Starting Tuesday, look out for an unusual warning atop your Gmail inbox, Google home page or Chrome browser. It will not mince words: “Warning: We believe state-sponsored attackers may be attempting to compromise your account or computer.”Which state? Google won't say. Neither will the NYT -- at least not directly. However:
The announcement is timed just one week after security researchers discovered Flame, a massive, data-mining virus, had been spying on computers in the Middle East– predominantly in Iran– for at least the last four years.If you've been following Marcy Wheeler, you know much about the story of Stuxnet, a computer virus -- actually a worm -- designed to take down Iran's nuclear program. It was created by the NSA and a little-known, but ultra-important, Israeli agency called Unit 8200. The worm has turned into a massive problem, since it has infected innumerable systems outside Iran; there's a good chance that it's on your computer right now.
Researchers say they believe the Flame virus is sponsored by the same entity that commissioned Stuxnet, a virus co-sponsored by the United States and Israel, that destroyed thousands of Iranian centrifuges in 2010.
Worse: The worm was supposed to have a kill switch; it was intended to deactivate itself after a certain date. But someone killed the kill switch -- and all signs point to Israel. A story by David Sanger for the New York Times claims that a briefer told Obama that the Israelis modified the worm. Lo, it shall be with us always.
Flame, another U.S.-Israel joint venture in cyber-war, may be even worse.
Last week the New York Times quoted an Iranian cyberdefense official who said the virus's encryption looked like Israel's handiwork. Kaspersky Lab, a Russian antivirus company, said Flame might have been created by the same contractors who were responsible for Stuxnet, working with a different team of programmers. Flame is a targeted virus, just as Stuxnet was, but while the latter was aimed at industrial control systems, Flame doesn't appear to be targeting any particular industry or system -- just Windows PCs in the Middle East.
Flame is a huge virus -- 20 megabytes of various modules, databases, and varying levels of encryption. It's 40 times larger than Stuxnet, and it's been operating for at least two years without having been detected. So far researchers have a pretty good idea of what it's designed to do -- steal and transmit information from infected machines -- but because it contains so much code, it will take years to fully analyze. So far we know it can activate a computer's built-in microphone to record Skype conversations, siphon contact information from an address book, and transmit screenshots of user activity.
In spite of its fairly conventional data-theft tactics, the consensus is that it's the work of a nation-state rather than just a group of programmers -- Finnish security firm F-Secure said that it was "most likely launched by a Western intelligence agency."Even UPI admits that Unit 8200 created Flame. This background briefing on 8200 is downright jaw-dropping. This story on Flame strongly indicates (without actually stating) that the Flame virus is, in fact, the "state-sponsored" malware prompting Google's unprecedented warning.
Here are the questions we must answer:
1. Why did the Israelis put this thing on all of our computers? What is the ultimate plan? Iran seems to be the excuse, not the target -- at least not the sole target.
2. To what degree is U.S. intelligence a witting partner in this cyberwar, and to what degree have our own intelligence services been used, compromised or bamboozled? Although Stuxnet began as a U.S./Israeli co-venture, I feel that the American side wanted to keep the thing targeted on Iran.
3. Will it ever be permissible to discuss such matters without being subjected to accusations of anti-Semitism?
Final note: A Unit 8200 veteran went on to found Check Point. In case you don't know, Check Point is that nice company which allows you to download the Zone Alarm firewall -- for free! Gosh. You think ZA will protect you against Flame and Stuxnet?
4 comments:
Is this connected in any way to the news about the Linked In password theft?
http://www.technolog.msnbc.msn.com/technology/technolog/linkedin-confirms-password-leak-lawmakers-chime-816238#
Didn't like the headline, but was kind of invigorated by the prospect that Google was actually going to take a stand against the US government tyranny and warn users when the feds were trying to hack their accounts.
It was short lived enthusiasm unfortunately as it took less than 24 hours for the cat to come out of the bag.
Google is warning users in CHINA they are targets of State Sponsored cyber-warfare.
Clearly outs Google for being connected the NSA/CIA who is obviously providing them with intelligence or who they are working with directly as part of a pysop against china.
First there is this:
http://insidesearch.blogspot.com/2012/05/better-search-in-mainland-china.html
Techies like my self can out this as a psyop, because a simple packet sniff would be able to detect a reset packet off the network during the TCP handshake.(clearly that would be the case here and Google knows it.
Second:
Readwrite web sets up the story:
"Google Warns Users of Government Hacker Attacks"
http://www.readwriteweb.com/archives/google-warns-users-of-government-hacker-attacks.php
This of course, reverts google's claims last year china hacked gmail.
3) The money shot:
Being delivered to users in china:
http://shanghaiist.com/attachments/horacelu/Gmail_warning.png
more here via the shanghaiist:
Journalists and activists in China warned of "state-sponsored" Gmail hacking
A number of journalists and activists in China have received warnings from Gmail that "state-sponsored attackers may be attempting to compromise your account or computer."
Google yesterday began notifying users if their Gmail accounts were suspected of being the targets of state-sponsored hacking attempts. "When we have specific intelligence—either directly from users or from our own monitoring efforts—we show clear warning signs and put in place extra roadblocks to thwart these bad actors," said Google in an announcement posted on its official online security blog.
Google yesterday began notifying users if their Gmail accounts were suspected of being the targets of state-sponsored hacking attempts. "When we have specific intelligence—either directly from users or from our own monitoring efforts—we show clear warning signs and put in place extra roadblocks to thwart these bad actors," said Google in an announcement posted on its official online security blog.
Good info on this trojan
http://www.securelist.com/en/blog/208193522/The_Flame_Questions_and_Answers
Post a Comment