Preparing for a post-Flame world
Illena Armstrong, VP, editorial, SC Magazine
Flame turned out to be quite an advanced piece of cyber espionage weaponry, after all. It is the first known malicious collision attack in the wild that exploits the MD5 algorithm, though some researchers discovered this method back in 2008, according to reports.
While the mathematical and technical prowess needed to create this toolkit is proving fascinating to a whole host of industry researchers, the other interesting development is that it likely was created by a nation-state – probably the United States and Israel.
So, hype or not, what does all this mean to you? Well, in my mind it could be a harbinger of assaults to come. Sure, state-sponsored attacks are nothing new. Just look at Aurora a few years back, which allegedly the Chinese government let loose on the likes of Google and the U.S. Department of Defense. And then there was the RSA breach, also thought to be spearheaded by China, which ended in the company's intellectual property that underpins its smartcard technology being stolen. This, of course, led to attacks on RSA's government and contractor customers.
“While the United States and maybe its partners always seemed the victim, things have changed.”
– Illena Armstrong is VP, editorial director of SC Magazine
But, while the United States and maybe its partners always seemed the victim, things have changed. Now, we as a nation are more prominently unleashing superworms and arming ourselves with malware to take out or spy on our perceived enemies. Given this more openly aggressive stance, there's bound to be some retaliation. And whether their methods end up being as highly developed and complex as our own, the advantage could tip to the adversaries. As it stands already, we're not doing so well in our fights against any of the three major types of cyber criminals (thieves, hacktivists and nation-states).
However, the fact is that Flame is not the only example out there. Just as Flame's creators reportedly made moves in June to destroy it so no traces of it or its origin would be left behind, other espionage tools continue to crop up. For example, IXESHE (pronounced i-sushi) is another advanced persistent threat (APT) that is stealing critical data from government and private entities in Germany, Taiwan and still more countries, according to Trend Micro. And while researchers have been studying IXESHE since 2009, I still wonder if the likes of Stuxnet and now Flame will ignite more coordinated and complicated attacks on these shores. And, more to the point: Will our defensive, advanced monitoring and incident response capabilities be enough?
Illena Armstrong is VP, editorial director of SC Magazine.