Monday, June 11, 2012

Cyber Warfare -- Governments Developing Computer Viruses

Two articles caught my eye in the last week:
Researchers say they have uncovered "proof" linking the authors of the Flame cyber espionage program to Stuxnet, the most powerful offensive cyber weapon ever developed -- both of which are believed to have targeted Iran.
CHICAGO — On the sixth floor of a sleek office building here, more than 150 techies are quietly peeling back the layers of your life. They know what you read and where you shop, what kind of work you do and who you count as friends. They also know who your mother voted for in the last election.
I write software for a living. In recent years, most software vendors have become much more pro-active about hardening their software against security threats. If word of a vulnerability gets out, it is corporate suicide not to address the problem immediately. But this takes lots of time away from doing our primary job of developing programs that address what our customers really want: Programs that make them more productive or provide entertainment. It isn't that they don't want security, but addressing security concerns slows development and increases cost.

I just discovered our job got a lot more difficult and expensive. Until recently, most malware (i.e., computer viruses) was written by "hackers" who want to vandalize your machine, or by organized crime, which wants to steal your identity, and thus, your money. But now, two very sophisticated computer viruses have been discovered in the middle east that are so destructive, and so complex that they could only be developed by a nation-state: a government with the ability to print money or leverage its tax base for seemingly unlimited resources. But my employer doesn't have  unlimited resources. Not by a long shot.

So far, these weapons have been directed at Iran. Stuxnet successfully sabotaged Iran's nuclear program, by making computerized centrifuges spin out of control and fly apart. Flame is a spy tool. Suppose that a government wanted to aim its weapons at its own citizens, or at citizens in another country. We already have political candidates using computer data mining to get themselves re-elected. Who could stop it? Not the private sector.

Both Stuxnet and Flame have leaked out into the wild, which means everyday hackers and "script kiddies" will be able to use these powerful tools for their own nefarious purposes. Think of the dysfunctional computer nerd living in his parents' basement  -- or a crime ring -- with a pile of hand grenades. With these apps, it's essentially the same thing, only much harder to track. How much longer do you suppose the private sector will be allowed to develop software, when software is a military asset?

We're entering a brave new world, my friends.


  1. As far as I know, these viruses might have been funded by a nation state but could not have been created without the knowledge of the private sector. On the other hand, I dont put the government past anything including pilfering the private sector and making offers they can't refuse... If turd monkey came to your door and threatened to kill your family, would you write programs for him to save your family? Well, that's not a fair question - after all, turd monkey would never visit your house.!

  2. Government could hire an army of professional hackers that would not require the knowledge of the private sector.


This is a moderated forum. Please try to avoid ad-hominem attacks and gratuitous profanity. Justifiable profanity may be tolerated.

I am sorry, but due to the un-manageable volume of spam comments, I have enabled the scrambled word verification. I apologize for the inconvenience.