Government Technology

Flame Virus, a Controlled Burn?

Don't Play With Fire

May 31, 2012 By

In Florida I have a friend who is a park ranger who does controlled burns in hope of curtailing any large park brush fires.  This may be similar to how the new virus Flame is being used. Like any controlled burn, however, there are risks of the fire getting out of control.

We need to come to a consensus on cyberwar. It has officially started and the weapons are improving. The new computer virus nicknamed Flame, also known as Flamer, sKyWIper and Skywiper and Stuxnet 20, is many times worse than its predecessors. It has the capability of specifically attacking its targets and evading detection.

Based on its predecessors Stuxnet and Duqu, Flame can spread to other systems over a local area network (LAN) or via USB stick. It can record audio, screenshots, keyboard activity and network traffic. The program also records Skype conversations and can turn infected computers into Bluetooth beacons which attempt to download contact information from nearby Bluetooth-enabled devices.

These data, along with locally stored documents, are sent on to one of several command and control servers that are scattered around the world. The program then awaits further instructions from these servers.

Taking away the sociological and political ideologies of whose side we are on in cyberwar, the recent cyber attacks demonstrate the current vulnerability of our legacy security solutions. What Flame is doing in targeted Middle East attacks can be done in other countries, even the ones releasing the attack. There is a first response advantage but the technical nature of computer virus propagation could leak the virus to unintended areas as did Stuxnet. Playing with these vulnerabilities is like playing with fire.  

In a recent conference in Orlando Florida, UTC Telecom 2012, the consensus of those who were somewhat involved in cyber security was that there clearly is no 100 percent capability of securing even our critical infrastructure. This concern was further emphasized when keynote speaker Mark Weatherford, deputy undersecretary for cybersecurity for the National Protection and Programs Directorate (NPPD) at the Department of Homeland Security, asked who felt competent in knowledge of cyber security. One or two hands went up out of 500 in the audience. Weatherford responded by saying we need to prepare our workforce and find talent "to prepare the next generation for cybersecurity. Gaps in talent means gaps in security."

Even the Department of Defense is recognizing the need for forging private-industry partnerships on cybersecurity. This makes sense when the Internet and much of the experience behind it will be found in the private sector. There is a clear issue though, for those who have pursued DOD cyber security jobs or partnerships. That issue is secret and top secret clearance.  There needs to be a better way to address needed background checks than the current clearance procedures.

A person with secret or top secret clearance may have little experience in cyber security or tremendous experience in cyber security but no ability to quickly and economically obtain secret or top secret clearance.

We are faced with some tough decisions as they relate to cyber security with few if any quick decisions. With a limited cyber security workforce and clear cyber security vulnerabilities it seems time to look for new security solutions rather than playing with the appropriately named Flame virus. We can’t continue to patch cyber security while thinking we can manipulate these vulnerabilities in targeted cyber attacks. This could and has already backfired.  We have to minimally overlay new security protection or wipe the slate clean and look for new ways of addressing cyber security or this controlled Flame may get out of control.

Larry Karisny is the director of Project, a smart-grid security consultant, writer and industry speaker focusing on security solutions for the smart grid and critical infrastructure.

| More


Sihoko    |    Commented June 2, 2012

Two remarks: I believe we can only speak of cyberwar when there is a formal declaration of war. Cyber attacks that steal information or damage property should be considered as a criminal act without such a declaration, and those responsible should consequently be prosecuted for these actions. This article seems to suggest that an attack on ME countries is different from an attack on "western countries". I believe this suggestion is a mistake. If the Stuxnet, Duqu, Flame malware is developed by western nation states, as often suggested, than these nations make a big mistake because it creates a breach of trust. Trust that is the base for the delivery of equipment for these countries NCI. NCI that is essential for the world's energy supply.

Larry Karisny    |    Commented June 2, 2012

Sihoko. The "We" I referred to were Cyber Security Professionals not a particular Nation State or Hemisphere. As you see by my linked Budapest University of Technology and Economics reference in the article, cyber security and its potential breaches are a global issue. Thank you for your comment.

Sihoko    |    Commented June 3, 2012

Larry thanks for clarifying this point. I am missing a bit the protest of the security community. Malware such as stuxnet, duqu, and flame seem to have a definite nation state mark. And I don't think they contribute to our safety and security. But apart from widespread admiration on the complexity of this malware everyone seems to accept it can't be stopped. If this malware originates from a nation state out of the democratic hemisphere, it can be stopped and we should do so.

Add Your Comment

You are solely responsible for the content of your comments. We reserve the right to remove comments that are considered profane, vulgar, obscene, factually inaccurate, off-topic, or considered a personal attack.

In Our Library

White Papers | Exclusives Reports | Webinar Archives | Best Practices and Case Studies
McAfee Enterprise Security Manager and Threat Intelligence Exchange
As a part of the Intel® Security product offering, McAfee® Enterprise Security Manager and McAfee Threat Intelligence Exchange work together to provide organizations with exactly what they need to fight advanced threats. You get the situational awareness, actionable intelligence, and instantaneous speed to immediately identify, respond to, and proactively neutralize threats in just milliseconds.
Better security. Better government.
Powering security at all levels of government with simpler, more connected IT.
Cybersecurity in an "All-IP World" Are You Prepared?
In a recent survey conducted by Public CIO, over 125 respondents shared how they protect their environments from cyber threats and the challenges they see in an all-IP world. Read how your cybersecurity strategies and attitudes compare with your peers.
View All

Featured Papers