June 12, 2012

Virus Makers Collaborated On Malware Says U.S. Government

Peter Suciu for redOrbit.com

A meeting of minds may have occurred behind closed doors, and the results could be a sharing of a super virus that could wreak havoc on government computers. But this wasn´t some nefarious cabal of insidious hackers plotting world domination or setting up a cyber “Legion of Doom.” Or maybe it was, depending on how you choose to view what this cyber technology can do — and whether you believe in some conspiracy theories.

This week it was reported that the programmers behind Stuxnet and Flame — two of the reportedly most important and powerful cyberweapons devised by man — appear to have not only worked together but also shared source code.

Flame was identified two weeks ago as a highly sophisticated virus tailor-made for cyber-espionage, and researchers believe there is a link to Stuxnet, a computer worm dissected in 2009 and 2010.

The Stuxnet computer worm was the one that wreaked havoc on Iran´s nuclear facilities. This remains the most high-profile example of malicious software — or “malware” — being used for industrial havoc.

The Flame virus, which reportedly has unprecedented data-snatching capabilities and can in essence “eavesdrop” on computer users had briefly accessed Iran´s oil industry according the Iranian intelligence community. The full extent of what this did has not been made clear, but Iran was forced to cut Internet links to the country´s main oil expert terminal — likely to contain the virus.

Flame is suspected of being capable of deleting data and affecting industrial control systems — such as those that run plants in uranium enrichment facilities. Iran has steadily been working on its nuclear program.

Many security experts believe that Stuxnet was part of a massive cyber-espionage program led by the United States, and moreover that it is still active in the Middle East. Its connections with Flame were noted by cybersecurity researchers this week.

Authorities in Washington have not denied the allegations, but have instead launched investigations into leaks about the highly classified project.

The White House has made no official statement on the matter.

Anti-virus maker Kaspersky noted on Monday that researchers at the firm found that part of the Flame program is nearly identical to code found in a 2009 version of Stuxnet.

Speaking at this week´s Reuters Global Media and Technology Summit in London, Eugene Kasperksy, chief executive of the Moscow-based Kaspersky Lab said that it is clear that “there were two different teams working in collaboration.”

For one Flame was apparently developed with a different set of tools than Stuxnet. But Kasperksy maintains there is a link, and that segments in the code are similar — suggesting that engineers working on each may have had access to the other.

“In 2009, part of the code from the Flame platform was used in Stuxnet,” Alex Gostev, the chief malware researcher at Kaspersky Lab, wrote in a blog post on Monday. “We believe that source code was used, rather than complete binary modules," he said, "which suggests some degree of collaboration or crossover.”

Flame, Stuxnet and the latter´s “data-stealing cousin” Duqu are considered by analysts to be among the most sophisticated pieces of malicious software yet detected. And while it could be that the teams had access to each other´s code — who is behind this remains much of a mystery.

The BBC reported that UN´s telecommunications head Dr. Hamadoun Toure said he did not believe the United States was at all behind Flame, while America´s involvement in Stuxnet was merely ℠speculation.´

As the code of each was written and designed by different groups, it could be that one was copying the other — or maybe sinister minds just think alike.