Archive | June 2012

Flame and the Impending Inferno

Earlier this month, security media were ablaze with news of the freshly discovered Flame malware toolkit, which according to reliable sources began infecting Iranian computers as early as 2008.

Since the first reports, we’ve learned more about Flame, its capabilities and intent. The results of this analysis have been impressive and sobering.

Like its alleged sibling, Stuxnet, Flame is highly sophisticated, purpose-built and effective. As someone who spent many years in software development, I appreciate what it takes to write code for many platforms and devices while minimizing flaws. The authors of Stuxnet and Flame deserve credit for this, if nothing else.Image

Unlike Stuxnet, Flame is a toolkit – a veritable Swiss Army knife – of attacks that can be activated remotely by its command and control operator. The Flame payload is delivered such that all of the modules are available and integrated into the initial assembly, with no additional download or communication required.

Bluetooth sniffing, keylogging, an Autorun infector, the ability to hijack the Windows AutoUpdate function and more – up to twenty unique modules – all nicely packaged in one nefarious kit.

With all of this, Flame may have supplanted Stuxnet as the most complex and sophisticated piece of weaponized software ever developed in the [known] history of mankind.

But as powerful as Flame seems, the economic ecosystem on which its built may be even more interesting.

For decades, Microsoft, Adobe, Google and Oracle have been recruiting, paying for and getting the absolute best and brightest software designers, architects and developers on the planet. Until now.

In this post-neo-infosec-challenged world that we live in, the uber-software Gods work for the bad guys.

You may not put it on your CV or LinkedIn profile, but if you want a fun, exciting, incredibly well-paying job writing the newest, coolest and most coveted code on the planet, move to Romania and hook up with a Russian cybergang.

And it gets worse. As these malicious international software factories become more successful, they get richer, they buy better people and the cycle repeats.

Over the past several weeks the FBI, Interpol and other international law enforcement agencies arrested twenty-four individuals suspected of various card fraud schemes and activities. Suspects were spread out across thirteen countries around the world. One of them was arrested less than 45 minutes from GreyCastle Security headquarters.

None of them were software developers.

The people most typically being arrested for online crime are the individuals using the tools, not the ones building them. No, these digital mercenaries are tucked safely away in their posh Baroque villas on the outskirts of some small town in Estonia, busy writing their next module and withdrawing laundered cash from untraceable bank accounts.

And the hits keep coming. And the fire burns brighter.

Flame may just be the spark that starts the inferno.

Advertisements
%d bloggers like this: