Flame, the new Stuxnet

Guest

Flame, the new Stuxnet

Post by Guest » Mon May 28, 2012 8:39 pm

http://www.wired.com/threatlevel/2012/05/flame/

Interesting find, the cyber warfare has only begun

giedrius
Posts: 1310
Joined: Tue Jul 20, 2010 3:34 pm

RE: Flame, the new Stuxnet

Post by giedrius » Tue May 29, 2012 7:03 pm

I think this article is worth reading on the topic too : http://nakedsecurity.sophos.com/2012/05/29/flame-malware-the-biggest-the-baddest-a-little-perspective .
Flame is big news. But not because it is sophisticated - there are other sophisticated trojan kits. The fact that it managed to hide in the country that can not legally import windows and most antivirus products is not very surprising too. It is interesting because it looks like some governments work. Like Stuxnet or German wiretap trojan.

Guest

RE: Flame, the new Stuxnet

Post by Guest » Thu May 31, 2012 1:56 pm

It doesnt only look like it, it cant be anything else. No one else would have the resources and will to do something like this. And it has to be a big country, probably in the west. Not hard to guess which ones, eh? ;)

Guest

RE: Flame, the new Stuxnet

Post by Guest » Fri Jun 01, 2012 9:36 am

Another interesting read: http://www.nytimes.com/2012/06/01/world/middleeast/obama-ordered-wave-of-cyberattacks-against-iran.html?_r=3&hp

Confirms USA and Israel behind these things. A feat worthy of Nobel Peace prize? ;)

giedrius
Posts: 1310
Joined: Tue Jul 20, 2010 3:34 pm

RE: Flame, the new Stuxnet

Post by giedrius » Fri Jun 01, 2012 11:59 am

<quote user="omnia quaerite ac dubitate">
It doesnt only look like it, it cant be anything else. No one else would have the resources and will to do something like this. And it has to be a big country, probably in the west. Not hard to guess which ones, eh? ;)
[/quote]

It can be contractors, looking for IP to steal and later sell to governments or interested parties.

Project size does not mean it is way complex - big parts of Flame are coded in high level language (including LUA), which means it took less time to code than do everything in assembler / C. The downside? Code size. This might also mean that there weren't enough low level / assembler / C programmers available. Which was not the case with Duqu or Stuxnet.

Additionally, some code is shared or similar to other existing parasites (can't find blog post about this right now ).

Guest

RE: Flame, the new Stuxnet

Post by Guest » Fri Jun 01, 2012 9:46 pm

<quote user="giedrius">
It can be contractors, looking for IP to steal and later sell to governments or interested parties.

Project size does not mean it is way complex - big parts of Flame are coded in high level language (including LUA), which means it took less time to code than do everything in assembler / C. The downside? Code size. This might also mean that there weren't enough low level / assembler / C programmers available. Which was not the case with Duqu or Stuxnet.

Additionally, some code is shared or similar to other existing parasites (can't find blog post about this right now ).
[/quote]

Yes, it most likely is a defense contractor, but I'd say they have USA/Israel as the customer, I dont think they would do something like this by themselves (yet). Defense contractors are actually hiring malware writers right now by the hundreds, we could see an arms race of cyber weapons.

The people that did it had access to same exploits/tools as the makers of Stuxnet and DuQu which would indicate the same people behind these.

Its interesting that the USA has already stated that cyber attacks are to be considered as acts of war, and that they will retaliate with real world weapons against cyber attacks. This now means that USA is officially at war with Iran?

Also about the size, I dont think its a downside, as security people could (and maybe have) taken it as something completely different due to this, as it doesnt look like malware.

MysteryFCM
Posts: 4912
Joined: Mon Jul 14, 2008 4:47 pm

RE: Flame, the new Stuxnet

Post by MysteryFCM » Sat Jun 02, 2012 11:32 am

Worth noting chaps, whilst media says it's a US/Israel affair, there's no evidence to support that, so wouldn't take it as gospel.

NotBuyingIt
Posts: 6553
Joined: Fri Mar 11, 2011 6:21 pm

RE: Flame, the new Stuxnet

Post by NotBuyingIt » Sat Jun 02, 2012 5:00 pm

<quote user="mysteryfcm">
Worth noting chaps, whilst media says it's a US/Israel affair, there's no evidence to support that, so wouldn't take it as gospel.
[/quote]\

I agree. The software "bloat" reported in Flame does not necessarily prove that it is the product of some dysfunctional government bureaucracy.


Guest

RE: Flame, the new Stuxnet

Post by Guest » Thu Jun 07, 2012 6:50 am

<quote user="mysteryfcm">
Worth noting chaps, whilst media says it's a US/Israel affair, there's no evidence to support that, so wouldn't take it as gospel.
[/quote]

Now FBI is starting to investigate who leaked the Stuxnet information, I think its pretty clear whos behind these :P

alphacentauri
Posts: 3291
Joined: Mon Nov 02, 2009 12:52 pm

RE: Flame, the new Stuxnet

Post by alphacentauri » Thu Jun 07, 2012 11:13 am

I think the US government's official position is do whatever is necessary to dissuade Israel from sending bomber jets into neighboring countries to destroy their nuclear facilities the way it did to Iraq several years ago. Compared to the US invading Iraq to find nonexistent WMD's and ending up mired there for a decade, cyberwarfare is pretty tame.

Post Reply

Who is online

Users browsing this forum: No registered users and 4 guests