By Mehul Shah, Chief Strategy Officer, Indusface

State Funded Cyber Weapons

Men have come together to form groups, towns, cities, and then nations to establish their supremacy in different ways. Supremacy, as many would agree, does not come without the call for power. It has been the same for ages. Since then sticks, swords, bullets, arrows, and missiles have been our ways of power.

Warfare weapons change inevitably, but there was no time in the history like present, when battles are raged in closed rooms over computers. In this modern warfare, there are no raging armies, no blood is spilled, and no life-defying heroics are displayed, still it hits deep into the enemy territory.

Imagine the damage that a teenager can cause by taking control over the utilities’ systems of a country. Now magnify his reach in a state-funded malware project with hundreds of trained hacking experts working on single goal in a world where nations are dependent on machine processing.

Roel Schouwenberg, a senior researcher for Kaspersky Lab, believes that hacking is the most insidious human tactic to make others miserable, yet not many realize its true potential. Right now, many countries have the power to cripple infrastructure, poison water supplies, and crash stock markets almost anywhere in the world.

In the retrospect, it was probably impossible to imagine of such sophistication and unprecedented thinking in hacking systems, until the discovery of Stuxnet back mid 2010. Who could have thought of 500kb worm that could replicate itself and compromise logic controllers? It was a masterful coding genesis that could not have been a thought of single mind.

State Funded Cyber Weapons

Many wondered who could have funded such a project. The answer lied in its pattern. Stuxnet mysteriously hit 14 Iranian industrial sites directly associated with uranium enrichment. What was the need for such a breach? The United States and Israel are largely believed to have planed and funded the attacks, which was later verified by Wikileaks.

However, the most disturbing fact was that Stuxnet was in effect for over three years, before it was detected. Surprisingly, its predecessor ‘Flame’, which was 40 times the size of Stuxnet, remained completely undetected till Stuxnet was reverse engineered. It was collecting personal details, passwords, and all other kinds of sensitive information from Windows-based systems all across the world.

Doesn’t it prompt us to rethink what we know about the computers? When nations are funding such sophisticated programs, what are our risks?

Flame might not be the most destructive forces around the internet; its stealth was definitely scary. The traces of this malicious virus dates back to years before Stuxnet was discovered. Initially, it was believed that Flame and Stuxnet were independently operated, but when Kaspersky tricked Flame into contacting their servers (through a technique called sinkhole), amazing things were revealed. It was developed to spy on people and relay information in chunks over the internet. Surprisingly, this malware had the potential to share data over Bluetooth, without any consent. In fact, it could even transit information on Bluetooth over a distance of 2 kilometers using directional antenna link. It has affected many countries including Iran, Israel, Syria, Sudan, Lebanon, Egypt, and Saudi Arabia.

Stuxnet came a few years later to Flame. It was primarily designed for destruction. The worm sought out Siemens Step7 software in Windows-based systems to compromise on programmable logic controllers in industrial units to help countries spy on nuclear sites. With certain changes, Stuxnet also provided controls to authors to tear centrifuges, without letting operators know about it. It is believed that if Stuxnet had gone undetected, it would have caused a lot of damage to Iranian nuclear sites. The beauty of this worm lied in the fact that it could infect machines dodging almost every security parameter and spread over local networks with ease.

And now, a lot of security experts including Symantec have talked about Regin. It is believed to be developed along the lines of Stuxnet, yet the origins are unknown.  Many security analysts term it as one the most complex piece of malware technology.

The sophistication of its construction aimed at long-term surveillance makes clear indications to the fact that it has been developed on country funds. Its customizable form makes Regin even more complex and necessary to deal with. However, there were not the only risks that countries have faced. Across the timeline, there have been some other interesting malware including Duqu, Gauss and Wiper that have repeatedly called for security mechanism strong enough to withhold such attacks. Who knows if your system is still relaying information while playing around the rules of antivirus system?

It’s true that crafting something like Stuxnet requires unmeasured brilliance, planning, and money, but the repercussions many. Any average hacker can take parts of these viruses and create something customized to target your network.

Indusface Security team believes that continuous malware monitoring is the only way to look for malicious threats. It periodically scans for threats and keeps you in the know of things before things go out of hand.

Founder & Chief Marketing Officer, Indusface

Venky has played multiple roles within Indusface for the past 6 years. Prior to this, as the CTO @indusface, Venky built the product/service offering and technology team from scratch, and grew it from ideation to getting initial customers with a proven/validated business model poised for scale. Before joining Indusface, Venky had 10+ years of experience in security industry and had held various mgmt/leadership roles in Product Development, Professional Services and Sales @Entrust.