The Flame virus, whose existence was announced several weeks ago by Eugene Kaspersky, is not just any old virus. It’s so sophisticated that it represents a new level of cyber threat, one that could be “the beginning of the end of the [interconnected] world as we know it,” Kaspersky said at a press conference Wednesday. “I have nightmares about it.”
Information security expert Kaspersky, whose team of researchers uncovered Flame’s existence, was a featured speaker at Wednesday’s second annual cyber-security conference sponsored by the Tel Aviv University’s Yuval Ne’eman Workshop for Science, Technology and Security. The conference comes at a time when interest in cybersecurity is at a peak, as a result of speculation about who was behind the Flame attack and the earlier Stuxnet virus attack that is thought to have damaged, or at least delayed, progress by Iran on its nuclear program.
Also speaking at the conference were a host of top security and government officials, including Defense Minister Ehud Barak, Israel Space Agency chairman Yitzhak Ben-Yisrael, former Shin Bet director Yuval Diskin, and others.
While many companies — including Kaspersky’s — advertise sundry solutions for computer viruses and Trojans, they won’t help when it comes to Flame and other still undiscovered viruses of similar or even greater strength that are likely out there, he said. “Right now we have no way to defend against these global attacks.”
The term “cyber-war” is used by many to describe the situation, but that term — which implies that there are two equal, known enemies duking it out — is outmoded, he said. “With today’s attacks, you are clueless about who did it or when they will strike again. It’s not cyber-war, but cyberterrorism.”
Flame, which has stealthily stolen large chunks of data during the months or perhaps years it has been on the loose, is especially scary because of its many sophisticated tools, said Kaspersky. Besides being able to quickly replicate itself on networks and break up data into very small segments, making it almost impossible to trace as it is sent onwards, the virus has many unique features. “It can of course be spread very quickly via a disk-on-key, when one is plugged into a network,” but in addition, it can use bluetooth, wifi, and other communications protocols to propagate, he said.
The Russian-born Kaspersky, 46, whose company is the world’s largest privately held vendor of software security products, described the process by which his team discovered Flame, saying that he got interested in the matter when he heard that Iran had actually accused his company of designing the attack tool. “We thought that maybe our internal system was compromised, so we conducted a thorough investigation.”
It was this investigation, which entailed contacts with IT personnel in Iran itself, that yielded the data on Flame. “Dealing with what we discovered was too big a job for a company,” so Kaspersky took what he knew to the UN’s International Telecommunications Union, which was just as shocked as he was. “We worked out an arrangement where we would gather the data, and they would take care of the other issues.”
Data-gathering is a technical issue, not a political one, Kaspersky said, so he could not speculate on who invented Flame, or why. But anyone and everyone is a suspect. “There are many countries with hackers and experts who are sophisticated enough to pull something like this off.”
The US, Israel, China, and Russia are on that list, but so is Romania, “which has many talented hackers.”
But even countries without a staff of their own could kidnap the scientists they need or hire “hacktivists” to do their dirty work, and there is no shortage of willing and capable people, Kaspersky said.
Still, any country thinking of stockpiling cyber-weapons of these magnitudes should think twice, Kaspersky said, as they have a way of getting out of control.
“It’s like biological weapons; when you set one off in one place, it affects many others.” Cyber-weapons of the magnitude of Flame are just as destructive. “The world is just so interconnected today, and the viruses that attack one power plant puts them all at risk,” Kaspersky said.
Governments must work together to, for example, order a complete rewrite of software for essential systems to protect them against attacks — “there are still many systems out there using MS-DOS,” Kaspersky said — to agreeing to pool information and act jointly when an attack occurs.
The alternative, Kaspersky said, is a world in which cyberterrorists have a free hand – something like the world in the movie Die Hard 4 (also known as Live Free or Die Hard). That movie’s plot involves hackers causing blackouts, blowing up government buildings, and trying to shut down America’s computer system.
“We at Kaspersky Labs have been aware for a long time that such a scenario was possible, but until that movie came out in 2007, we forbade anyone inside the organization from using the term ‘cyber-terrorist.’ Now that the cat is out of the bag, we routinely use that word to describe what is going on.”
He, and other researchers like him, are hard at work coming up with the solutions as the problems arise. What’s at stake, he said, is nothing less “than life as we know it today. Let’s hope and pray we can keep the cyber world safe for our kids and grandkids.”