Sat June 2, 2012
'Flame' Sheds Light On Politics Of Cyberwarfare
Originally published on Sat June 2, 2012 12:51 pm
New information about computer viruses shows how countries may be lining up to fight a cyberwar. The New York Times reported that former President George W. Bush and President Obama both authorized computer attacks against Iran, culminating in the Stuxnet virus, which targeted Iranian nuclear facilities.
Meanwhile, a United Nations agency raised alarms about another virus, dubbed "Flame," which may also have been designed for use against Iran.
The Flame virus was highlighted in a cybersecurity alert issued by the International Telecommunication Union, or ITU. Marco Obiso, the ITU's cybersecurity coordinator, says his organization noticed some malicious software spreading around the Middle East and asked Eugene Kaspersky, a Russian security consultant, to have his lab study the malware.
"There was this indication that there was this malware that was wiping out information in the Middle East," Obiso says. "So we asked Kaspersky Lab to further investigate, and then they discovered the Flame."
The ITU alert said the discovery of the Flame virus underscores the need for global collaboration to tackle cybersecurity threats.
Clear enough, but some skeptics are taking a more conspiratorial view of this story. They cite several points:
- The ITU had never before issued a cybersecurity alert like this.
- As a U.N. agency, the ITU has often reflected the interests of Russia and China, its two most influential members; the ITU has never called attention to cyberthreats emanating from those two countries.
- The virus that got the ITU's attention, Flame, apparently targeted Iran, as Stuxnet also did. Suspicion immediately fell on the U.S. and Israel as the creators.
Kaspersky's analysis concluded Flame was created by a government, and he called it a highly sophisticated cyberweapon.
After studying descriptions of what the virus was said to do, cyber researcher Jeffrey Carr concluded that Kaspersky's analysis was, in Carr's words, "overblown," giving the Flame virus more attention than it warranted.
"Which, to me, lends credence to the possibility of this being politically motivated," Carr says.
One other point: Kaspersky, the ITU's main cybersecurity consultant, is himself close to the Russian government. He personally signed on to the ITU's cybersecurity alert on Flame. A U.S. security consultant anxious to be seen as politically independent might be reluctant to do that.
Carr, the author of Inside Cyber Warfare, says the Kaspersky endorsement highlighted the connection between Russia and the ITU.
"Kaspersky has been associated with Russian initiatives for years, and so it's not at all unusual coming from Russia," Carr says. "I don't know that we've ever seen such an endorsement here in the West."
A congressional hearing this week focused on the ITU and its ties to the Russian and Chinese governments. A senior State Department official and a member of the Federal Communications Commission both expressed alarm over those associations.
There is a lot to fuel suspicions, but the ITU's Obiso scoffs at the suggestion of any geopolitical significance to the ITU's new cybersecurity role.
"We are not interested in geopolitics," he says. "The fact that Kaspersky was there has nothing to do [with it being] a Russian company or an English company or an American company."
Perhaps. But the leadership of the ITU wants a so-called peace treaty for cyberspace under which some computer weapons would be outlawed. Russia has been the ITU's leading advocate in that regard; the United States would be directly affected.