Channels

Photo: Shutterstock
(Illustration)
Photo: Shutterstock

Know thy cyber-weapon

Is the age of the cyber arms race really here? As talk about Stuxnet, Duqu and Flame dominate the airwaves cyber-security expert explains that not all malware is cut from the same code

Years ago, in the age of Windows 95, a professor of mine said that the Windows platform is much like a virus: It uses up all system resources, it kills your hard drive and with repeating crashes and mandatory "restarts" it creates DOS – Denial of Service.

 

In a way, the recent malware attacks on Iran are not that different; but as they spiral into expert statements about a raging cyber-war and the beginning of a seemingly endless cyber-arms race – and without delving into the ethical scope of just how devastating a cyber-bomb should be allowed to become – another, more simple question arises.

 

Related stories:

 

If the now infamous Duqu, Stuxnet, and Flame viruses were essentially designed to do the same thing – paralyze high-grade computer systems, mainly in Iran and mostly those connected to its nuclear program, what is the difference between them?

 

Unlike traditional malware, which for itself is designed to leave general mayhem in its wake, these worms targeted specific regions, countries and facilities, making them extremely effective while keeping a low profile until it was too late.

 

All three viruses wreaked havoc on Iranian computers: Stuxnet – according to US sources – infected over 1,000 systems with direct impact on the Islamic Republic's nuclear program; Duqu chewed through major protection measures and created what Iranian scientists reluctantly admitted were 'back door vulnerabilities' with devastating potential; and Flame, by Tehran's own admission, corrupted mass amounts of data.

 

Flame is also rumored to have rammed through 43 different firewalls and anti-virus programs aiming to protect Tehran's super-sensitive systems, earning it the title of the "most powerful cyber-weapon to date."

 

For more on the raging cyber war click here  

 

All three were introduced through USB flash-drives, but while Stuxnet registered at 500KB, Flame was 20MB.

 

Perfect aim

Another difference lies with the three's "mission statement": Stuxnet was designed to attack industrial control systems and specifically calibrated to hit those controlling Iran's centrifuges. Duqu was a reconnaissance virus, meant to copy blueprints pretaining to Iran’s nuclear program; and Flame was meant to both gather intelligence and take over operation systems such as audio and video recording features, and monitor emails and instant messaging chats. 

 

What sets these viruses apart is the level of their sophistication and complexity, which sets them years ahead of what we are used to facing.

 

Taking into account the man-hours it took to create such cyber-weapons, the vast resources required are far more than civilian hacker groups are capable of; leaving little doubt that at least one government was behind their development.

 

Regardless of any actual admission – which is highly unlikely to happen – western defense officials and cyber experts agree that for all intents and purposes, governments have officially begun launching full scale cyber-attacks against their enemies.

 

Cyber-offensives, and even cyber-terror, are no longer the sole domain of anonymous hackers, but have become a new form of thwarting and imposing political and military agendas.

 

Assaf Turner is an information and physical security expert and the CEO of Maya Security

 

 

 

  • Receive Ynetnews updates directly to your desktop

 


פרסום ראשון: 06.05.12, 19:24
 new comment
Warning:
This will delete your current comment