The virus war has begun

The uncovering of the Flame virus confirms the outbreak of cyber warfare between nations, writes ARTHUR GOLDSTUCK.

What a difference a few days makes. There was a time, less than a month ago, when the world believed the war against hackers and computer viruses was being won.

One of the most notorious American hackers yet, Albert Gonzales, who masterminded the theft of 170 million credit card details, was settling into a 20-year prison sentence.

The perpetrators of South Africa’s biggest hacking fraud had just been jailed for stealing R43-million from the Postbank.

And experts had figured out the mechanics of one of the most complex computer intrusions ever, the Stuxnet virus, which brought Iran’s nuclear ambitions ‚ both peaceful and murderous ‚ to a stuttering halt.

Stuxnet was created in June 2009, but lurked silently for a year ‚ first reaching the home computers of Iranian nuclear scientists, then invisibly infecting the USB flash drives they used in both their home computers and at work ‚ which happened to be Iran’s Natanz nuclear enrichment plant.

Once the virus entered the Natanz network, it quietly set about making subtle changes to the functioning of the reactor’s centrifuge, causing physical damage that set the nuclear programme back several years.

Meanwhile, a slightly more benign version of Stuxnet, called Duqu, was discovered in September 2011. Rather than cause direct damage, it served as a backdoor to infected computers, allowing its creators to steal information from corporate and Government systems.

Now that the experts knew how the crimes were perpetrated, it was assumed they had built up extensive enough case file and lessons learned to bring an end to a devastating chapter of computer crime.

But on May 28 the fragile walls of data complacency came crashing down again. Russian information security leaders Kaspersky Labs announced they had uncovered a cyber-weapon even more powerful than Stuxnet. It was called Flame, and it made Stuxnet look like a practice run. In more ways than one.

Once Flame infects a computer, it allows its creators not only to see every keystroke on the computer, but also ‚ where the machine has a microphone and camera ‚ to listen to any conversation and watch all activity in the vicinity of the computer. It can even access the Bluetooth capability of a laptop to steal data from other Bluetooth-enabled devices.

Research by Kaspersky Lab last week revealed that the Stuxnet and Flame teams had ‚cooperated at least once during the early stages of development‚ of their respective viruses. A module from an early-2009 version of Stuxnet, that was used to spread the infection to USB drives, was found to have been removed from Stuxnet in 2010, but included in Flame.

Says Alexander Gostev, Chief Security Expert, Kaspersky Lab: ‚They each have different architectures with their own unique tricks that were used to infect systems and execute primary tasks. The projects were indeed separate and independent from each other. However, the new findings that reveal how the teams shared source code of at least one module in the early stages of development prove that the groups cooperated at least once.‚

It was also clear that the vast amount of skill needed to create the viruses and the knowledge of complex industrial systems revealed by Stuxnet, pointed to obvious perpetrators: nation-states targeting the computers of the ‚enemy‚ .

The general assumption is that it is a joint venture between the governments of Israel and the United States, targeting oppressive Arab regimes. However, it is not as simple as that, and some assume the British government also had a hand in the attacks ‚ suggesting an alignment akin to the Allied forces of the first two world wars.

Computer attacks by government agencies are nothing new. In 2009, the systems of numerous companies, including Google, were accessed by hackers believed to be in the pay of the Chinese government. At the time, Google was exiting China in protest against its policy of monitoring dissidents online. Similar attacks on media sites have originated from China since then.

These attacks and those on Iran reveal that we are witnessing the dawn of nation versus nation cyber-warfare. Information peace has ended.

* Arthur Goldstuck is editor-in-chief of Gadget. Follow him on Twitter on @art2gee