Back in the late ’90s, the president of a prominent U.S. anti-virus company was approached by a delegation from India. Their request? Weapons-grade malware. In the same month, he was also approached by representatives from Pakistan with the same request. As he explains it: “Two nuclear armed nations with a common border and a history of armed conflict have only one interest. How can they surreptitiously disable the big red launch button of the other side to give themselves a momentary strategic advantage?” Of course AV companies do not create malware and they sent the supplicants packing.
- Software is being weaponized for the purpose of cyber attack. Flame was a reconnaissance tool in preparation for the deployment of Stuxnet which is responsible for destroying Iran’s ability to refine weapons grade uranium. Other than the few times benevolent hackers have released worms to clean up machines infected with crimeware, Stuxnet has largely been well received by the world community. Slowing down a rogue state’s attempt to join the nuclear club is generally perceived as a good thing.
- The sophistication of Flame represents a seismic shift in power for malware.On the face of it, Flame is no more than a Remote Access Trojan (RAT) that steals passwords, documents, and files and can also be directed to record audio and video. But when you dig deeper into this massive (24 Mbytes) package you find an unprecedented level of sophistication. It can use Bluetooth to spread. It encrypts everything. The most amazing feat of prestidigitation is Flame’s use of an MD5 collision to generate a fake Microsoft Update certificate by which it tricks target machines into thinking they are installing a trusted patch from Microsoft. One group of researchers estimates that the compute costs to calculate that collision, because it requires guessing the microsecond that the original certificate was created, at over $200K if run on Amazon’s cloud. With this level of sophistication and available funding, the anti-malware industry is going to be severely challenged. Future threats from nation states and cyber criminals will up the ante.
- The IT security industry is at a crossroad. For the first time ever, commercial entities in the security space find themselves detecting and blocking malware created by a friendly country, the United States. Microsoft had to issue an emergency update to change their digital certificates to so-far un-crackable SHA-1. This comes at a cost to them and their customers that could be considered a new cyber-tax on computer users. What are the consequences? Will AV and firewall vendors engage in research to predict and defend against new methodologies coming from the NSA? Will the U.S. government restrict these vendors from applying these defenses in the name of national security? Will future cyber weapons run amok causing untold damage?