June 14, 2012

The Flame That Changed the World.

I’ll never forget Oktoberfest 2010 for as long as I live. Yes, I like beer, especially the German stuff, and especially at Oktoberfest. But I don’t even remember the beer, and that’s not because I had too much of it :) It was at that time we received the first news of a very unpleasant trend, which I had feared for a number of years. That’s right, it was the first time Stuxnet reared its ugly head – the first malware created with state backing and designed to fulfill a specific military mission. This is exactly what we had talked about at our Oktoberfest press conference: “Welcome to the age of cyber warfare!” It was already obvious then that Stuxnet was just the beginning.

Cyber Warfare

Indeed, little has changed since that September right up to the present day. Everybody had a pretty good idea where Stuxnet came from and who was behind it, although not a single state took responsibility; in fact, they distanced themselves from authorship as much as possible. The “breakthrough” came at the end of May when we discovered new malware which also left little doubt as to its military origins and aims.

Yes, I’m talking about Flame.

Leaving the technical details to one side: what is the historic significance of Flame? Why all the fuss about this particular malware? To what extent is it dangerous and what type of danger does it pose?  Are cyber weapons capable of becoming part of state military doctrine and triggering a new arms race? These questions may sound strange, even alarming – it’s just a virus, no big deal! After all, it’s not going to stop me from eating my fresh croissant in the morning (or my dim sum :), is it? Well, if the development of military malware continues to spiral out of control, then the lack of a croissant or dim sum in the morning will be the least of the worries around.

The week after Flame was detected we saw several sudden newsflashes. The news basically “upgraded” the current perception of military strategy and demonstrated that states have already been successfully applying offensive cyber weapons for several years now.

On June 1st, The New York Times published a landmark article where the finger of responsibility for Stuxnet was pointed firmly at the USA – and there was no denial from Washington. Quite the opposite – the White House expressed its anger at information leaks and called for an investigation. At the same time, Israel also shed its inhibitions and, without going as far as acknowledging its participation in these incident(s), it finally admitted its interest in the development and implementation of cyber weapons.

Now let’s look at the potential repercussions of this news.

Firstly, Stuxnet, Duqu and Flame have proved that cyber weapons are: a) effective; b) much cheaper than traditional weapons; c) difficult to detect; d) difficult to attribute to a particular attacker (rendering proactive protective measures virtually useless); e) difficult to protect against, given all the unknown software vulnerabilities; f) can be replicated at no extra cost. What’s more, the seemingly harmless nature of these weapons means their owners have few qualms about unleashing them, with little thought for the consequences. And there will be consequences – to such an extent that the Die Hard 4 scenario will come to pass. Details below.

Secondly, the recent examples have justified the use of cyber weapons both ethically and legally. I’m sure other countries have also made use of such technologies, but before it simply wasn’t discussed and everything was done on the quiet, little by little and secretly. Now, nobody is going to hold back. And those countries which do not have cyber weapons will be considered backward by “decent military society”. As a consequence, in the short term, cyber military budgets will be increased many times over and we will see an arms race in the cyber dimension. As we know all too well, guns are made for firing.

Thirdly, the lack of any sort of international convention (i.e. an agreement on the “rules of the game”) on the development, implementation and distribution of cyber weapons and no court of arbitration give rise to several very real threats:

  • The emergence of especially dangerous malware which deliberately, accidentally or by some “boomerang” effect strikes critical infrastructure objects, capable of triggering regional/global social, economic or ecological disasters.
  • The use of conventional weapons in response to attacks involving cyber weapons. Last year the USA announced that they reserved the right to respond to a cyber attack with traditional military means.
  • An imitation, provocation or misinterpretation of a cyber attack in order to justify a military attack on another state. A kind of cyber Pearl Harbor.

There aren’t many people who currently understand the danger of cyber weapons. It’s hard to believe that some virus, a few kilo/megabytes of code can suddenly cause, say, an accident at a nuclear station, a fire on an oil pipeline or a plane crash, isn’t it? But mankind has for some time now become increasing and imperceptibly dependent on information technologies.

For example, let’s return to the croissant thing.

It’s made at a bakery, where computers are used in the accounting department, in the warehouse and for the systems responsible for mixing the dough and controlling the ovens. Ingredients are supplied to the bakery from other, similarly automated factories. All logistics between them involves computers and networks. Electricity, water, sewage and the other municipal services are also supplied by computerized enterprises. Even the elevator which delivers your croissant to a trendy café is managed by a dedicated IT system. Finally, there’s the credit card we use to pay for the croissant…well, need I say anymore?

All these are potential targets of a cyber attack. And then we have Stuxnet which put centrifuges at nuclear facilities in Iran out of action. A bakery or water treatment plant is unlikely to have better protection. In fact, everything is much worse – industrial and critical infrastructure facilities operate on vulnerable SCADA systems which, on top of everything, are frequently connected to the Internet. And the sluggishness of the developers of these systems when it comes to fixing vulnerabilities (which can be exploited to conduct a cyber attack), has given rise to the new term “forever days”.

In terms of their destructive potential, cyber weapons are by no means inferior to nuclear, biological or chemical weapons. But, unlike these weapons of mass destruction, cyber weapons are not subject to any sort of control and have the glamour of being invisible, ubiquitous and “precise” (some “experts” even went so far as to claim that cyber weapons actually contribute to the world peace) which makes their use all the more tempting.

By developing cyber weapons, we are sawing the branch that we sit on. As a result the developed countries, being one of the most computerized entities in the world, will suffer most.

To be honest, I am pessimistic. I hope I am mistaken. I don’t think it will now be possible for countries to agree upon cyber warfare rules. We are currently providing technical expertise to the UN’s International Telecommunication Unit  (ITU). They are trying to create at least some sort of system for governing cyberspace along the lines of the IAEA. But even articles in the media show that some countries are resisting these efforts. Indeed, who needs regulations for such promising and “harmless” weapons? I reckon that governments will only fully understand the real danger of cyber warfare after we are hit hard, as was the case in 2003 along the north-east coast of the USA – there should be no doubts about the real cause of that particular incident. The barn doors won’t be closed until the horse has bolted. I just wonder if we can be smarter than this in the 21st century?

Conclusions:

  • The international community has to try to reach an agreement governing the development, application and proliferation of cyber weapons. This will not solve all the problems, but at least it will help establish the rules of the game, integrating the new military technologies into the structure of international relations, preventing uncontrolled development and careless use.
  • Infrastructure and industrial facilities, financial and transport systems, utilities and other critically important objects should reappraise their approach to information security, first and foremost, in terms of isolating them from the Internet, seeking out software alternatives that meet the new challenges to industrial control systems.
  • Although the security industry has been focusing on combating mass epidemics for many years, its arsenal includes protection technologies which are most probably capable of preventing targeted attacks by cyber weapons. However, this will require users to rethink the security paradigm and introduce a multi-level protection system.
  • Stuxnet, Duqu and Flame are just the tip of the iceberg. We can only guess what other cyber weapons are circulating around the world. I’m sure we will have more discoveries soon. I just hope it doesn’t get too scary.
  • Being a global company with a primary mission to care about our customers’ security, we state officially that we will fight any cyber weapons irrespective of the country of origin and any attempts to force us to “collaborate”. We consider any compromise on this score to be incompatible with our ethical and professional principles.

State-backed cyber warfare is a real threat that is just making its first steps towards mass adoption. The earlier governments understand the possible consequences the safer our lives will be. I just can’t agree more with Bruce Schneier:

Cyberwar treaties, as imperfect as they might be, are the only way to contain the threat.

Can you imagine the world order without international treaties for nuclear/chemical/biological weapons deterrence? IAEA didn’t stop India, Israel, North Korea and Pakistan from developing their own nuclear weapons. However, these treaties clearly signal what is good and what is bad establishing the rules of the game!

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email
  • No, thanks

READ COMMENTS 9
Comments 3 Leave a note

    toxicreverend

    *The 1982 Cyberweapon Attack Against A Russian Pipeline That Resulted In A Huge Explosion*
    Fair Use statement given after the *censored* , copyrighted article:
    Copy / Paste of the *2004 Washington Post* article follows with a Google link given after this censored article, *Verifiable at public libraries*

    *CIA slipped bugs to Soviets*
    Memoir recounts Cold War technological sabotage
    *By David E. Hoffman The Washington Post Feb. 27, 2004*

    In January 1982, President Ronald Reagan approved a CIA plan to sabotage the economy of the Soviet Union through covert transfers of technology that contained hidden malfunctions, *including software that later triggered a huge explosion in a Siberian natural gas pipeline, according to a new memoir by a Reagan White House official.*

    *Thomas C. Reed, a former Air Force secretary who was serving in the National Security Council at the time, describes the episode in “At the Abyss: An Insider’s History of the Cold War,” to be published next month by Ballantine Books. Reed writes that the pipeline explosion was just one example of “cold-eyed economic warfare” against the Soviet Union that the CIA carried out under Director William J. Casey during the final years of the Cold War.*

    At the time, the United States was attempting to block Western Europe from importing Soviet natural gas. There were also signs that the Soviets were trying to steal a wide variety of Western technology. Then, a KGB insider revealed the specific shopping list and *the CIA slipped the flawed software to the Soviets in a way they would not detect it.*

    *Programmed to go haywire’*

    *”In order to disrupt the Soviet gas supply, its hard currency earnings from the West, and the internal Russian economy, the pipeline software that was to run the pumps, turbines, and valves was programmed to go haywire, after a decent interval, to reset pump speeds and valve settings to produce pressures far beyond those acceptable to pipeline joints and welds,” Reed writes.*

    “The result was the most monumental non-nuclear explosion and fire ever seen from space,” he recalls, adding that U.S. satellites picked up the explosion. Reed said in an interview that the blast occurred in the summer of 1982.”While there were no physical casualties from the pipeline explosion, there was significant damage to the Soviet economy,” he writes. “Its ultimate bankruptcy, not a bloody battle or nuclear exchange, is what brought the Cold War to an end. In time the Soviets came to understand that they had been stealing bogus technology, but now what were they to do? By implication, every cell of the Soviet leviathan might be infected. They had no way of knowing which equipment was sound, which was bogus. All was suspect, which was the intended endgame for the entire operation.”

    Reed said he obtained CIA approval to publish details about the operation. The CIA learned of the full extent of the KGB’s pursuit of Western technology in an intelligence operation known as the Farewell Dossier. Portions of the operation have been disclosed earlier, including in a 1996 paper in Studies in Intelligence, a CIA journal. The paper was written by Gus W. Weiss, an expert on technology and intelligence who was instrumental in devising the plan to send the flawed materials and served with Reed on the National Security Council. Weiss died Nov. 25 at 72.

    According to the Weiss article and Reed’s book, the Soviet authorities in 1970 set up a new KGB section, known as Directorate T, to plumb Western research and development for badly needed technology. Directorate T’s operating arm to steal the technology was known as Line X. Its spies were often sprinkled throughout Soviet delegations to the United States; on one visit to a Boeing plant, “a Soviet guest applied adhesive to his shoes to obtain metal samples,” Weiss recalled in his article.

    Then, at a July 1981 economic summit in Ottawa, President Francois Mitterrand of France told Reagan that French intelligence had obtained the services of an agent they dubbed “Farewell,” Col. Vladimir Vetrov, a 53-year-old engineer who was assigned to evaluate the intelligence collected by Directorate T.

    Vetrov, who Weiss recalled had provided his services for ideological reasons, photographed and supplied 4,000 documents on the program. The documents revealed the names of more than 200 Line X officers around the world and showed how the Soviets were carrying out a broad-based effort to steal Western technology.

    *Caused a storm*

    “Reagan expressed great interest in Mitterrand’s sensitive revelations and was grateful for his offer to make the material available to the U.S. administration,” Reed writes.

    *The Farewell Dossier* arrived at the CIA in August 1981. “It immediately caused a storm,” Reed says in the book. “The files were incredibly explicit. They set forth the extent of Soviet penetration into U.S. and other Western laboratories, factories and government agencies.” “Reading the material caused my worst nightmares to come true,” Weiss recalled. The documents showed the Soviets had stolen valuable data on radar, computers, machine tools and semiconductors, he wrote. “Our science was supporting their national defense.” The Farewell Dossier included a shopping list of future Soviet priorities. In January 1982, Weiss said he proposed to Casey a program to slip the Soviets technology that would work for a while, then fail. Reed said the CIA “would add ‘extra ingredients’ to the software and hardware on the KGB’s shopping list.”

    “Reagan received the plan enthusiastically,” Reed writes. “Casey was given a go.” According to Weiss, “American industry helped in the preparation of items to be ‘marketed’ to Line X.” Some details about the flawed technology were reported in Aviation Week and Space Technology in 1986 and in a 1995 book by Peter Schweizer, “Victory: The Reagan Administration’s Secret Strategy that Hastened the Collapse of the Soviet Union.”

    *The sabotage of the gas pipeline has not been previously disclosed, and at the time was a closely guarded secret. When the pipeline exploded, Reed writes, the first reports caused concern in the U.S. military and at the White House. “NORAD feared a missile liftoff from a place where no rockets were known to be based,” he said, referring to North American Air Defense Command. “Or perhaps it was the detonation of a small nuclear device.” However, satellites did not pick up any telltale signs of a nuclear explosion.*

    “Before these conflicting indicators could turn into an international crisis,” he added, “Gus Weiss came down the hall to tell his fellow NSC staffers not to worry.”

    The role that Reagan and the United States played in the collapse of the Soviet Union is still a matter of intense debate. Some argue that U.S. policy was the key factor — Reagan’s military buildup; the Strategic Defense Initiative, Reagan’s proposed missile defense system; confronting the Soviets in regional conflicts; and rapid advances in U.S. high technology. But others say that internal Soviet factors were more important, including economic decline and President Mikhail Gorbachev’s revolutionary policies of glasnost and perestroika.

    Reed, who served in the National Security Council from January 1982 to June 1983, said the United States and its NATO allies later “rolled up the entire Line X collection network, both in the U.S. and overseas.” Weiss said “the heart of Soviet technology collection crumbled and would not recover.”

    However, Vetrov’s espionage was discovered by the KGB, and he was executed in 1983.

    © 2005 The Washington Post Company © 2005 MSNBC.com

    FAIR USE NOTICE: This site contains copyrighted material
    the use of which has not always been specifically authorized
    by the copyright owner. We are making such material available
    in our efforts to advance understanding of environmental,
    political, human rights, economic, democracy, scientific, and
    social justice issues, etc. We believe this constitutes a ‘fair use’
    of any such copyrighted material as provided for in section 107
    of the U.S. Copyright Law. In accordance with Title 17 U.S. C.
    Section 107, the material on this site is distributed without profit
    to those who have expressed a prior interest in receiving the
    included information for research and educational purposes.

    http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&ved=0COsDEBYwAA&url=http%3A%2F%2Findustrialdefender.com%2Fgeneral_downloads%2Fincidents%2F1982.06_trans_siberian_gas_pipeline_explosion.pdf&ei=8M_aT6CRK6i42QWwvrCFBg&usg=AFQjCNF78LrfrpKcHBNDrJE99Xrs9tiXEQ&sig2=MOKqUXtQA6SVKV_G6vn7GQ

    1
    Reply to conversation

    R

    The fact that two days after this post, there are only two comments (including this one) says a lot about the public understanding of what’s going on here.

    1
    Reply to conversation

    Q

    Eugene is absolutely correct in his analysis.

    The development of Stuxnet is in effect the Genie that has escaped from the bottle. Yes it was designed to cause major difficulty to another State in its efforts to develop nuclear capability, but the reality that the software is now ‘available’ on the internet is the key issue. Prime Minister Cameron recently referred to the 75,000 people who had downloaded a DDOS attack tool. So what is going on out there, what is fermenting, who is targeting whom? With the on going use of utility software by critical national infrastructure operators plus the use of public networks and open source, do we really believe all this will end ‘happily ever after’, I for one think not. ;-(

    The problem however is who cares??? If States are content to support development of cyber warfare tools, are they going to stop themselves or will we have to wait for a disaster to happen before it becomes accepted wisdom that society needs to be protected. The parallel here is nuclear warfare development from 1945.

    I have argued for some time past that we are heading for a potential cyber winter where major disruption can be effected by unscrupulous operators. So why did the USA reserve the right last year to go to war, in effect it has declared cyber as the “fourth jurisdiction”, it “get’s it”, cyber is a potential weapon of mass destruction. So where is the cavalry, who are the good guys??? I hear nothing from anyone but Eugene. Let’s get real, we are all at risk here, including Eugene’s croissant. Speak up before it is too late!!

    1
    Reply to conversation
Trackbacks 6

On The Flight Path. | Nota Bene

Read track

Worse than Cheese: Scary Scenarios Causing Nightmares Now – the Five Main Issues of IT Security. | Nota Bene

Read track

Più fastidioso dell’odore del gorgonzola: Gli scenari pericolosi possono provocare degli incubi. I Cinque Principali Casi di Sicurezza Informatica. | Nota Bene

Read track

Cenários assustadores que dão pesadelos – os 5 principais problemas da segurança TI | Nota Bene

Read track

Casos e Historias de Miedo que Causan Pesadillas – las Cinco Cuestiones Principales de la Seguridad IT | Nota Bene

Read track

一周网络负面新闻-2014年7月26日 | Nota Bene | Eugene Kaspersky Official Blog China

Read track
Leave a note
Facebook

April 17, 2024

1500km on the R504: devilish cold; snow, ice and hoar.

There are many different kinds of roads and highways. There are straight and there are winding; there are smooth and there are bumpy; there are fast-moving and there are snail’s pace; there are ordinary and there are beautiful (rather: ordinary, pretty, beautiful, and mind-blowing). There are plenty of beautiful roads around the world – most […]

April 16, 2024

Water, outside, not frozen – below -40°C. How?!

Our friend, the Far North – even in winter (and up there, in northern Yakutia, even March is winter). The extended winter of the North is a kingdom of eternal snow and ice, extreme cold, and endless white expanses. All the same – and you won’t believe this – you can find H2O in liquid form […]

April 12, 2024

You’ve heard of a road trip. But what about an ice-road trip?!

You’ve had your intro posts already; now, if there are no questions from the audience, I’ll proceed to my next tale from the Far Northern side, which could have been titled “Yakutian ice roads heading north from Kolyma Highway“. But first, I think – an explainer… What is an ice road? And what’s a winter […]

April 9, 2024

My friend, the North. Yakutsk-Tiksi-Yakutsk 2024.

Hi folks! Last week I completed quite possibly my most mind-blowingly awesome trip up to the Far North – from Yakutsk in a northeasterly direction and then further north to Russia’s northern coast. You’ve had a few intro-posts on the expedition already; now for a (slightly) deeper dive… My regular readers will know well how […]

April 4, 2024

Yakutian winter roads, photoshoots on frozen rivers, and 4×4 and other good fun.

Hi folks! You’ve had your aperitifs, finger-nibbles, and soup (one, two, and April 1); now for… a salad starter!… How long have we been road-tripping on Yakutian highways and winter roads? Oh – three weeks already! Time to be heading back home I guess… As usual for my expeditions, I’ve taken a ton of photos […]

April 2, 2024

Far-North Road-Trip 2024: onward – northward!

The internet connection here is really unstable – coming and going all day long. Just now it’s available though, so here’s my next mini-tranche of Siberian on-the-road/wilderness pics: These photos are of a winter road upon a frozen river. As you can see – sunny and cloudless: a beautiful day indeed. The internet’s disappeared again […]

More

Travel Vlog

You might also like…