In “The Coming Global Cyber War,” I wrote about some of the more frightening developments we can expect as computer/viral warfare evolves. Recent viruses such as Stuxnet, Duqu, and Flame are showing the path towards a dangerous future in which terrorists and foreign governments can damage our industry, power, and transportation with viral attacks. This is not a matter of “if” but “when”.
Although the source of the most recent and sophisticated attacks was assumed to be America and Israel, last week the New York Times confirmed it.
From his first months in office, President Obama secretly ordered increasingly sophisticated attacks on the computer systems that run Iran’s main nuclear enrichment facilities, significantly expanding America’s first sustained use of cyberweapons, according to participants in the program.
Mr. Obama decided to accelerate the attacks — begun in the Bush administration and code-named Olympic Games — even after an element of the program accidentally became public in the summer of 2010 because of a programming error that allowed it to escape Iran’s Natanz plant and sent it around the world on the Internet. Computer security experts who began studying the worm, which had been developed by the United States and Israel, gave it a name: Stuxnet.
At a tense meeting in the White House Situation Room within days of the worm’s “escape,” Mr. Obama, Vice President Joseph R. Biden Jr. and the director of the Central Intelligence Agency at the time, Leon E. Panetta, considered whether America’s most ambitious attempt to slow the progress of Iran’s nuclear efforts had been fatally compromised.
“Should we shut this thing down?” Mr. Obama asked, according to members of the president’s national security team who were in the room.
Told it was unclear how much the Iranians knew about the code, and offered evidence that it was still causing havoc, Mr. Obama decided that the cyberattacks should proceed. In the following weeks, the Natanz plant was hit by a newer version of the computer worm, and then another after that. The last of that series of attacks, a few weeks after Stuxnet was detected around the world, temporarily took out nearly 1,000 of the 5,000 centrifuges Iran had spinning at the time to purify uranium.
Well thank you very much Presidents Bush and Obama for unleashing Pandora’s box on the computer world, also known as “the entire frigging planet and every aspect of modern life.” I’m sure this will never blow up in our faces.
Releasing these viruses was a remarkably irresponsible and immoral thing to do. The argument that this is preferable to “real” wars with real causalities is tempting, but misguided. There WILL be real casualties down the road. We won’t be able to control this. Sanctions will do nothing. Intelligence efforts will fail. Only a costly, ongoing, and vigilant computer security effort will keep this from doing real harm to Americans.
In the second alarming bit of news, the supervirus known as Flame has been given orders to commit seppuku. It’s command and control servers have told it to destroy itself and erase all traces of its existence.
You’ve been a good solider, Flame: activating people’s cameras and microphones in order to spy on them; collecting keyboard input, emails, and God-knows-what-else. Now it’s time to fall on your sword.
While the components and tactics of Flame were considered old-school, the gigantic virus’s interchangeable software modules and targeted nature were evidence that malware is a potent weapon in the Internet era.
Computers infected with malware are typically programmed to reach out on the Internet to get updated orders from command servers controlled by hackers.
In this case, it appeared that Flame masters gave an order for the malware to vanish, leaving behind no trail that investigators might be able to follow or clues to its origin.
The self-destruct command was evidently sent after Flame was exposed and investigations commenced.
Infected computers that got the command went on to delete an array of files and then cram disks with random characters to thwart recovery of original code, according to security researchers.
It was unknown how many infected computers received the self-destruct command.
Flame was designed to suck information from computer networks and relay what it learned back to those controlling the virus. It can record keystrokes, capture screen images, and eavesdrop using microphones built into computers.
In an intriguing twist, the malware can also use Bluetooth capabilities in machines to connect with smartphones or tablets, mining contact lists or other information, according to security researchers.
Don’t be sad, Flame. There are plenty of copies of your code being studied all over the planet, so we can count on you having a very long life via thousands of Sons of Flame now being created and pointed back at the people who ordered you into service.
What could possibly go wrong?