GCN LAB IMPRESSIONS

Is the do-it-all Flame spyware OK if it's on our side?

Recently, the good folks at Kapersky Lab, along with other researchers, announced the discovery of a piece of malware that was infecting computers, mostly in the Middle East, and collecting data for later retrieval.

This spyware package, which is codenamed Worm.Win32.Flame, pretty much does it all: sniffs network traffic, logs keystrokes, takes screenshots, and even records audio conversations if a microphone is present on the computer.

Flame apparently uses all sorts of classic ploys to get into place, such as backdoor hacks, Trojan attacks, and worm-like reproductive features. Once it is in place, an operator can retrieve the data remotely, and upload additional modules as desired.


Related coverage:

‘Flame’ raises spyware to new levels, but who’s behind it?


When fully deployed, the Flame package is almost 20M in size, easily making it one of the most complex threats discovered to date. More detailed information about it can be found on Kapersky’s Securelist blog, which is highly recommended reading.

Last summer, when Stuxnet reared its head, I noted the rumors that it was a state-sponsored attack. I also weighed the pros and cons of using something like malware in the pursuit of trying to hamper Iran’s nuclear weapons program.

Well, it looks as if Flame — which also is knows as Flamer and sKyWIper by other security teams — might have also been state-sponsored. At least, the Kapersky blogger seems to think so. It was also noted the most reported infections by far (over twice as many as any other country) have been in Iran, followed distantly by Israel/Palestine.

Given this, it brings us back to the quandary I had brought up in the Stuxnet article — is it right to use malware for espionage, or other state-sponsored attacks? Is it wrong if China does it but OK for the United States? Should we be impressed with Flame or horrified by it?

Since I had been a network administrator for so long, you might say I have a personal bias against viruses and other malware. So the thought of using them for any purpose, whether it turns out to be a good one or not, is something I have some trouble swallowing. But, as we all know, nothing is as cut-and-dried as all that, and the reality is very complicated.

So what do you all think? Should the United States be in the business of employing viruses and malware, if indeed we are behind this one?

About the Author

Greg Crowe is a former GCN staff writer who covered mobile technology.

Reader Comments

Fri, Jun 8, 2012

A weapon is neither good nor bad....the use of it is good or bad. A cannon is a bad thing if we fire it on ourselves, but not if it is on an enenmy of a declared conflict. Here is the cyber risk. Cyber weapons seem to be more like land mines than targeted tools like cannons, guns, missiles. Once out there, controlling who's leg it blows off is difficult. It is not a one time targeted offense. It induces a sustained risk to an environment. Stuxnet was somewhat more targeted than most cyber attacks. Something to consider.

Wed, Jun 6, 2012 MN

When used against enemies of western civilization? Sure it is OK. The danger is monitoring this technology to make sure it is not misused at home. How could you monitor min-use however?

Fri, Jun 1, 2012 Landsailor San Francisco, CA

We already exist in a state of cyber-warfare. Similar to the Cold War our adversaries are constantly testing our cyber defenses for vulnerabilities. The Flame malware is simply one weapons system of many on the cyber battlefield. Hopefully it's ours. Our strength has always been to counter threats using our superior technology. We used nuclear technology to end World War II, missile technology to counter the Russians, Stealth technology to destroy Iraq's air defenses and now drones against terrorists. If we can now use our technological superiority to disrupt Iran's maniacal quest for nuclear weapons then we are obligated to use it. Standing on principle isn't always a good thing. Especially when millions of lives could be hanging in the balance.

Thu, May 31, 2012 DC Fed Washington D.C.

Espionage is espionage, regardless of who is doing it. The general rule for the spy is do the best you can by any means to gain their secrets without getting caught. In that regard it doesn't matter whether it is a U2, a Keyhole satellite, Mata Hari or Flame. Nations use the tools at their disposal in the interest of national security. That includes diplomacy, propaganda, guns, bombs, sabotage and now malware. If someone uses Flame against a U. S. interest, we will prosecute them as we have all spies. Other nations will do the same if we're using it. It is naive to expect otherwise. You can condemn it, wring your hands in anguish over it, etc. But no matter what else you may consider, you better prepare for and defend against it.

Thu, May 31, 2012 earth

Do not do unto others what you would not accept happening to yourself. And if you would accept this happening to yourself, you should not be allowed to breed. If you would do this unto others you shouldn't be allowed to breed either.
Sad the state to which our country has fallen that such a question would even be asked.

Show All Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above