An ultra-weird story
appeared in the NYT yesterday:
Starting Tuesday, look out for an unusual warning atop your Gmail inbox, Google home page or Chrome browser. It will not mince words: “Warning: We believe state-sponsored attackers may be attempting to compromise your account or computer.”
state? Google won't say. Neither will the NYT -- at least not directly. However:
The announcement is timed just one week after security researchers discovered Flame, a massive, data-mining virus, had been spying on computers in the Middle East– predominantly in Iran– for at least the last four years.
Researchers say they believe the Flame virus is sponsored by the same entity that commissioned Stuxnet, a virus co-sponsored by the United States and Israel, that destroyed thousands of Iranian centrifuges in 2010.
If you've been following Marcy Wheeler
, you know much about the story of Stuxnet
, a computer virus -- actually a worm -- designed to take down Iran's nuclear program. It was created by the NSA and a little-known, but ultra-important, Israeli agency called Unit 8200
. The worm has turned into a massive problem, since it has infected innumerable systems outside Iran; there's a good chance that it's on your computer right now.
Worse: The worm was supposed to have a kill switch; it was intended to deactivate itself after a certain date. But someone killed the kill switch -- and all signs point to Israel. A story by David Sanger for the New York Times claims that a briefer told Obama that the Israelis modified the worm. Lo, it shall be with us always.
Flame, another U.S.-Israel joint venture in cyber-war, may be even worse
Last week the New York Times quoted an Iranian cyberdefense official who said the virus's encryption looked like Israel's handiwork. Kaspersky Lab, a Russian antivirus company, said Flame might have been created by the same contractors who were responsible for Stuxnet, working with a different team of programmers. Flame is a targeted virus, just as Stuxnet was, but while the latter was aimed at industrial control systems, Flame doesn't appear to be targeting any particular industry or system -- just Windows PCs in the Middle East.
Flame is a huge virus -- 20 megabytes of various modules, databases, and varying levels of encryption. It's 40 times larger than Stuxnet, and it's been operating for at least two years without having been detected. So far researchers have a pretty good idea of what it's designed to do -- steal and transmit information from infected machines -- but because it contains so much code, it will take years to fully analyze. So far we know it can activate a computer's built-in microphone to record Skype conversations, siphon contact information from an address book, and transmit screenshots of user activity.
In spite of its fairly conventional data-theft tactics, the consensus is that it's the work of a nation-state rather than just a group of programmers -- Finnish security firm F-Secure said that it was "most likely launched by a Western intelligence agency."
Even UPI admits that Unit 8200 created Flame
. This background briefing
on 8200 is downright jaw-dropping. This story on Flame
strongly indicates (without actually stating) that the Flame virus is, in fact, the "state-sponsored" malware prompting Google's unprecedented warning.
Here are the questions we must answer:
1. Why did the Israelis put this thing on all of our computers? What is the ultimate plan? Iran seems to be the excuse, not the target -- at least not the sole target.
2. To what degree is U.S. intelligence a witting partner in this cyberwar, and to what degree have our own intelligence services been used, compromised or bamboozled? Although Stuxnet began as a U.S./Israeli co-venture, I feel that the American side wanted to keep the thing targeted on Iran.
3. Will it ever be permissible to discuss such matters without being subjected to accusations of anti-Semitism?
A Unit 8200 veteran went on to found Check Point. In case you don't know, Check Point is that nice company which allows you to download the Zone Alarm firewall -- for free!
Gosh. You think ZA will protect you against Flame and Stuxnet?