Kaspersky's Problematic Flame Analysis

Tuesday, May 29, 2012

Jeffrey Carr


I'm beginning to wonder what's going on over at Kaspersky Labs.

Eugene Kaspersky has begun sounding like Richard Clarke with his warning about mega-cyber disasters during his keynote address at the AUSCERT IT security conference.

Then there's his repeating of the Russian government mantra that a cyber weapons treaty is needed (it's not).

Now Kaspersky Labs has called a virus whose only purpose is to steal data a "cyber weapon". Come on, guys. You've done some terrific research in the past with DuQu.

Now all of a sudden, it seems like you've become evangelists for a Russian government strategy to raise the stakes in cyber war rhetoric.

Espionage is not warfare and never has been. Hence a tool created solely to conduct cyber espionage cannot also be legitimately called a cyber weapon.

You've also wrongly simplified the scope of cyber actors out there to three when it has never been that cut and dried:

"Currently there are three known classes of players who develop malware and spyware: hacktivists, cybercriminals and nation states. Flame is not designed to steal money from bank accounts. It is also different from rather simple hack tools and malware used by the hacktivists. So by excluding cybercriminals and hacktivists, we come to conclusion that it most likely belongs to the third group."

You've conveniently failed to mention an important fourth category: mercenary hacker crews - principally from Russia and the Commonwealth of Independent States - who steal IP and sell it to both corporations and governments.

Crews that would love a tool like Flame and who, in my opinion, are the most likely actors involved in using such a tool.

If you'd be forthcoming with more information - such as Flame's Command and Control server URLs - a lot more could be learned about who may be behind this virus.

Cross-posted from Digital Dao

Possibly Related Articles:
Viruses & Malware
Information Security
virus Cyberwar Stuxnet Espionage Kaspersky Analysis cyber weapon trojan DUQU Flame
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.