Reliable Security Information

Expose the US virus war machine

Putting viruses on the computers of others is a criminal act whether or not those who own the infected computers are popular or unpopular. It has always been this way, always will be. The anti-virus business was built on the hard fact that virus writing is bad. Eugene Kaspersky of Kaspersky Labs knows this well. Globally, the a-v industry should triple and quadruple their efforts to expose cyberwar operations. It could be very good for the image and will make for interesting stories. Meting out embarrassment and odium where it is deserved is appropriate. It might also eventually serve to deter lousy decision-making at the top in the United States. Or at least make it more risk averse. At any rate, it couldn't hurt.

That's what I had to say last week. Today, we know -- courtesy of Kaspersky Labs -- that the Flame and Stuxnet virus are connected. They are part of what appears to be an extensive program by the US to develop computer viruses as weapons.

From Kaspersky:

Flame and Tilded are completely different projects based on different architectures and each with their own distinct characteristics. For instance, Flame never uses system drivers, while Stuxnet and Duqu's main method of loading modules for execution is via a kernel driver. But it turns out we were wrong. Wrong, in that we believed Flame and Stuxnet were two unrelated projects.

Our research unearthed some previously unknown facts that completely transform the current view of how Stuxnet was created and its link with Flame ...

Our analysis suggest several important conclusions, which we summarize below:

By the time Stuxnet was created (in January-June 2009), the Flame platform was already in existence (we currently date its creation to no later than summer 2008) and already had modular structure.

The Stuxnet code of 2009 used a module built on the Flame platform, probably created specifically to operate as part of Stuxnet.

The module was removed from Stuxnet in 2010 due to the addition of a new method of propagation ...

The Flame module in Stuxnet exploited a vulnerability which was unknown at the time ...

After 2009, the evolution of the Flame platform continued independently from Stuxnet ...

In case you've missed the import of it, Kaspersky Labs is rather quickly unraveling key details of the engineering used in the US computer virus warfare program.

And that shows the program has been making viruses for some time. That cat is now well out of the bag, as I wrote two weeks ago here.


Will the worldwide computer security industry work to expose and defeat, say, US cyberwar operations even more vigorously just as it pursues botnets and the work of cybercriminals? Will they now begin to spill the beans when the trail leads right back to a western government office?

Kaspersky Labs is doing all the right things.

It's also time for whistle-blowers to act. Thoroughly expose US virus war.

Unlike drone war, US virus war is something the global security industry and academy can inhibit.

While it may not be able to stop national virus writing it can reduce the potential return on the attacks while simultaneously making them a political embarrassment and source of damaged reputation.

We should also not overlook the possibility that some in the US anti-virus and computer security industry may either know, or have a good hunch, who is directly behind it. On a name basis.

The global anti-virus/security business, beyond the control of the US government, can also degrade the effectiveness of our virus war by scrutinizing even more closely the networks and computers of obvious targets.

From the wire, the secret action of the US virus war-making operation -- trying to cover its tracks:

The Flame computer virus that has been attacking Middle Eastern energy facilities, primarily in Iran, has been ordered to self destruct, the Symantec anti-virus company said on Sunday.

In an official blog post, Symantec revealed that its command-and-control (C&C) servers had sent an updated directive to the virus, which it termed "Flamer," designed to remove it from compromised computers.

But the anti-virus researchers have it for good. Sunlight, it appears, can be disinfectant to virus war.

Also of interest -- and timely -- the serialization of Virus Creation Labs.

Pass it around. Help get the phonies, national security industry parasites and miscellaneous bad people who think national virus-writing is a neat thing out of the popular debate.

Originally published at Dick Destiny blog. About the author.

Subscribe to SitRep: SitRep RSS Feed SitRep ATOM Feed