Powerful 'Flame' cyber weapon found in Iran

Connery · May 29, 2012

Khayembii Communique said:
LOL because length of code means anything at all. :roll:

Sorry, I just find these type of articles written by non-tech people hilarious. Maybe Wired will do an article on this.

Khayembii Communique said:
I don't even know wtf you think I'm arguing. Are you really just disputing my assertion that length of code doesn't mean anything? Really?

Yes I am.......

Here is an article written by the guy whose organization, Kaspersky Lab, found the Flame malware Alexander Gostev, Aleks has headed the Global Research and Analysis Team at Kaspersky Lab since 2008, and specializes in all aspects of information security, including mobile malware. His responsibilities include detecting and analyzing new malware.

Mr. Gostev's take on the length of code:

How sophisticated is Flame?

First of all, Flame is a huge package of modules comprising almost 20 MB in size when fully deployed. Because of this, it is an extremely difficult piece of malware to analyze. The reason why Flame is so big is because it includes many different libraries, such as for compression (zlib, libbz2, ppmd) and database manipulation (sqlite3), together with a Lua virtual machine.

Lua is a scripting (programming) language, which can very easily be extended and interfaced with C code. Many parts of Flame have high order logic written in Lua - with effective attack subroutines and libraries compiled from C++.

The effective Lua code part is rather small compared to the overall code. Our estimation of development ‘cost’ in Lua is over 3000 lines of code, which for an average developer should take about a month to create and debug.

Why is it called Flame? What is the origin of its name?

The Flame malware is a large attack toolkit made up of multiple modules. One of the main modules was named Flame - it’s the module responsible for attacking and infecting additional machines.

Why is the program several MBs of code? What functionality does it have that could make it so much larger than Stuxnet?

The large size of the malware is precisely why it wasn’t discovered for so long. In general, today’s malware is small and focused. It’s easier to hide a small file than a larger module. Additionally, over unreliable networks, downloading 100K has a much higher chance of being successful than downloading 6MB.

Flame’s modules together account for over 20MB. Much of these are libraries designed to handle SSL traffic, SSH connections, sniffing, attack, interception of communications and so on. Consider this: it took us several months to analyze the 500K code of Stuxnet. It will probably take year to fully understand the 20MB of code of Flame.

The Flame: Questions and Answers - Securelist

MoSurveyor · May 29, 2012

Paschendale said:
We need Richard Clarke on this. Actually, he's probably already on it. He's been talking about this kind of stuff for years. I hope the Pentagon listened to him enough to prepare some real cybersecurity for sensitive systems in this country.

He isn't the only one that's been preaching CyberSecurity. Most DC experts in that field have been preaching it for years. Always the question is whether or not anyone is listening.

MoSurveyor · May 29, 2012

Khayembii Communique said:
I don't even know wtf you think I'm arguing. Are you really just disputing my assertion that length of code doesn't mean anything? Really?

That's half of it. Sure a paradigm shift in programming happens every once in awhile but overall things are pretty much the same this year as last year. With something that's been hiding on these machines for a couple of years, yes, it's a big deal that the program is as big as it is - roughly 6MB (8?) for the main package not counting the modules. Even a college student can program better than that if this was just a Stuxnet (500KB) clone or something.

The other half is that, yes, 'common' reporters don't have much of a clue about the details - but it's still a quick source that something is up. If you don't want to completely trust the data in a quick story like this I don't blame you but every news item is a matter of what you get from it. I got a heads up that there was something newsworthy out there to research and did so. In the time it took you to type your first post you could have had two of the three links I posted. Instead, you chose to piss on what someone thought was newsworthy and was nice enough to share.

Connery · May 29, 2012

Khayembii Communique said:
Sorry, I just find these type of articles written by non-tech people hilarious. Maybe Wired will do an article on this.

MoSurveyor said:
The other half is that, yes, 'common' reporters don't have much of a clue about the details - but it's still a quick source that something is up. If you don't want to completely trust the data in a quick story like this I don't blame you but every news item is a matter of what you get from it. I got a heads up that there was something newsworthy out there to research and did so. In the time it took you to type your first post you could have had two of the three links I posted. Instead, you chose to piss on what someone thought was newsworthy and was nice enough to share.

Khayembii Communique has not yet adequately rebutted any of the information provided in this thread with anything but his opinion. He criticized the writer as a "non-tech" person, however, the information was provided by Kaspersky Lab senior researcher Roel Schouwenberg. The poster was here just to create a non issue out of nonsense.

Mya · May 29, 2012

Related to the OP and coming on the heels of the discovery this week of the 'Flame' virus which has been attacking computer systems in Iran, Syria and Saudi Arabia,two Cambridge experts have discovered a "back door" in a computer chip used in military systems and aircraft such as the Boeing 787 that could allow the chip to be taken over via the internet.

Hi-tech sabotage circa 2012 ?

Cyber-attack concerns raised over Boeing 787 chip's 'back door' | Technology | guardian.co.uk

Binary_Digit · May 30, 2012

I'm not a cyber security expert, but one of my CS courses taught us that no computer system can ever be 100% secure. The best you can do is obfuscate things so much (encryption, multiple gateways, etc.) that it *should* in practice be impossible for a hacker to reverse engineer their way in because of the complexity. But in theory if there's a front door (to allow for legitimate operations), it can always be exploited to create a back door.

vendur · May 30, 2012

I find the article highly misleading, particularly the title. They make it sound like Iran has some super weapon ready to strike, particularly for those who know little about computers, when in fact they have been struck with the super weapon themselves.

ric27 · May 30, 2012

vendur said:
I find the article highly misleading, particularly the title. They make it sound like Iran has some super weapon ready to strike, particularly for those who know little about computers, when in fact they have been struck with the super weapon themselves.

Correct. Completely misleading title...

the_recruit · May 30, 2012

Khayembii Communique said:
I don't even know wtf you think I'm arguing. Are you really just disputing my assertion that length of code doesn't mean anything? Really?

Here's two lines of code for you:

No one gives a ****.

Go read your wired article.

the_recruit · May 30, 2012

cpwill said:
I would argue that it is 'now'. As the world integrates and everything is digitized and then networked, this is warfare of the future. It doesn't matter if the enemy has an excellent IAD's network if you can broadcast a signal that causes every piece of hardware to fry itself.

I agree. This cyberwarfare stuff is fascinating and it seems like we're just starting to brush the surface of what's capable.

KevinKohler · May 30, 2012

No one is 100% secure. The thing is, software can be written by anyone, ANYONE, with a computer, and about 500 bucks worth of software. Give one clever person 10 years, and they will craft a program that no one has seen before, with subsets and modules that are simply not predictable, and therefor, impossible to be scanned for. Me saying I run Linux, is a paper tiger. If everyone ran linux, guess what? People would write malware for linux. Windows happens to be the OS of choice, and therefor, is the target of all these aggressive programs.

This is why we still use a paper ballet, why ATMS still offer printable receipts, and why, ultimately, if you truly want to be secure, you keep it in a file cabinet, and not a file on a computer.

Deuce · May 30, 2012

At the rate we're digitizing everything combined with the rate that we're advancing cyber warfare, Skynet wont even need to build laser-wielding robots to exterminate us...

Ontologuy · May 30, 2012

KevinKohler said:
And that's why I run linux.

Indeed, I've pretty much always thought that Microsoft's "communications ports are always open on PC architecture" concept worked well for Microsoft but contained a drop of poison for their customers.

I realize the technical challenge to open com. ports only to the functions requested by the user as presented by the window function the user is using at the moment ..

.. But a lot of this hacker crap could be eliminated otherwise ..

.. Unless it was a U.S. government "demand" that all ports be open all the time .. not that I'm paranoid or anything about those who control everything .. .. .. .

Opteron · May 30, 2012

Binary_Digit said:
I'm not a cyber security expert, but one of my CS courses taught us that no computer system can ever be 100% secure. The best you can do is obfuscate things so much (encryption, multiple gateways, etc.) that it *should* in practice be impossible for a hacker to reverse engineer their way in because of the complexity. But in theory if there's a front door (to allow for legitimate operations), it can always be exploited to create a back door.

Really? I thought systems were secure but were unsecure mainly because of human error and design flaws which could be exploited, but that a properly designed system should be secure at least in theory.

KevinKohler · May 30, 2012

Opteron said:
Really? I thought systems were secure but were unsecure mainly because of human error and design flaws which could be exploited, but that a properly designed system should be secure at least in theory.

No. Any system that is receiving information from the internet, or any other source, for that matter, is susceptible to attack. You are taking information from a host, every time you view a webpage, or text, that did not originate from YOUR computer. So, anything, ANYTHING, could come along with that information you are taking. Commonly refered to as "tape". You stick something else onto something you know others are going to download...and voila, virus/worm spread. Most viruses are simple, just a bit of code designating a very specific set of actions dependent on corresponding conditions...most notably, conditions preset by the desired operating system. In other words, windows OS systems do certain things, so you write a virus to activate when those certain things are done, and you write that virus to then do certain things, like copy itself into other known windows folders, etc. We call them viruses because, like a biological virus, they are "evolved" to only target one specific thing, like mammals, or...windows operating systems.

Opteron · May 30, 2012

KevinKohler said:
No. Any system that is receiving information from the internet, or any other source, for that matter, is susceptible to attack. You are taking information from a host, every time you view a webpage, or text, that did not originate from YOUR computer. So, anything, ANYTHING, could come along with that information you are taking. Commonly refered to as "tape". You stick something else onto something you know others are going to download...and voila, virus/worm spread. Most viruses are simple, just a bit of code designating a very specific set of actions dependent on corresponding conditions...most notably, conditions preset by the desired operating system. In other words, windows OS systems do certain things, so you write a virus to activate when those certain things are done, and you write that virus to then do certain things, like copy itself into other known windows folders, etc. We call them viruses because, like a biological virus, they are "evolved" to only target one specific thing, like mammals, or...windows operating systems.

No I know that if you run something that is not trusted on your computer, you could be susceptible to any virus or malware. But take a web server for example, if its properly patched and designed, it should be programmed to ignore unauthorized instructions barring that someone does not guess a password. The thing is that people exploit human errors and design flaws in the system to take it over, like say buffer overflow which can rewrite code instructions.

cpwill · Jun 1, 2012

Binary_Digit said:
I'm not a cyber security expert, but one of my CS courses taught us that no computer system can ever be 100% secure. The best you can do is obfuscate things so much (encryption, multiple gateways, etc.) that it *should* in practice be impossible for a hacker to reverse engineer their way in because of the complexity. But in theory if there's a front door (to allow for legitimate operations), it can always be exploited to create a back door.

make it a closed system, and then control physical access.

Binary_Digit · Jun 4, 2012

Opteron said:
No I know that if you run something that is not trusted on your computer, you could be susceptible to any virus or malware. But take a web server for example, if its properly patched and designed, it should be programmed to ignore unauthorized instructions barring that someone does not guess a password. The thing is that people exploit human errors and design flaws in the system to take it over, like say buffer overflow which can rewrite code instructions.

Usually viruses exploit vulnerabilities in the OS, before a web server app could know about it. I think they do things like send a message that Windows incorrectly interprets as a Remote Desktop or Messenger command to download some nasty file that starts it all off. Granted these can be turned off by sys admin, but some services can't because they're essential for Windows.

cpwill said:
make it a closed system, and then control physical access.

They do, with routers, switches, hardware firewalls, etc. But if they have to allow legitimate traffic, then there has to be a physical path (hard wire or wireless) and in theory that can be exploited. The only way to be totally sure is to remove the physical path altogether so that it stays a closed system.

E-M · Jun 5, 2012

I'm not a tech expert, but does anybody know why everyone is insisting this is probably the work of a government instead of a private group of hackers? I know groups like Anonymous haven't done anything nearly this complex in the past, but they usually seem to be a step ahead of the government, and at the very least not a step behind. Does anyone have the knowledge to explain why history suggests governments are more responsible for massive viruses like this.

My first inclination here is that this could be another sign of the fall of nation-states as the undisputed primary hubs of power in the world. Pure manpower is meaning less and less over time. The first sign of this is that it took a private laboratory to discover the virus (well, I guess I'm assuming a government didn't discover it and stay quiet for whatever reason). Kaspersky is not only not part of a government, its not even from the area most exposed by the virus.

These are still only the first baby steps into the new era of the internet. We won't be able to think about this in the terms of the past few centuries. Culture, economics, and politics stand to be radically changed in ways impossible for us to foresee and even understand (at least any time soon).

Powerful 'Flame' cyber weapon found in Iran

Connery

MoSurveyor

MoSurveyor

Connery

Mya

Binary_Digit

vendur

ric27

the_recruit

the_recruit

KevinKohler

Deuce

Outer space potato man

Ontologuy

Opteron

Well-known member

KevinKohler

Opteron

Well-known member

cpwill

Binary_Digit

E-M

Member