"Flame" and other computer viruses

This too shall pass.
AzariLoveIran

"Flame" and other computer viruses

Post by AzariLoveIran »

.

Flame-Infection-Map_Kaspersky-660x429.jpg
Flame-Infection-Map_Kaspersky-660x429.jpg (42.73 KiB) Viewed 1605 times


New virus hints at state sponsored programmers


.

The complexity of the latest 'Flame' virus bears the hallmarks of a program engineered by a state, a number of Israeli computer experts believe.

[..]


"This is not a couple of hackers who sat in a basement," one expert said. "This is a large, organized system. It is possible that years were invested in creating it."

A second analyst said that viruses at this level of sophistication require major capabilities and knowledge of code development, noting that "these are available only to states. And that's without mentioning a motive for developing [such a program]."

The experts believe that a good computer hacker can put together a complex code made up of thousands of lines, but that when hundreds of thousands of lines or more are involved, a major organization was far more likely to be involved.

According to reports, Flame has 100 times more code as a virus designed to steal financial data.

Yet it is not just the size of the code that provides a hint, but also, the knowledge encrypted in the virus on its target.

The Stuxnet virus, for example, was more than a complex code; it had detailed knowledge on the Siemens supervisory control and data acquisition (SCADA) systems, used by Iran to enrich uranium through spinning centrifuges.

It was this sort of inside knowledge on the systems that are targeted which provide a hint regarding the type of programmers involved, the experts argued.

"Even the best hacker can't write a code that specifically targets control equipment," said one specialist. "This isn't a person sitting in a basement."

.

.
Demon of Undoing
Posts: 1764
Joined: Wed Jan 04, 2012 8:14 pm

Re: "Flame"

Post by Demon of Undoing »

Assume anything transmitted electronically is compromised.


On a side note, am I not correct in understanding this thing to be frighteningly close to a purpose dedicated AI of frightening capability?
Hoosiernorm
Posts: 2206
Joined: Fri Dec 16, 2011 7:59 pm

Re: "Flame"

Post by Hoosiernorm »

z5rRZdiu1UE
Been busy doing stuff
Hoosiernorm
Posts: 2206
Joined: Fri Dec 16, 2011 7:59 pm

Re: "Flame"

Post by Hoosiernorm »

Hope it's better that Duqu. That was only used to assign targeting information to Mossad on high level assets working on the nuclear program that needed to be liquidated. Maybe this one will use Iranian oil money to purchase Greek debt and bundle it into a financial instrument that they sell to Egypt as a currency hedge.
Been busy doing stuff
AzariLoveIran

Re: "Flame"

Post by AzariLoveIran »

.


Netanyahu deputy hints at Israeli involvement in Iran cyberattack


.

In Israel's first official comment on Flame worm, which was revealed on Monday to have infected computers in Iran and various Arab countries, Vice PM Ya'alon says such steps 'reasonable' in face of Iranian threat.

"Anyone who sees the Iranian threat as a significant threat – it's reasonable [to assume] that he will take various steps, including these, to harm it," Ya’alon said Tuesday morning in an interview with Army Radio.

"Israel was blessed as being a country rich with high-tech, these tools that we take pride in open up all kinds of opportunities for us," he added.

According to experts at internet security company Kaspersky who first detected the virus, Flame was most likely created by a state actor, and is capable of transferring files, screenshots, audio recordings and keystrokes from infected computers.

.

Assassination of Iranian Scientist .. and now this

Zionist provoking Iran to lash out

Iran has not reciprocated, yet

Iran's strategy is to di-legitimize Zionist .. almost there

but

Don't be fooled

reaction will come

now not the right time,

but

2nd shoe will drop @ the right time


.
User avatar
monster_gardener
Posts: 5334
Joined: Fri Dec 23, 2011 12:36 am
Location: Trolla. Land of upside down trees and tomatos........

Big Talk, Big Sticks, Battle Plan Survivability..

Post by monster_gardener »

AzariLoveIran wrote:.


Netanyahu deputy hints at Israeli involvement in Iran cyberattack


.

In Israel's first official comment on Flame worm, which was revealed on Monday to have infected computers in Iran and various Arab countries, Vice PM Ya'alon says such steps 'reasonable' in face of Iranian threat.

"Anyone who sees the Iranian threat as a significant threat – it's reasonable [to assume] that he will take various steps, including these, to harm it," Ya’alon said Tuesday morning in an interview with Army Radio.

"Israel was blessed as being a country rich with high-tech, these tools that we take pride in open up all kinds of opportunities for us," he added.

According to experts at internet security company Kaspersky who first detected the virus, Flame was most likely created by a state actor, and is capable of transferring files, screenshots, audio recordings and keystrokes from infected computers.

.

Assassination of Iranian Scientist .. and now this

Zionist provoking Iran to lash out

Iran has not reciprocated, yet

Iran's strategy is to di-legitimize Zionist .. almost there

but

Don't be fooled

reaction will come

now not the right time,

but

2nd shoe will drop @ the right time


.

Thank you Very Much for your post, Azari.

Remembering Pres. Theodore Roosevelt when he quoted an African proverb: "Speak softly but carry a big stick"

Iran has been building big sticks of various sorts (Hezbollah Missiles, Nukes......) BUT it has been loudly trash talking for a loooong time..........

We Uz have big sticks too AND unfortunately some big mouthed Trash Talkers........ Notably Pres. George W.W. * Bush............

The Iz have big sticks but also talk too much...........

Sounds like a formula for a fracas of big sticks...... :shock: :(

Remembering in particular the American Civil War and WWI and how some people thought that it would be quick and painless........ at least for them :roll:

Didn't work out that way........

No Battle Plan Survives Contact with the Enemy............

*Woodrow Wilson"
For the love of G_d, consider you & I may be mistaken.
Orion Must Rise: Killer Space Rocks Coming Our way
The Best Laid Plans of Men, Monkeys & Pigs Oft Go Awry
Woe to those who long for the Day of the Lord, for It is Darkness, Not Light
User avatar
Typhoon
Posts: 27267
Joined: Mon Dec 12, 2011 6:42 pm
Location: 関西

Re: "Flame"

Post by Typhoon »

Hoosiernorm wrote:Hope it's better that Duqu. That was only used to assign targeting information to Mossad on high level assets working on the nuclear program that needed to be liquidated. Maybe this one will use Iranian oil money to purchase Greek debt and bundle it into a financial instrument that they sell to Egypt as a currency hedge.
Very good.
May the gods preserve and defend me from self-righteous altruists; I can defend myself from my enemies and my friends.
User avatar
Typhoon
Posts: 27267
Joined: Mon Dec 12, 2011 6:42 pm
Location: 関西

Re: "Flame"

Post by Typhoon »

More on "Flame".

Wired | Meet ‘Flame,’ The Massive Spy Malware Infiltrating Iranian Computers
A massive, highly sophisticated piece of malware has been newly found infecting systems in Iran and elsewhere and is believed to be part of a well-coordinated, ongoing, state-run cyberespionage operation.

The malware, discovered by Russia-based antivirus firm Kaspersky Lab, is an espionage toolkit that has been infecting targeted systems in Iran, Lebanon, Syria, Sudan, the Israeli Occupied Territories and other countries in the Middle East and North Africa for at least two years.
May the gods preserve and defend me from self-righteous altruists; I can defend myself from my enemies and my friends.
AzariLoveIran

Re: "Flame"

Post by AzariLoveIran »

.


CSM - Russian Internet security firm Kaspersy Labs says the complexity and targets of the virus – which is infecting computers in Iran and elsewhere in the Middle East – imply its creator is a government.


.

The new supervirus, which Kaspersky discovered and named "Flame," is one of the most complex items of malicious software ever conceived – many times more sophisticated than the notorious Stuxnet worm – and could well be a purposeful "cyberweapon" directed against Iran, the firm said in a statement late yesterday.

Flame is "actively being used as a cyberweapon attacking entities in several countries," Kaspersky said in a statement. It is "one of the most advanced and complete attack-toolkits ever discovered.… The complexity and functionality of the newly discovered malicious program exceed those of all other cyber menaces known to date."

According to Kaspersky, the majority of infected computers are in Iran, followed by the Palestinian territories, Lebanon, Saudi Arabia, and Egypt. It said the virus has probably been active for at least two years, but has not been detected until now due to its "extreme complexity."

.
.

"We can clean this virus now, but we are still analyzing and discovering what it's capable of," says Vitaly Kamluk, chief malware expert at Kaspersky. "It took years to detect and understand Duqu and Stuxnet. These were highly profesional tools that evaded us for a long time. Flame is the newest, but there's no doubt that worse things may be out there. You can count on it."

.


.
User avatar
Zack Morris
Posts: 2837
Joined: Mon Dec 26, 2011 8:52 am
Location: Bayside High School

Re: "Flame"

Post by Zack Morris »

Demon of Undoing wrote: On a side note, am I not correct in understanding this thing to be frighteningly close to a purpose dedicated AI of frightening capability?
No, you can rest safe (for now). None of the suspected cyber-weapons employ anything remotely resembling artificial intelligence. They are in fact the exact opposite: remotely-driven trojan horses that send data to servers and await specific instructions. In the case of Flame, the servers can apparently send new modules of code to the virus (think 'Automatic Update') to add new functionality or carry out more specific tasks.

These are just fancier, stealthier versions of remote desktop software.

The use of AI would be impractical except perhaps in identifying whether a host computer is valuable or other such very specific tasks. Viruses are ultimately at the mercy of the software environment that runs them and have to exploit very specific vulnerabilities. Therefore, there's not much that can be done to make them adaptive and 'learn' new ways of propagating themselves in an automated way. Once the vulnerability is patched and eliminated, viral code cannot even run let alone adapt or evolve.
User avatar
Enki
Posts: 5052
Joined: Thu Dec 22, 2011 6:04 pm

Re: "Flame"

Post by Enki »

Demon of Undoing wrote:Assume anything transmitted electronically is compromised.


On a side note, am I not correct in understanding this thing to be frighteningly close to a purpose dedicated AI of frightening capability?
Stop trying to get the Singularity to watch Terminator 3.
Men often oppose a thing merely because they have had no agency in planning it, or because it may have been planned by those whom they dislike.
-Alexander Hamilton
User avatar
Enki
Posts: 5052
Joined: Thu Dec 22, 2011 6:04 pm

Re: "Flame"

Post by Enki »

Zack Morris wrote:
Demon of Undoing wrote: On a side note, am I not correct in understanding this thing to be frighteningly close to a purpose dedicated AI of frightening capability?
No, you can rest safe (for now). None of the suspected cyber-weapons employ anything remotely resembling artificial intelligence. They are in fact the exact opposite: remotely-driven trojan horses that send data to servers and await specific instructions. In the case of Flame, the servers can apparently send new modules of code to the virus (think 'Automatic Update') to add new functionality or carry out more specific tasks.

These are just fancier, stealthier versions of remote desktop software.
Yes, but an AI that is in another location can massively increase its computing capacity by outsourcing computation to other machines.
The use of AI would be impractical except perhaps in identifying whether a host computer is valuable or other such very specific tasks. Viruses are ultimately at the mercy of the software environment that runs them and have to exploit very specific vulnerabilities. Therefore, there's not much that can be done to make them adaptive and 'learn' new ways of propagating themselves in an automated way. Once the vulnerability is patched and eliminated, viral code cannot even run let alone adapt or evolve.
It's only a matter of time.
Men often oppose a thing merely because they have had no agency in planning it, or because it may have been planned by those whom they dislike.
-Alexander Hamilton
User avatar
Enki
Posts: 5052
Joined: Thu Dec 22, 2011 6:04 pm

Re: "Flame"

Post by Enki »

http://www.metafilter.com/116371/Cyberw ... discovered
Revolutionary hardware backdoor discovered in China-made military-grade FPGA chips. Claims were made by the intelligence agencies around the world, from MI5, NSA and IARPA, that silicon chips could be infected. We developed breakthrough silicon chip scanning technology to investigate these claims. We chose an American military chip that is highly secure with sophisticated encryption standard, manufactured in China. Our aim was to perform advanced code breaking and to see if there were any unexpected features on the chip. We scanned the silicon chip in an affordable time and found a previously unknown backdoor inserted by the manufacturer. This backdoor has a key, which we were able to extract. If you use this key you can disable the chip or reprogram it at will, even if locked by the user with their own key. This particular chip is prevalent in many systems from weapons, nuclear power plants to public transport. In other words, this backdoor access could be turned into an advanced Stuxnet weapon to attack potentially millions of systems. The scale and range of possible attacks has huge implications for National Security and public infrastructure.
Men often oppose a thing merely because they have had no agency in planning it, or because it may have been planned by those whom they dislike.
-Alexander Hamilton
User avatar
Zack Morris
Posts: 2837
Joined: Mon Dec 26, 2011 8:52 am
Location: Bayside High School

Re: "Flame"

Post by Zack Morris »

Enki wrote:http://www.metafilter.com/116371/Cyberw ... discovered
Revolutionary hardware backdoor discovered in China-made military-grade FPGA chips. Claims were made by the intelligence agencies around the world, from MI5, NSA and IARPA, that silicon chips could be infected. We developed breakthrough silicon chip scanning technology to investigate these claims. We chose an American military chip that is highly secure with sophisticated encryption standard, manufactured in China. Our aim was to perform advanced code breaking and to see if there were any unexpected features on the chip. We scanned the silicon chip in an affordable time and found a previously unknown backdoor inserted by the manufacturer. This backdoor has a key, which we were able to extract. If you use this key you can disable the chip or reprogram it at will, even if locked by the user with their own key. This particular chip is prevalent in many systems from weapons, nuclear power plants to public transport. In other words, this backdoor access could be turned into an advanced Stuxnet weapon to attack potentially millions of systems. The scale and range of possible attacks has huge implications for National Security and public infrastructure.
There is too little information here. Not every chip in a computer system is visible or programmable by software. Is this really a 'backdoor' or is it some sort of a logic verification/update feature?
User avatar
Zack Morris
Posts: 2837
Joined: Mon Dec 26, 2011 8:52 am
Location: Bayside High School

Re: "Flame"

Post by Zack Morris »

Yup, as I suspected: debugging functionality. Industry standard stuff and not something that software can magically access.
AzariLoveIran

Re: "Flame"

Post by AzariLoveIran »

Zack Morris wrote:.

Yup, as I suspected : debugging functionality.

Industry standard stuff and not something that software can magically access.

.

Interesting


FPGA can be remotely reprogrammed

If US military uses Chinese made chips with backdoor, Field programmable Gate array (FPGA), maybe the Drone had such a chip and Iranians could reprogram the whole thing .. same thing could happen with cruise missiles and other stuff .. for that to happen, Chinese had to let know Iranians of such chip and the backdoor


.
User avatar
Zack Morris
Posts: 2837
Joined: Mon Dec 26, 2011 8:52 am
Location: Bayside High School

Re: "Flame"

Post by Zack Morris »

FPGAs are certainly meant to be re-programmable parts but in-system programming has to be explicitly designed in. If the programming pins aren't connected to the rest of the circuitry in such a way that software can access them (and this is often the case), then software cannot reprogram the FPGA. The in-system programming interface is often exposed as a hardware connector, requiring physical access to the device.

It's virtually impossible that the Iranians were able to upload malicious code to the drone let alone understand how its software and control circuitry work (this would require access to the detailed schematics and source code ahead of time, and would require the presence of exploitable vulnerabilities in the communications software).

The FPGA thing is totally overblown. Most of them are not accessible to software so putting in 'back doors' is pointless. I would be more concerned about larger computer components, like routers and switches manufactured by Huawei. Those could easily hide back doors for the PLA.
AzariLoveIran

Re: "Flame"

Post by AzariLoveIran »

.

Understand

but

that Drone was re-programmable .. all functions could be reprogrammed .. functionality was reprogrammable - that is always the case, a requirement

Those robots sent to Mars and space, same principle, everything on them, functionality and everything else, can, many times is, reprogrammed on the go

meaning

that drone was fully reprogrammable in all it's functionality

if a backdoor is included

well

If that would be the case, somebody, Russians, Chinese, or somebody in US, had to inform Iranians of that

re FPGA, one could use all pins, and, software would control the active pins .. so .. one can reprogram the FPGA on the go, anytime, with software .. that is probably how is done


.
User avatar
Zack Morris
Posts: 2837
Joined: Mon Dec 26, 2011 8:52 am
Location: Bayside High School

Re: "Flame"

Post by Zack Morris »

Drones accept commands but I don't know to what degree the system software is re-programmable in flight. It may be but I doubt it's ever done because it would require a reboot of the computers and thus would have to be done on the ground. I'm pretty sure that the Mars rovers shut down and stop communicating for a few tense minutes when their software is updated.

Just because this capability exists does not mean it is easy to exploit. The Iranians would need to have access to the drone source code (which likely consists of an operating system and all kinds of things sitting on top of it, spread across multiple computers). People who aren't engineers or software developers don't realize that code isn't some magical living entity that can run on any system and analyze its own environment. Code written for one type of computer will not work on another, even if they share the same CPU and therefore the same machine language. It just doesn't work the way it does in movies.

I recall reading that Iranians may have used a much simpler (but still brilliant) tactic: they interfered with the GPS signal or blasted the drone with a fake signal that confused it into thinking it was near to base. Presumably they also jammed communications. The drone then went into some sort of automatic landing or controlled descent procedure.
AzariLoveIran

Re: "Flame"

Post by AzariLoveIran »

Zack Morris wrote:.

Drones accept commands but I don't know to what degree the system software is re-programmable in flight. It may be but I doubt it's ever done because it would require a reboot of the computers and thus would have to be done on the ground. I'm pretty sure that the Mars rovers shut down and stop communicating for a few tense minutes when their software is updated.

Just because this capability exists does not mean it is easy to exploit. The Iranians would need to have access to the drone source code (which likely consists of an operating system and all kinds of things sitting on top of it, spread across multiple computers). People who aren't engineers or software developers don't realize that code isn't some magical living entity that can run on any system and analyze its own environment. Code written for one type of computer will not work on another, even if they share the same CPU and therefore the same machine language. It just doesn't work the way it does in movies.

I recall reading that Iranians may have used a much simpler (but still brilliant) tactic: they interfered with the GPS signal or blasted the drone with a fake signal that confused it into thinking it was near to base.

Presumably they also jammed communications. The drone then went into some sort of automatic landing or controlled descent procedure.

.

true

but

It was strange the Drone did not self destruct

for this to happen, the drone had to think is in friendly territory

no need to reprogram the whole thing, just reprogram to prevent self destruction

Base Drones operate from well known, if the Iranians could distort GPS signal Drone thinking is in friendly territory, that could prevent self destruction

Russians now think that Jet crash in Indonesia was American interference with on-board system (probably GPS signal), sabotaging Russian aviation .. the plane was just next to American Air Base .. seems GPS signal interference quite easy and done frequently .. if so, a lot of planes these days use GPS as primary navigation and landing instrument


.
Demon of Undoing
Posts: 1764
Joined: Wed Jan 04, 2012 8:14 pm

Re: "Flame"

Post by Demon of Undoing »

Stuxnet, unchained.

In 2011, the US government rolled out its "International Strategy for Cyberspace," which reminded us that "interconnected networks link nations more closely, so an attack on one nation’s networks may have impact far beyond its borders." An in-depth report today from the New York Times confirms the truth of that statement as it finally lays bare the history and development of the Stuxnet virus—and how it accidentally escaped from the Iranian nuclear facility that was its target.
AzariLoveIran

Re: "Flame"

Post by AzariLoveIran »

.


US has "most to lose"


United States also explicitly stated for the first time that it reserved the right to retaliate with military force against a cyber-attack.


this will be a much bigger mistake than Hiroshima & Nagasaki

America dropped 2 nuclear bombs on civilians .. and .. is engaged since 65 yrs to contain the damage of that stupidity .. result is .. more and more nations will have nuclear bomb and only G_D knows the outcome

and

now

America introduced malware into sabotaging other nation

well

malware cheap and getting cheaper

there will be catastrophic events in western countries due to malware

and ? ? ?

bomb whom ? ?

that was really stupid

Iran will get it's nuclear bomb, sooner or later .. what makes a difference 1 or 2 yrs later


.
AzariLoveIran

Re: "Flame"

Post by AzariLoveIran »

.


Cyberattack clouds US-Iran nuclear talks


.

However, Iranian anger over the attack has been tempered by the fact that Stuxnet largely failed in its efforts and the Iranian nuclear programme has quickly made up lost ground.

Although the new revelations come at a delicate time for the nuclear talks with Iran, which the Obama administration is keen to continue and would not want to see collapse in the middle of an election campaign, they could offer some domestic political upside. The fact that Mr Obama stepped up the Bush-era cyberwar programme will help counter Republican attacks that his administration has been too soft on Iran.

However, they complicate US efforts to criticise the cyber activities of other governments. In an unusually blunt report issued last year by US intelligence agencies, the Obama administration said that massive cyberespionage operations by China and Russia posed a “significant and growing threat” to US national security, yet other countries often view US complaints as hypocritical given its own cyber activities.

.


.
User avatar
Enki
Posts: 5052
Joined: Thu Dec 22, 2011 6:04 pm

Re: "Flame"

Post by Enki »

AzariLoveIran wrote:.


Cyberattack clouds US-Iran nuclear talks


.

However, Iranian anger over the attack has been tempered by the fact that Stuxnet largely failed in its efforts and the Iranian nuclear programme has quickly made up lost ground.

Although the new revelations come at a delicate time for the nuclear talks with Iran, which the Obama administration is keen to continue and would not want to see collapse in the middle of an election campaign, they could offer some domestic political upside. The fact that Mr Obama stepped up the Bush-era cyberwar programme will help counter Republican attacks that his administration has been too soft on Iran.

However, they complicate US efforts to criticise the cyber activities of other governments. In an unusually blunt report issued last year by US intelligence agencies, the Obama administration said that massive cyberespionage operations by China and Russia posed a “significant and growing threat” to US national security, yet other countries often view US complaints as hypocritical given its own cyber activities.

.


.
Heh, Obama's Presidency is shaking out like Jimmy Carter's in so many ways.
Men often oppose a thing merely because they have had no agency in planning it, or because it may have been planned by those whom they dislike.
-Alexander Hamilton
AzariLoveIran

Re: "Flame"

Post by AzariLoveIran »

Enki wrote:
AzariLoveIran wrote:.


Cyberattack clouds US-Iran nuclear talks


.

However, Iranian anger over the attack has been tempered by the fact that Stuxnet largely failed in its efforts and the Iranian nuclear programme has quickly made up lost ground.

Although the new revelations come at a delicate time for the nuclear talks with Iran, which the Obama administration is keen to continue and would not want to see collapse in the middle of an election campaign, they could offer some domestic political upside. The fact that Mr Obama stepped up the Bush-era cyberwar programme will help counter Republican attacks that his administration has been too soft on Iran.

However, they complicate US efforts to criticise the cyber activities of other governments. In an unusually blunt report issued last year by US intelligence agencies, the Obama administration said that massive cyberespionage operations by China and Russia posed a “significant and growing threat” to US national security, yet other countries often view US complaints as hypocritical given its own cyber activities.

.


.
Heh, Obama's Presidency is shaking out like Jimmy Carter's in so many ways.

.

Obama wasted a very special window, opportunity, to change the downhill pattern in American foreign policy

black, Islamic credential (for Muslims, father Muslim means son Muslim, for life), not from Anglo wasp club, social worker and and and .. had all the goodwill

he completely wasted that opportunity

now, ME, considers him worst than W.Bush

ME people not from African jungle that you can fool them by nice music or pleasantry

IMO, now, politically, America in worst shape than when W. left

Putin in driver seat, Iran leaving 20% for 90%, a civil war in Syria will engulf Israel, Afghanistan as good as lost .. Pakistan playing crazy (no transit for NATO) .. China clearly on collision course .. not only American, but European and world economy a cliffhanger

Obama had the goodwill of Muslims in ME .. instead .. he tried to fool Iran otherwise, and escalating killing by drone, not thinking those guys dime a dozen in that space, you will run out of missiles B4 they run out those chaps

yes, a wasted opportunity

Would have been better if McCain had won .. he would, head-on, jump into BingBang, and, by now things were done, one way or other


.
Last edited by AzariLoveIran on Sat Jun 02, 2012 2:42 pm, edited 1 time in total.
Post Reply