Stuxnet-Flame Connection Highlights the Rise of State-Sanctioned Cyberweaponry

Researchers at the Kaspersky Lab in Russia are reporting that the destructive malware known as Flame, a bug that has been infecting computers in Iran and elsewhere, is now being tied to the other superbug dubbed Stuxnet, the computer bug suspected of targeting Iranian nuclear power infrastructure. Wired explains the recent discovery “that the main module in Flame contains code that is nearly identical to a module that was used in an early version of Stuxnet.”

In ongoing political struggles, the use of cyberwarfare is becoming increasingly prominent and complexly utilized—Stuxnet and Flame being prime examples of this new tactic in international espionage and attack. The fact that these two are reported as related to each other further details the latent power of cyberweaponry.

Stuxnet was first detected in 2010 as a piece of code that utilized multiple ‘zero-day’ exploits: functions that “exploit vulnerabilities in software that are yet unknown to the software maker or antivirus vendors.” While these exploits are exceedingly rare to find, Stuxnet was exceptional since it was found to have at least four zero-day exploits hidden in its programming.

Most intriguing about Stuxnet, however, is its purpose and use as a piece of malware. While many superbugs are used to merely destroy everything in sight or for espionage purposes, Wired explains that Stuxnet was found to have one function in mind:

Embedded in Stuxnet’s code was a dossier detailing the specific technical configuration of the facility it sought. Any system that didn’t match precisely this configuration would go unharmed: Stuxnet would shut itself down and move on to the next system until it found its victim. It was clear to Langner that Stuxnet was the product of a well-resourced government with precise inside knowledge of the target it was seeking.

A report by the Institute for Science and International Security connected Stuxnet specifically to an Iranian nuclear enrichment site by linking specifications within the code that “exactly match several frequencies at which rotors in centrifuges at Iran’s Natanz enrichment plant are designed to operate optimally.” The connection was further substantiated by a WikiLeaks note that claimed “a serious accident at Natanz” occurred around the same timeframe that the Stuxnet bug was deployed. Other reports on Stuxnet and Flame purport them being released as early as 2010, with initial tests as early as 2008.

Earlier this month, the New York Times reported that President Obama ordered these cyberattacks following similar prior tactics utilized by the Bush regime. Further, the Times divulged that Stuxnet was created through a US-Israeli collaboration. While not completely unheard of, these approaches are new territory for the US, as the New York Times explains:

It appears to be the first time the United States has repeatedly used cyberweapons to cripple another country’s infrastructure, achieving, with computer code, what until then could be accomplished only by bombing a country or sending in agents to plant explosives.

Flame, rather than being employed for physical destruction, is instead a program intended solely for espionage. According to an earlier report by Wired, it is “designed primarily to spy on the users of infected computers and steal data from them, including documents, recorded conversations and keystrokes. It also opens a backdoor to infected systems to allow the attackers to tweak the toolkit and add new functionality.” While initial reports were not aware of the connection between Flame and Stuxnet, an early analysis of Flame by the Kaspersky Lab explains that the design and utility of the malware leads the antivirus lab to believe it was created by a nation-state, and not cybercriminals or hacktivists.

With this latest development both the potential and the actualities of state-sanctioned cyberattacks become accentuated. While more accounts of cybertechniques are surfacing, there is also a concurrent wariness to embrace these new technologies fully. As the Times explains, “Mr. Obama has repeatedly told his aides that there are risks to using—and particularly to overusing—the weapon. In fact, no country’s infrastructure is more dependent on computer systems, and thus more vulnerable to attack, than that of the United States.”