Flame Ordered to Flame Out

Needed access to world-class cryptanalysts to spread it using Windows Update

2 min read
Flame Ordered to Flame Out

There were a couple of interesting stories in ComputerWorld last week from the cyber guerrilla war front.  According to this story, whoever is controlling the Flame virus has ordered it to self-destruct and erase all traces of itself to impede the forensic analysis of its code. ComputerWorld quotes the Symantec's security response team’s blog as saying a self-immolation or "suicide" module "locates every [Flame] file on disk, removes it, and subsequently overwrites the disk with random characters to prevent anyone from obtaining information about the infection. …This component contains a routine to generate random characters to use in the overwriting operation. It tries to leave no traces of the infection behind."

It is obvious that the Flame authors are worried about not only possibly being found out (although the betting is that the virus is the work of the US and Israel) or that effective countermeasures to it will be found, but also that it might "escape into the wild" like Stuxnet did and become re-purposed. Of course, copies of Flame are in the hands of numerous IT security companies, researchers and national security organizations among others, so it is more than likely that it is only a matter of time before a new 'improved" version of Flame appears.

Speaking of the as yet unidentified authors of Flame, another story at ComputerWorld reports that Marc Stevens, a research cryptanalyst at Centrum Wiskunde & Informatica (CWI) in Amsterdam states that whoever created and distributed the virus needed access to world-class cryptanalysts. The reason behind that belief is that Flame's authors were able "to generate a rogue Microsoft digital code-signing certificate that allowed them to distribute the malware to Windows computers as an update from Microsoft." They accomplished this, ComputerWorld says, by using a previously unknown cryptographic collision attack on the MD5 encryption algorithm (Stevens and company demonstrated one method in 2008) which Microsoft security engineers explain in a blog post here.

Spreading malware using the Microsoft Windows Update function is seen as the Holy Grail of hackers since over 900 million Windows computers routinely use it to update their systems.

The ComputerWorld story notes that, "Interestingly, the attack would have failed a long time ago if Microsoft had been more diligent." The reason is that back in 2008, the weakness in MD5 was so well known that Microsoft issued a security advisory recommending "that administrators and certificate authorities cease using MD5 as an algorithm to sign digital certificates because of collision attacks. However, the company failed to disable the use of MD5 in parts of its own operating system, which is what Flame exploited."

Microsoft urgently released a patch and took other actions to close the Flame (or flaming) security hole early last week.

Photo: iStockphoto

The Conversation (0)

The Cellular Industry’s Clash Over the Movement to Remake Networks

The wireless industry is divided on Open RAN’s goal to make network components interoperable

13 min read
Photo: George Frey/AFP/Getty Images
DarkBlue2

We've all been told that 5G wireless is going to deliver amazing capabilities and services. But it won't come cheap. When all is said and done, 5G will cost almost US $1 trillion to deploy over the next half decade. That enormous expense will be borne mostly by network operators, companies like AT&T, China Mobile, Deutsche Telekom, Vodafone, and dozens more around the world that provide cellular service to their customers. Facing such an immense cost, these operators asked a very reasonable question: How can we make this cheaper and more flexible?

Their answer: Make it possible to mix and match network components from different companies, with the goal of fostering more competition and driving down prices. At the same time, they sparked a schism within the industry over how wireless networks should be built. Their opponents—and sometimes begrudging partners—are the handful of telecom-equipment vendors capable of providing the hardware the network operators have been buying and deploying for years.

Keep Reading ↓ Show less