Flame cyber weapon is tied to Stuxnet program

The game appears to be up for the US and Israeli intelligence agencies who created the potent Stuxnet worm and Duqu trojan: analysis by software engineers at Kaspersky Lab in Moscow shows they also created Flame, the powerful espionage software that has mainly been infecting computers in Iran.

Kaspersky Lab, which was commissioned by the UN to investigate the cause of massive document losses in a raft of Middle Eastern computer networks, identified Flame last week. In a bulletin issued today, Kaspersky says that a module from Stuxnet, known as “Resource 207” is actually a Flame plugin that allows the malicious code to spread via USB devices. “The code of the USB drive infection mechanism is identical in Flame and Stuxnet,” says Kaspersky.

Coming soon after the New York Timesdetailed classified White House meetings that confirmed the US is behind Stuxnet, this is a further embarrassment for the Obama administration, which is now seen to be preaching cyber security defense at home while deploying a battery of offensive cyber threats abroad – and ones that undermine the software integrity of America’s software champion, Microsoft, to do so.

Flame works by using crypto logical skullduggery to scupper Microsoft’s update system. And Stuxnet used vulnerabilities in Microsoft operating systems that, ordinarily, would be reported to Microsoft, repaired and sent out to millions of users as an update patch. Worse, perhaps, a coding error (the US reportedly blames Israel and vice versa) allowed Stuxnet to escape into the wild and reveal its existence – which a secret cyber weapon should of course not do.

It means the taxpayer-funded US National Security Agency is working at odds with the Department of Homeland Security, which is attempting to bolster online defenses. Only last week, US homeland security secretary Janet Napolitano met industrialists at the White House to “discuss DHS’s current efforts to secure cyberspace”.

Napolitano says the DHS is “working with partners at universities and the private sector…to protect against evolving cyber threats”. Whether those threats will be variants of this new breed of home-grown cyber weapon remains to be seen.

Blowfish12@2012 blowfish12.tk Author: Sudharsun. P. R.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s