Powerful "Flame" cyber weapon found in Middle East

[haydnguy]

Quote:

Security experts have discovered a new data-stealing virus dubbed "Flame" they say has lurked inside thousands of computers across the Middle East for as long as five years as part of a sophisticated cyber warfare campaign.

It is the most complex piece of malicious software discovered to date, said Kaspersky Lab security senior researcher Roel Schouwenberg, whose company discovered the virus. The results of the Lab's work were made available on Monday.

http://on.msnbc.com/L90WJc

[Quijote]

That really is a most remarkable coincidence. I believe I have been recently "flamed". I checked my bank account online today and saw a credit card deduction that I never authorized (for the sum of approx 400€). You can imagine the administrative hassle I have had today - 'phoning the bank to put a block on my credit card, a visit to the local police station to "porter plainte" for fraudulent use, etc., etc. My internet protection is not all that effective, then?

[periodinstrumentfan]

Or is it not that the entire system is itself 'deliberately flawed' ??? o_O

[Héctor]

Quote:

The Pentagon is turning to the private sector, universities and even computer-game companies as part of an ambitious effort to develop technologies to improve its cyberwarfare capabilities, launch effective attacks and withstand the likely retaliation.

The previously unreported effort, which its authors have dubbed Plan X, marks a new phase in the nation’s fledgling military operations in cyberspace, which have focused more on protecting the Defense Department’s computer systems than on disrupting or destroying those of enemies.

Plan X is a project of the Defense Advanced Research Projects Agency, a Pentagon division that focuses on experimental efforts and has a key role in harnessing computing power to help the military wage war more effectively.

“If they can do it, it’s a really big deal,” said Herbert S. Lin, a cybersecurity expert with the National Research Council of the National Academies. “If they achieve it, they’re talking about being able to dominate the digital battlefield just like they do the traditional battlefield.”

Cyberwarfare conjures images of smoking servers, downed electrical systems and exploding industrial plants, but military officials say cyberweapons are unlikely to be used on their own. Instead, they would support conventional attacks, by blinding an enemy to an impending airstrike, for example, or disabling a foe’s communications system during battle.

The five-year, $110 million research program will begin seeking proposals this summer. Among the goals will be the creation of an advanced map that details the entirety of cyberspace — a global domain that includestens of billions of computers and other devices — and updates itself continuously. Such a map would help commanders identify targets and disable them using computer code delivered through the Internet or other means.

Pentagon to Spread US Military Might to Cyberspace

[haydnguy]

Quote:

WASHINGTON — The Obama administration is warning American businesses about an unusually potent computer virus that infected Iran's oil industry even as suspicions persist that the United States is responsible for secretly creating and unleashing cyberweapons against foreign countries.

The government's dual roles of alerting U.S. companies about these threats and producing powerful software weapons and eavesdropping tools underscore the risks of an unintended, online boomerang.

http://www.cbsnews.com/8301-505245_1...d-of-cyberwar/

[Philidor]

It's easy to stop these viruses -- isolate key industrial computer systems (a) from the internet and (b) from portable drives, e.g. memory sticks. Follow that security protocol, threatening to shoot anyone found coming to work with a memory stick in their pocket and/or ensure there's physically nowhere to plug it in on industrial machines, and you're safe. The cyberwar nerds won't be able to infect your "closed" system unless they get a spy onto the premises who takes the back off a machine. You stop that by alarming the machines plus other security measures. Presumably the Iranians are learning about system security FAST!

[haydnguy]

Quote:

Computerworld - Microsoft on Sunday revoked several of its own digital certificates after discovering that the makers of the Flame super-cyber spy kit figured out a way to sign their malware with the company's digital "signature."

The weekend emergency update for all versions of Windows -- including the just-shipped Windows 8 Release Preview -- was unusual, perhaps hinting at the seriousness of the flaw.

http://www.computerworld.com/s/artic...r_Flame_hijack