State Funded Cyber Weapons: Why Do They Pose Threat?

Men have come together to form groups, towns, cities, and nations to establish their supremacy in different ways. Supremacy, as many would agree, does not come without the call for power. It has been the same for ages. Since then sticks, swords, bullets, arrows, and missiles have been our ways of power.

Warfare weapons change inevitably, but there was no time in history like the present when battles are raged in closed rooms over computers. In this modern warfare, there are no raging armies, no blood is spilled, and no life-defying heroics are displayed, still, it hits deep into the enemy territory.

Imagine the damage that a teenager can cause by taking control of the utility systems of a country. Now magnify his reach in a state-funded malware project with hundreds of trained hacking experts working on a single goal in a world where nations are dependent on machine processing.

Roel Schouwenberg, a senior researcher for Kaspersky Lab, believes that hacking is the most insidious human tactic to make others miserable, yet not many realize its true potential. Right now, many countries have the power to cripple infrastructure, poison water supplies, and crash stock markets almost anywhere in the world.

In the retrospect, it was probably impossible to imagine such sophistication and unprecedented thinking in hacking systems, until the discovery of Stuxnet back in mid-2010. Who could have thought of a 500kb worm that could replicate itself and compromise logic controllers? It was a masterful coding genesis that could not have been thought of by a single mind.

Many wondered who could have funded such a project. The answer lied in its pattern. Stuxnet mysteriously hit 14 Iranian industrial sites directly associated with uranium enrichment. What was the need for such a breach? The United States and Israel are largely believed to have planned and funded the attacks, which was later verified by Wikileaks.

However, the most disturbing fact was that Stuxnet was in effect for over three years, before it was detected. Surprisingly, its predecessor ‘Flame’, which was 40 times the size of Stuxnet, remained completely undetected till Stuxnet was reverse-engineered. It was collecting personal details, passwords, and all other kinds of sensitive information from Windows-based systems all across the world.

Doesn’t it prompt us to rethink what we know about computers? When nations are funding such sophisticated programs, what are our risks?

Flame might not be the most destructive force around the internet; its stealth was definitely scary. The traces of this malicious virus dates back to years before Stuxnet was discovered. Initially, it was believed that Flame and Stuxnet were independently operated, but when Kaspersky tricked Flame into contacting their servers (through a technique called sinkhole), amazing things were revealed. It was developed to spy on people and relay information in chunks over the internet. Surprisingly, this malware had the potential to share data over Bluetooth, without any consent. In fact, it could even transit information on Bluetooth over a distance of 2 kilometers using a directional antenna link. It has affected many countries including Iran, Israel, Syria, Sudan, Lebanon, Egypt, and Saudi Arabia.

Stuxnet came a few years later to Flame. It was primarily designed for destruction. The worm sought out Siemens Step7 software in Windows-based systems to compromise on programmable logic controllers in industrial units to help countries spy on nuclear sites. With certain changes, Stuxnet also provided controls to authors to tear centrifuges, without letting operators know about it. It is believed that if Stuxnet had gone undetected, it would have caused a lot of damage to Iranian nuclear sites. The beauty of this worm lied in the fact that it could infect machines dodging almost every security parameter and spread over local networks with ease.

And now, a lot of security experts including Symantec have talked about Regin. It is believed to be developed along the lines of Stuxnet, yet the origins are unknown.  Many security analysts term it as one of the most complex pieces of malware technology.

The sophistication of its construction aimed at long-term surveillance makes clear indications of the fact that it has been developed on country funds. Its customizable form makes Regin even more complex and necessary to deal with. However, there were not the only risks that countries have faced. Across the timeline, there has been some other interesting malware including Duqu, Gauss, and Wiper that have repeatedly called for security mechanisms strong enough to withhold such attacks. Who knows if your system is still relaying information while playing around with the rules of the antivirus system?

It’s true that crafting something like Stuxnet requires unmeasured brilliance, planning, and money, but the repercussions many. Any average hacker can take parts of these viruses and create something customized to target your network.

Indusface Security team believes that continuous malware monitoring is the only way to look for malicious threats. It periodically scans for threats and keeps you in the know of things before things go out of hand.