed to writing a book, tentatively titled Countdown To Zero Day, expanding on the tale …”
As an organization of professionals, The Society of Professional Journalists of Northern California is somewhat like the Indoor Football League. Only smaller.
Why?
Southern California has the Los Angeles Times, an NFL franchise so to speak.
Permalink
Posted in Crazy Weapons, Cyberterrorism at 11:22 am by George Smith
Seen on the beat.
From yesterday:
Discovery of these things [the Flame ‘supervirus’] is good for generating interest and international publicity for anti-virus firms. Therefore they will compete more vigorously in the doing of it. Which is a kind of back-handed benefit because it will stand to more quickly spoil cyberwar and harassment campaigns launched by the military and intelligence agencies of the west.
There are a number of ways to see a boost in anti-virus ads. The first is pre-loaded.
If you went out to Kaspersky Labs to read their press release yesterday and didn’t clear your cache, history and cookies at the end of each session — I do — the Internet will serve you Kaspersky ads if they’re available and the opportunity on a site presents itself.
The second, anti-virus firm makes a logical ad buy for impact as interest peaks in the Flame virus story. And you’re served the ad as part of the new daily fare.
Third — it’s all coincidence.
Permalink
05.28.12
Posted in Crazy Weapons, Culture of Lickspittle, Cyberterrorism at 9:14 am by George Smith
From Eugene Kaspersky:
Kaspersky Lab announces the discovery of a highly sophisticated malicious program that is actively being used as a cyber weapon attacking entities in several countries. The complexity and functionality of the newly discovered malicious program exceed those of all other cyber menaces known to date.
The malware was discovered by Kaspersky Lab’s experts during an investigation prompted by the International Telecommunication Union (ITU). The malicious program, detected as Worm.Win32.Flame by Kaspersky Lab’s security products, is designed to carry out cyber espionage. It can steal valuable information, including but not limited to computer display contents, information about targeted systems, stored files, contact data and even audio conversations …
Although the features of Flame differ compared with those of previous notable cyber weapons such as Duqu and Stuxnet, the geography of attacks, use of specific software vulnerabilities, and the fact that only selected computers are being targeted all indicate that Flame belongs to the same category of super-cyberweapons.
Commenting on uncovering Flame, Eugene Kaspersky, CEO and co-founder of Kaspersky Lab, said: “The risk of cyber warfare has been one of the most serious topics in the field of information security for several years now.
A few additional notes:
1. It would appear you can hide your malware longer if it is designed to specifically attack only pariah nations like Iran and Sudan, the latter which has nothing worth stealing by cyber-espionage, anyway. But eventually, even though it takes awhile, the virus will always screw up or splatter and wind up somewhere else. Like Hungary. Oops. Sorry ’bout that.
2. Therefore countries like Iran are still very poor at cybersecurity. They may remain that way due to the nature of the regimes, leadership and really lousy social fit with networked computing, which is directly inimical to their interests and way of doing things. (Notorious braggarts: “The Iranian government said Tuesday it has produced an antivirus program capable of fighting what computer experts are calling ‘the most sophisticated cyber weapon yet unleashed’ …)
3. Flame was probably discovered because it eventually did spread onto non-target systems in Israel or elsewhere causing unspecified problems noted by the “International Telecommunication Union.”
4. Every virus worthy of a press release, discovered infecting the sensitive computers of western enemies, like Iran, is a supervirus of astounding complexity and another proof of the growing terrible menace of cyberwar.
5. Discovery of these things is good for generating interest and international publicity for anti-virus firms. Therefore they will compete more vigorously in the doing of it. Which is a back-handed social benefit because it will more quickly spoil cyberwar and harassment campaigns launched by the military and intelligence agencies of the west.
Permalink
« Previous Page — « Previous entries « Previous Page · Next Page » Next entries » — Next Page »