We’re Slowly Starting to See U.S.’ Cyber Weapons

For years now, Defense Department officials have refused to discuss the details of the Pentagon’s offensive capabilities in the cyber arena, even as they railed against all the cyber attacks against the United States’ ever-vulnerable networks.

It seems however, that the Pentagon is happy to let actions speak for it. Earlier this spring, news reports emerged saying that it was indeed the U.S. and Israel who were behind the Stuxnet worm that famously wreaked havoc on Iran’s attempts to enrich uranium for its nuclear program. That worm was designed to make its way accross copmuter networks around the globe before infiltrating the specific type of Seimens-made SCADA computer that controlled the speeds at which Iran’s uranium enrichment centrifuges spun at. Once inside said computers, the infamous worm reprogrammed the centrifuges to spin at the wrong speeds where they would wreck the enrichment process.

At its time, Stuxnet was considered one of the most sophisticated cyber-weapons ever discovered. It was so sophisticated that analysts speculated that it had to have been made by an organization with the backing of significant government and/or corporate resources.

Well, as you know, Stuxnet has just been topped in sophistication by another American and Israeli-made virus that targeted Iran’s nuclear program. Flame.

So it seems that the virus that has been described as ushering in a new era cyber-warfare by experts at places like Kaspersky Labs, was one of the U.S.’ cyber weapons.

As we wrote last month:

showing that it can take snapshots of an infected computer’s display screen, record audio conversations using the computer’s microphones as well as steal normal computer files.

However, it can also be remotely re-programmed to switch from intel-gathering to offensive mode, turning itself into a cyber weapon capable of disrupting its targets’ basic functions, much like the Stuxnet virus did to Iran’s Uranium enrichment centrifuges.

All of these advanced features in one worm led Internet security firm Kaspersky to call the arrival of Flame, “another phase in this [cyber ]war, and it’s important to understand that such cyber weapons can easily be used against any country. Unlike with conventional warfare, the more developed countries are actually the most vulnerable in this case.”

Or as former DT cyber writer Kevin Coleman quoted another analyst as saying, “Flame redefines cyber espionage, it makes all the other software in that category look like cheap toys!”

What’s most  impressive — or scary — is that, according to the Washington Post, Flame — which has been hiding out there undiscovered for years as a routine Microsoft software update — is just the tip of the iceberg in a massive cyber espionage effort against Iran.

 

The massive piece of malware secretly mapped and monitored Iran’s computer networks, sending back a steady stream of intelligence to prepare for a cyber­warfare campaign, according to the officials.

The effort, involving the National Security Agency, the CIA and Israel’s military, has included the use of destructive software such as the Stuxnet virus to cause malfunctions in Iran’s nuclear-enrichment equipment.

The emerging details about Flame provide new clues to what is thought to be the first sustained campaign of cyber-sabotage against an adversary of the United States.

“This is about preparing the battlefield for another type of covert action,” said one former high-ranking U.S. intelligence official, who added that Flame and Stuxnet were elements of a broader assault that continues today. “Cyber-collection against the Iranian program is way further down the road than this.”

Who knows what other types of cyber weapons we’ll see coming from the U.S. or what types of weapons will now be unleashed on the U.S. Remember, reality can often be stranger than fiction. However, as impressive and worrisome as these cyber weapons may be, they might just be playing a role in reducing the risk of a potentially much more destructive shooting war breaking out, as the Post points out.

The U.S.-Israeli collaboration was intended to slow Iran’s nuclear program, reduce the pressure for a conventional military attack and extend the timetable for diplomacy and sanctions.

 

  • Black Owl

    I remember reading somewhere that a Chinese general was interviewed on cyber weapons and cyber warfare. One of the things he said during the interview was that although China had made significant advances the Americans are still getting the most information and the are still the best at cyber warfare.

  • Matthew

    Loose lips sink ships. I agree with the boomerang comment. Time will tell.

  • dfor

    One of the most fascinating aspects about this subject is how cyber-weapons are usually a one-off capability, like China’s rocket forces. So the real challenge, it appears to me, is continuously finding new exploits that the enemy will not expect. In other words, I think surprise can be far harder to achieve in the cyber domain than in RL, but when it works, it works fine. Just fine.

  • Rohan

    Thats toooo slow to be from our part….lets make it fast……we are relying on 6G !!!

  • mehrdad

    why to expose all these kind of information to our sworn enemies,the more information we give,less safe we will be at home.that’s a big mistake obama administration is doing and did in the past.

  • R.Confused

    Wow. Did everybody miss the big point here? I have suspected for sometime this might be a possibility:

    “which has been hiding out there undiscovered for years as a routine Microsoft software update”

    I guess since Google has climbed in bed with the NS@, Microsoft felt jealous and climbed into bed with the DoD.

    My guess is that Microsoft has the ability to place selected software updates via auto-updating to individual computers systems.Since they know and can verify specific hardware their software is installed on.
    The question is how many other government agency are using this method to upload spyware on computers of people (and or citizens) they want to keep track of via spyware upload under the disguise of a M$-software security update patch it sends out monthly.
    Since nobody in any country would suspect M$ of doing something like this. (All of this under a presidential executive order that bypassing all legal pathways that might question the procedure, thus protecting M$ from future legal claims.)

    x.x.x.

    • JackBlack

      Exclude Germany where brains still work, read Heise.de.

    • joe

      Well, if ‘cyber attack’ can be defined as ’cause a computer to completely lock up for no readily apparent reason’, I must admit Microsoft to be one of the most experienced organisations in the world.

      • Thomas L. Nielsen

        That reminds me of this one (an oldie, but a goodie):

        Why Windows is not a virus:

        1. Viruses replicate quickly – okay, Windows does that.

        2. Viruses use up valuable system resources, slowing down the system as they do so – okay, Windows does that as well.

        3. Viruses will, from time to time, trash your hard disk – okay, so Windows does that too.

        4. Viruses are usually carried, unknown to the user, along with valuable programs and systems. Sigh… Windows as well.

        5. Viruses will occasionally make the user suspect their system is too slow (see pt. 2) and the user will buy new hardware. Yup, that’s Windows again.

        6. Viruses are well supported by their authors, run on most systems, their program code is fast, compact and efficient and they tend to become more sophisticated as they mature. THIS IS WHY WINDOWS IS NOT A VIRUS!

        Regards & all,

        Thomas L. Nielsen
        Luxembourg

    • Gridlock

      You’re close, in that it is a big deal – but the attackers counterfeited a digital certificate that made the virus look like MS-signed code, and fiddled with the local network so windowsupdate.microsoft.com was their bitch. One auto-update later and all the local machines are infected.

      900 million PCs check in with MS each month. Subverting this has been an antivirus nightmare for years, and it has now been proven possible.

  • Matt

    Resistance is futile

  • Pilgrimman

    I’m afraid I can’t let you do that, Iran.

  • Tom Hendricks

    Cyber attack against other countries by US is terrorism at highest level. But no body calls it terrorism because it’s done by US.

    We might want to ask ourselves why that is?!
    When hizbollah? attack they are called terrorist. But when terrorist attack in Syria they are rebels in western media.

    I belive in YIn and YANG and right now there is 2 much Yang from our side and it can only go the other way.

  • Lance

    Good let the Cyber Command send Iran’s economy to the same century as its society is the 5th century!!!!!

    • Hear the truth

      You really are ignorant. In Iran women can drive what about Saudi Arabia where women are banned from driving where’s your brain then. It seems you’ve been brainwashed by the controlled news/media to think bad of a country where you’ve never been and to like a country like Saudi which is the one behind the times. Open your eyes and wake up to reality

  • Joshua

    This article put a smile on my face.

  • ltfunk2

    With the US government getting into teh cybercrime business the effect on our software industry will be very bad.

    Why would you buy Microsoft phones and tablets when they simply let the IRS and government agencies snoop around your company at will.

    At the same time with so much more cash available for exploits if you are a Microsoft employee in India and you arn’t putting in some extra exploits into MS code and selling it you are one of the slow ones.

    We could have had a massive industry selling electronic services to the world. But that is going to die now because you cant turn a market into a battlefield and your customers into enemies and expect the industry to survive.

  • longshadow

    We just handed the world a polished malware management framework that can be used to jumpstart cyber warfare capabilities. Duqu, Stuxnet, and Flame are the new ‘baseline’ and there isn’t any reason why a state or private actor can’t produce and deploy their own variant in a matter of months.

    The real question is what are they going to do to US now that our enemies and fringe actors have reliable cyber warfare capabilities?..

    • Josh

      I highly doubt we would have used these capabilities if we didn’t know how to counter them and we obviously know that people are going to use these as the building block for complex attacks. That kind of stuff always comes into consideration before you release something. It would be beyond stupid for us to use a weapon like this and not be able to protect ourselves from the backlash of people using the source weapon, or their own modified version. Dont forget that a lot of the technologies you see today have been classified for sometimes decades before they are made public. And 90% of the time the reason they are made public is bigger, better, and more capable sytems are already in use or being worked on. Flame pre-dated Stuxnet, and if we’re just seeing Flame now I’m sure there are even more capable and at the same time scarier things in the cyber warfare bag of tricks

  • Joe

    We are at the manhatten project stage of cyber weapon development. The thing that worries me is proliferation of this stuff.

    Code does not get unwritten. This could be a MAJOR leveler of the conflict playing field.

  • leeretarmy

    What the hell happened to OPSEC

    • blight_

      Consider Kapersky Labs isn’t a branch of the US government (if anything, they are a Russian company), what OPSEC?

      As for Washington Post, it would depend on who is talking. Then again, considering Kapersky isolated the virus and decompiled the binaries, the source code itself will tell you everything you needed to know about its capabilities.

  • Infidel4LIFE

    ALL IS FAIR IN LOVE AND WAR.

  • longshadow

    There is no such thing as OPSEC for this kind of thing. All it takes is one person somewhere in the world to find and capture an instance of the software and then the secret is out.

  • anthony

    Nobody likes to go thru anothers meltdown destroying our earth!!