Computer Virus: U.S. Government linked to Data Mining



Big Brother is watching. No kidding. And the warning is coming from none other than Google, which says government spies may be spying on you. Some believe the Google announcement may be related to the recent discovery of the data-mining virus named "Flame." In a June 3 New York Times article, Andrew Kramer and Nicole Perlroth write 1:

"When Eugene Kaspersky, the founder of Europe's largest antivirus company, discovered the Flame virus that is afflicting computers in Iran and the Middle East, he recognized it as a technologically sophisticated virus that only a government could create.

He also recognized that the virus, which he compares to the Stuxnet virus built by programmers employed by the United States and Israel, adds weight to his warnings of the grave dangers posed by governments that manufacture and release viruses on the internet.

"Cyberweapons are the most dangerous innovation of this century," he told a gathering of technology company executives... While the United States and Israel are using the weapons to slow the nuclear bomb-making abilities of Iran, they could also be used to disrupt power grids and financial systems or even wreak havoc with military defences."

Mr. Kaspersky claims he was called in to investigate the new virus on behalf of the International Telecommunication Union, an agency of the United Nations. The virus was allegedly erasing files on computers belonging to the Iranian oil ministry.

What makes the Flame virus a major potential concern for common citizens of the world is the fact that it's the first virus found with the ability to spread wirelessly by attaching itself to Bluetooth-enabled devices.

Once there, it can not only trace and steal information stored on those devices; according to Kramer and Perlroth the program also contains a "microbe" command that can activate any microphone within the device, record whatever is going on at the time—presumably whether you're actually using the device or not—and transmit audio files back to the attacker. This, clearly, has huge privacy implications were it to be deployed against civilian populations.

While cybersecurity experts initially claimed there were no links between the earlier Stuxnet worm and the Flame virus, a recent article on The Verge now reports that the two are undoubtedly related 2. Joshua Kopstein writes:

"[I]n examining an earlier version of Stuxnet, the lab's researchers now find that they were wrong: a previously overlooked module within the virus is now providing the "missing link" between the two pieces of malware. The module in question... matches very closely with a module used by an early version Flame. "It was actually so similar, that it made our automatic system classify it as Stuxnet," wrote Alexander Gostev... indicating that the module was likely the seed of both viruses. "We think it's actually possible to talk about a 'Flame' platform, and that this particular module was created based on its source code."

The new evidence suggests that Stuxnet and Flame are two sides of the same coin, with the former built for sabotage and the latter for surveillance. But researchers also say that the Flame platform pre-dated Stuxnet and its sister, Duqu, and was likely built in the Summer of 2008."

InformationWeek Security recently offered the following advice 3:"...

Microsoft has been working quickly to patch the certificate bug exploited by Flame. Notably, Microsoft released an update Friday [June 8] for Windows Server Update Services (WSUS) 3.0 Service Pack 2 (SP2), which according to the release notes "strengthens the WSUS communication channels ... [by] trusting only files that are issued by the Microsoft Update certification authority."

Microsoft is also set to issue an update Tuesday--as part of its monthly Patch Tuesday--that will further update all supported versions of Windows to block Flame. Security experts are recommending that all users install the update as soon as possible, since attackers will likely attempt to use the certificate vulnerability before it becomes widely patched. "Apply the certificate patch released a week ago today if you haven't done so already," said SANS Institute chief research officer Johannes B. Ullrich in a blog post. "This way, no patch signed by the bad certificate should be accepted tomorrow. Patch Tuesday is one of the best dates to launch such an attack, as you do expect patches anyway."

When installing the update, however, do so preferably only if using a trusted environment. "Avoid patches while 'on the road.' Apply them in your home [or] work network whenever possible," said Ullrich. "This doesn't eliminate the chance of a 'man in the middle' (MitM) attack, but it reduces the likelihood."

For users who must update while on the road, perhaps because they travel frequently, always use a VPN connection back to the corporate network, said Ullrich, since hotel networks can be malware and attack hotbeds. "Hotel networks and public hotspots frequently use badly configured HTTP proxies that can be compromised and many users expect bad SSL certificates--because of ongoing MitM attacks," he said."

In related news, Wired Magazine recently reported that the US government is building a massive spy centre, right in the heart of Mormon country, in Bluffdale, Utah 4--so massive, in fact, that once finished, the facility will be five times larger than the US Capitol.


Comments

There are 0 comments on this post

Leave A Comment