Anyone who doubts that we are not in the midst of cyber warfare, they are not educated as to the current state of global affairs.
The United States is under siege from nearly every corner of the virtual universe. The attacks are continuous. The intent clear.
The United States has the greatest store of intellectual property the world has ever seen. We create new content hourly. We drive new trends, place our technology on the moon and Mars, and push the envelope of most every area of science and math known to human kind.
Recent discoveries of malware such as Stuxnet, Flame, Duqu, and Gauss point to alleged US efforts to penetrate Iranian cyber infrastructures to execute virtual acts of espionage and sabotage. Since 1979, Iran has made every effort to kill Americans and subvert our foreign policy. They are truly an enemy and well defined adversary.
Their intelligence services from the assassination squads of Al-Quds Force Unit 400 to the Iranian Revolution Guard Corp (IRGC) to proxies such as Hezbollah, have and continue to execute acts of espionage, sabotage and assassination against Americans and friends of Americans. Whether it was the murder of Robert Dean Stethem in 1983 aboard TWA Flight 847, the bombing of the Marine barracks in Beirut during the same year or their continued sponsorship of state terrorism, Iran is bent on eliminating every facet of US influence in the Middle East and beyond.
Their drive to eliminate Israel, communicated on a regular basis. Their intent with nuclear technology, well defined with their commitment to develop nuclear weapons. They are a true adversary working to spread their revolution anywhere they believe they can gain foothold. Largely at the expense of the United States and everyday Americans.
Recent responses (allegedly) by the United States include a virtual war that is attempting to delay and disrupt the Iranian nuclear program, potentially as a method to give sanctions and diplomacy time to work before physical acts are the only option. These may be in the form of Stuxnet, Flame, Duqu and Gauss, and others yet discovered. These tools serve to disrupt production, gather information for future operations, uncover illegal financial transfers and track information related to the illegal acts of the Iranian regime.
What is vexing and causes great consternation, is why the likes of McAfee, Symantec, TrendMicro, Microsoft and Bitdefender (to name a few US-based companies and not the F-Secure’s, ESET’s or Panda’s of the world) would openly publish code examples, reverse engineering information and analysis on cyber espionage and sabotage tools. These tools serve to delay, disrupt, deny, and deceive our enemies from developing nuclear weapons that could one day be used against the United States or our allies. You might think that they are all actively on the payroll of the IRGC and have become another in a long line of Iranian proxies.
When seeing this type of information published by American companies, should the conclusion be that they really are only in the game for economic reasons? This is not a demonstration of true loyalty to United States policy since their disclosures of the malware in question can only be seen as proving to the world that they are highly skilled at malware detection and remediation.
The fact is that most anti-virus solutions catch at best, 30% of the malware in the wild. If they were as good as their annual fees indicate, then they would have caught the malware in question when it was installed, not a year or two later (anti-virus solutions should be free). However, that is not the point and intent of this writing. The point is this: Are American information security companies providing aid and comfort to our enemies and adversaries by providing solutions to our alleged cyber weaponry?
- http://infosecisland.com/blogview/21482-Symantec-Flame-Analysis-A-Sophisticated-and-Discreet-Threat.html
- http://home.mcafee.com/virusinfo/virusprofile.aspx?key=1396910
- http://esupport.trendmicro.com/solution/en-us/1059505.aspx
- http://www.microsoft.com/Security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanSpy%3aWin32%2fGauss.A&ThreatID=-2147306969
- http://blogs.technet.com/b/srd/archive/2012/06/06/more-information-about-the-digital-certificates-used-to-sign-the-flame-malware.aspx
- http://labs.bitdefender.com/2012/05/cyber-espionage-reaches-new-levels-with-flamer/
The information security companies mentioned are but a few of those communicating their prowess by documenting analysis on the malware. It seems as if they believe they have signed some sort of Hippocratic Oath where they apply all measures that are required to prevent malware whenever they can since they believe it is a societal obligation. For some reason, this seems to be far from theunderlying intent.
During the era of the Cold War, anyone giving aid and comfort to the enemy was termed to be treasonous as defined in Article III of the US Constitution. Is the application of this term and associated definition going overboard with respect to the acts of information security companies? Let us leave that to others to determine.
Kaspersky is now asking for a crowdsourcing effort to break the encryption associated with the Gauss payload. Surely US-based mathematicians, computer scientists, college students and information security companies are all rushing to become the first to do so. However, at what cost to alleged US efforts against a foreign enemy?
- https://www.securelist.com/en/blog?weblogid=
- http://www.wired.com/threatlevel/2012/03/duqu-mystery language/?utm_source=Contextly&utm_medium=RelatedLinks&utm_campaign=Previous
- http://www.wired.com/dangerroom/2012/07/ff_kaspersky/all/
- http://news.techworld.com/security/3372156/eugene-kaspersky-reacts-angrily-to-alleged-kremlin-sympathies/
Eugene Kaspersky served as a Soviet Intelligence Officer with KGB training. He is directly tied to the new KGB, the Federal Security Service (FSB) and has a tight relationship with Vladimir Putin. His intentions at solving the encryption issue of the Gauss payload is not for the benefit of humankind. It is purely for the benefit of the FSS and Vladimir Putin. Anyone in the US who answers the call from Kaspersky to solve the encryption should think of whom they are supporting and where their loyalties lie.
Kaspersky is highly active in seeking out any alleged US created and implemented cyber weaponry for the specific benefit and enhancement of Putin’s Russia. Kaspersky’s company has grown over 177% between 2009 and 2010 according to Forbes with over 50 million users of his software. He is openly fighting against cyber espionage and sabotage, as long as it is not Russian manufactured. We must ask ourselves, why is it that he has not discovered any alleged Russian malware that fits the cyber espionage or sabotage genre? Are we naïve enough to believe that Putin has not commissioned the authoring of such cyber weaponry?
We can better understand this sentence, very shocking to our ears in the West, on social networks: "There is too much freedom , he said about Facebook. Freedom is good. But the wicked can abuse the freedom to manipulate opinions. " Interesting and amusing when you consider his sympathy for Vladimir Putin, the "democrat" as we know it. The Russian president that pushes the development of international regulation of the Net and a tightening of control of online media, as demonstrated by the recent legislation passed by the Duma in early July.
Proximity to the makers of our time that does not stop at the Kremlin, Eugene Kaspersky is often invited to attend and intervene in safety symposiums around the world. Meetings attended by security thinkers and politicians on the planet. Ultimately, the Russian security expert watching over your PC, it would be better if he does not care for our freedoms. (As recovered via cached copy of Tech Your Day -http://techyourday.com/specifications/topic/123-eugene-kaspersky-there-is-too-much-freedom-on-social-networks/ ).
The message to US-based information security firms and anyone wishing to solve our adversary’s cyber problems is this: Think very hard at what actions you take to reverse engineer, communicate, publish, and solve the cyber ills of our adversaries and enemies. You are not acting as loyal citizens of the United States and are actually betraying the trust given you by birth or acquired. The call by Kaspersky is nothing more than an effort to aid an adversary. If US-based companies are intent at reverse engineering and communicating their findings, then do so. However, do so to US authorities as a method of finding holes in the cyber weaponry for future improvements and hardening.
JSB
About the Author: Jeff Bardin is currently Chief Intelligence Officer for Treadstone 71. In 2007 he was awarded the RSA Conference award for Excellence in the Field of Security Practices. The Bardin-led security team from Hanover Insurance also won the 2007 SC Magazine Award – Best Security Team competing against such organizations as Barclays Global and the Department of State. Jeff sits on the Board of Directors, Boston Infragard; Content Raven, Wisegate, was a founding member of the Cloud Security Alliance; is a member of the Cyber Security Forum Initiative, the RSA Conference Submission Selection Committee and formerly on the Customer Advisory Board for Chosen Security. Jeff published The Illusion of Due Diligence in 2010 and was a co-author for the Computer and Information Security Handbook, Understanding Computers, and has published articles for magazines such as The Intelligencer, CSO, and SC Magazine. Jeff served in the USAF as a cryptologic linguist, and in the USANG as an officer. He has BA in Special Studies - Middle East Studies & Arabic Language from Trinity College as well as a MS in Information Assurance from Norwich University. He is also a professor of masters programs in cyber intelligence, counterintelligence, cybercrime and cyber terrorism at Utica College. Jeff also holds the CISSP, CISM, C|CISO and NSA-IAM certifications.
