Flame and DuQu: Precursors to “Weapons of Mass Cyber Destruction?”

 Have you discovered The Alexandria Project?

The BADGER explosion on April 18, 1953, as part of Operation Upshot-Knothole, at the Nevada Test Site.. courtesy of Conscious at the Wikimedia CommonsUp until now, the ultra-sophisticated Stuxnet computer worm has held pride of place as the most impressive cyber weapon known to have been launched against an international opponent. Unlike the usual criminal attack, which usually takes a shotgun approach to exploit common weaknesses, the Stuxnet worm demonstrated the type of exceptionally convoluted access and attack plan that a fiction writer might well admire.
Happily, while the number of garden variety cyber attacks continues to rise, malware with the sophistication of Stuxnet has been extremely rare.  Recently, though, two new programs have been uncovered that appear to equal or exceed the complexity of Stuxnet.  And that's not good.

Not surprisingly, both the technical and popular press are now abuzz with speculation. Were they created by the same perpetrators as Stuxnet? That depends on who you talk to. Symantec believes that the designer of one of the pieces of malware (discovered last September, and dubbed DuQu) must have had access to the Stuxnet code, because they find many similarities between the two programs.

But researchers at the Laboratory of Cryptography and System Security of the Budapest University of Technology and Economics believe that the other piece of malware, which they co-discovered and announced just yesterday and named sKyWIper (also called Flame, or Flamer, by other researchers), may have already been in the wild for as long as 5 to 8 years already. And its powers are formidible. As the lab concluded in a detailed report:
sKyWIper has very advanced functionality to steal information and to propagate. Multiple exploits and propagation methods can be freely configured by the attackers….The malware is most likely capable to use all of the computers’ functionalities for its goals. It covers all major possibilities to gather intelligence, including keyboard, screen, microphone, storage devices, network, wifi, Bluetooth, USB and system processes.
The results of our technical analysis support the hypotheses that sKyWIper was developed by a government agency of a nation state with significant budget and effort, and it may be related to cyber warfare activities….arguably, it is the most complex malware ever found.
According to anti-virus firm Kapersky, Flame is even more complex than Stuxnet, comprising over 20 MB of code in comparison to Stuxnet’s then-impressive 500KB (DuQu also weighs in at about half a MB). Kapersky estimates that conducting a full analysis of the malware would take as long as 10 years
Compared to normal mass-attack malware, Flame and DuQu are therefore masterpieces of conception and execution – think lunar mission as compared to 4th of July rocket. For example, these programs target specific types of systems. Flame has been deployed for espionage purposes primarily in near-eastern nations such as Iran, Israel, Sudan, Syria, Lebanon, Saudi Arabia and Egypt.  Moreover, it can capture all manner of information (data, images, Skype calls, data pulled in via Bluetooth, and more), and can be deleted from a host on command from its handlers.  DuQu, in contrast, appears to be focusing particularly on makers of industrial control equipment and de-installs itself after 36 days in order to lessen the chance of detection.
Whether or not the same blackhats that launched Stuxnet are behind either or both of these new cyber weapons is not the only topic compelling investigation and fueling speculation. Of equal moment is the question of what the perpetrators are really up to?
So far, speculation on DuQu seems to be centering on the possibility that the malware is seeking information to be used in a later attack.  Some commentators in Iran presume that a past target for Flame was Iran, while others don’t. [Update 5/30: Iran has now confirmed that it was a target of Flame.]
If you have nothing better to do for the next few hours, you could happily follow these various strands down though multiple levels of detail and speculation.  But the greater significance of these latest evil arrivals on the cyber stage is that more, and more frequent, attacks can be expected in the future, doubtless from more, and more varied, sufficiently skillful sources, all with equally opaque objectives.  
We also must assume that a vastly under-reported “cyber arms race” is afoot, given the low costs and high opportunity profile that cyber weapons offer.  That profile can allow even small countries to achieve parity with the largest and wealthiest nations on earch.
How far could such an arms race go? Ultimately, what we’re looking at is a situation that’s much akin to nuclear proliferation.  Yes, plenty of damage was done with traditional munitions before the atomic bomb was perfected.  But the potential destruction unleashed by a nuclear weapon of even modest size is so fearsome and swift that the world immediately recoiled from the thought of any widening of nuclear capabilities. Sixty-seven years after the dawn of the atomic age, the foundations of international relations still shake when a new member joins the nuclear club.
What we’ve entered is an arm’s race to develop (allow me to coin a new phrase here) “Weapons of Mass Cyber Destruction.” And the barriers to entry to this club are very low.
Am I exaggerating? Well, consider this: in my book, The Alexandria Project, a nuclear disaster set up through a sophisticated cyber attack is narrowly averted.  So far, every technical expert that has read the book has found the fictional cyber attack I’ve imagined to be completely plausible.  So?  Well, as you may recall, Tom Clancy wrote a book in which terrorists flew a passenger jet into the U.S. Capitol building.
Sure, it’s always been true that life can imitate art, as well as the other way around.  But as Osama Bin Laden demonstrated with catastrophic success on 9/11, lately the stakes have been getting higher.  And when it comes to cyber attacks, the table stakes are a whole lot lower. Somehow, we seem to have found ourselves living in a James Bond world, but without a James Bond to save us from what could become a rapidly expanding pool of blackhats.
We’d better hurry up and figure out what we’re going to do about that, don’t you think?

Isn’t it time you  read:
The Alexandria Project?

a Tale of Treachery and Technology

Remarkably accurate while consistently spellbinding: I ran across a reference to this book at a blog unrelated to the author, and after reading one chapter, bought the book

Great thriller: In the spirit of Vincent Flynn and Tom Clancy, this cyber-security thriller is a great read. Compelling characters, great detail and an an unsettlingly plausible scenario add up to a real page-turner.

Delightfully unpredictable!  Updegrove has managed what many attempt but few can execute: a plot that is both credible and surprising….A great read – I can’t wait for the next one!

Strong characters and compelling plot: I read a lot of novels and this is a very good one. The characters are believable and engaging and the plot is compelling with several clever twists along the way….Highly recommended

Excellent and accessible techno-thriller: Updegrove…clearly knows the subject matter inside and out, but is too self-assured and smooth a writer to hide behind that insider’s knowledge….I look forward to Updegrove’s next book with great anticipation.

Great Read:  This is a very well written, highly engaging story. The scary thing about it is that the entire plot is far too possible to come to life.

Fantastic!  The Alexandria Project is a gripping novel of intrigue and suspense. The characters may be fictional, but we all know their real-life equivalents. The storyline may be fiction – but maybe not.

Read these and more 5 Star reviews at Amazon

The only part that’s fictional is that it hasn’t happened yet

Available Now for $2.99 or less


Buy at Amazon

Buy at iTunes Store

Buy at Barnes & Noble