Gauss malware, Apple iPhone show what encryption can do
- By Kevin McCaney
- Aug 16, 2012
Some of the most sound advice for securing sensitive information, whether it be in an e-mail, on a mobile device or at rest in a database, involves encryption. Simply put, encryption can keep data safe, for good or ill, as a couple recent examples illustrate.
After researchers at Kaspersky Labs come across Gauss, the latest in the Stuxnet/Duqu/Flame state-sponsored malware chain, and started examining it, they ran into a problem. The malware contained an encrypted “warhead” that the researchers couldn’t crack.
Gauss has a module called “Godel” (many of the malware’s components are named after famous mathematicians) with a payload of unknown purpose. “Despite our best efforts, we were unable to break the encryption,” researchers said in a blog post.
Stuxnet/Flame/Gauss and the limits of cyber espionage
Mobile security guide catches up with smart phones, BYOD
So Kaspersky offered up all of its information on Gauss and asked “anyone interested in cryptology and mathematics to join us in solving the mystery and extracting the hidden payload.” A long list of people have contributed ideas, but as of this writing the warhead remains a mystery.
Gauss was discovered infiltrating systems in the Middle East, primarily in Lebanon, and is believed to be part of a U.S.-led cyber warfare program that includes Stuxnet and Flame, both of which were found mostly attacking systems in Iran. U.S. officials likely are hoping Gauss’ encryption holds up.
The investigation into Gauss might illustrate how cyberspace differs from traditional battlegrounds. During, say, the Cold War, if scientists found an unfamiliar warhead they probably wouldn’t make a public project out of taking it apart and seeing what’s inside. But the Gauss investigation also shows the power of encryption -- be it in malware, in industrial systems in computers or even phones.
Agencies should take note of how encryption protects data, particularly as they try to manage security for mobile devices that can be lost or stolen.
Law enforcement officials worry that good encryption could hurt their chances of retrieving forensic evidence against suspected criminals, but that same protection could also be applied to devices being carried by government employees.
Apple, for example, has improved the security on the iPhone to the point that it could leave law enforcement at a disadvantage against criminals who carry them, Simson L. Garfinkel writes in Technology Review.
The most significant of Apple’s security steps for the iPhone is the addition of the Advanced Encryption Standard, a U.S. government standard since 2001 and considered to be unbreakable, Garfinkel writes. And the iPhone’s tightly knitted architecture makes it easy for users to apply the encryption. And of course, encryption tools are available for Android and other mobile devices.
"I can tell you from the Department of Justice perspective, if that drive is encrypted, you're done,” Ovie Carroll, director of the cyber-crime lab at the Justice Department’s Computer Crime and Intellectual Property Section, said at a recent conference, Garfinkel reports. “When conducting criminal investigations, if you pull the power on a drive that is whole-disk encrypted, you have lost any chance of recovering that data."
Law-abiding users, however, can let law enforcement officials and the courts worry about criminals’ phones. Instead, agencies deploying smart phones and tablets or allowing them as part of BYOD programs could take note of how well a good encryption program works.
Kevin McCaney is a former editor of Defense Systems and GCN.