Yesterday, Kapersky Labs broke news of Flame, cybersecurity malware that is described as the most sophisticated and complicated cyber code researchers have yet seen. The code is capable of sniffing information sent to and from a computer, capturing screen shots, recording keystrokes, turning on microphones, using Bluetooth for transmission and erasing data, among other things. It uses encryption and compression. Also known as “sKyWIper” and “Flamer,” the malware is 20 megabytes -- more than 20 times bigger that Stuxnet and targets Windows-based machines.
Flame apparently has been floating around the Internet since possibly 2007 and has been detected on systems in Iran, Israel, Palestine, Sudan, Syria, Lebanon, Saudi Arabia, Egypt, Austria, Russia, Hong Kong, and the UAE. The list continues to grow. As such, there is some debate about whether we are looking at the next biggest threat since Stuxnet or a dated technology that has waited for the right moment to spy upon certain parts of the world.
Regardless of the debate, what is clear is that the code was likely written by a group of individuals with the means and methods to develop a multi-faceted, sophisticated tool that appears to target nations other than those in North America or Europe.
This was not a program that popped up overnight. Whoever created it obviously had espionage on their minds, as well as more devious plans if the program can indeed wipe data from servers.
Flame, coupled with Stuxnet and DuQu, may represent the future of cyberwarfare and cyberintelligence efforts. If the assertions of some that Flame was sleeper malware that gained the trust of systems to counter cybersecurity efforts within companies, educational institutions, and government systems, then the need to address cybersecurity comprehensively is even greater than imagined. This need, however, is not going to be met only by legislation that Congress passes or strategies that the Administration may issue. It will require international cooperation and some common global rules of engagement. Otherwise, NGOs, companies, and educational institutions increasingly will find themselves fighting cyber battles that go far beyond the spam and theft of PII and IP information that consumes the majority of existing efforts. And nations will be left scrambling to defend against threats that know no borders and whose intent and capabilities are not easily known.
Flame could very well be a defining moment in the cybersecurity timeline. It will likely not be the last.