Politics and malware make strange bedfellows

Filed Under: Data loss, Law & order, Malware

Computer casualty of warThere are two stories that have been the focus of much speculation that have come to some closure today. New information confirming many peoples suspicions about Aurora and Stuxnet have been reported by Wikileaks.org and Reuters.

As has been widely reported Wikileaks began releasing over 250,000 previously secret diplomatic cables that it is assumed they received from PFC. Bradley Manning. Most of the cables are as uninteresting as reading your friends Yahoo! mail.

Wikileaks Aurora cable text

Quote from nytimes.com article on Wikileaks cables

One particular cable did shed some light on the "Operation Aurora" attacks on Google, Adobe and others last January. The New York Times reported that a "Chinese contact" told the embassy that the Politburo was behind the attacks.

OK, China did it, mystery solved, we can all go home now. This is what most of the press seems to be saying, but I am not quite so convinced. Yes it is probable that there was Chinese involvement in the Aurora incident, but I am not willing to claim that it was on order from President Hu Jintao as told by a "Chinese contact".
President Ahmadinejad
Within 24 hours of the Aurora cable becoming public, Iran and Stuxnet were back in the news. President Mahmoud Ahmadinejad denounced "enemies of Iran" for using computer code to "create problems" for their uranium enriching centrifuges. This would appear to be confirmation that Iran was in fact the target of the Stuxnet worm and the curious specificity of the malware in what it would attack and how.

Of course Mr. Ahmadinejad is pointing his finger in the direction of the United States and Israel, which up to this point there has not been much evidence to indicate this to be fact.

A separate report from Iran this morning talked of coordinated bombing attacks against two important nuclear scientists in Iran's program. Clearly there is a concerted effort to derail the Iranians, but from where anyone can guess.

What are the lessons of the day?

Firstly you should ensure that information that is valuable is protected with strong cryptography and cannot be transfered in bulk to Wikileaks (or your competitors).

Second when developing a nuclear strategy (or protecting networks that you don't want infected with malware) you should run pro-active anti-malware products which use HIPS, device control and network monitoring. Critical systems should both run anti-malware and be air-gapped from the Internet.

Hmmm. This is sounding old hat. The advice for nuclear powers, diplomats and militaries is the exact same advice as all of the rest of us should heed. This isn't about cyberwar, it's about cyber-insecurity. Nations potentially using malware to attack one another, spies, thieves and turncoats will always be used to get an advantage, and the same thing that motivates nation-states motivates criminals and competitors... Power and wealth.

Creative Commons image of a computer riddled with bullet holes courtesy of nathanrandall's Flickr photostream.

Creative Commons image of President Ahmadinejad courtesy of Wikimedia Commons.

, , , ,

You might like

One Response to Politics and malware make strange bedfellows

  1. moonson · 1400 days ago

    "The advice for nuclear powers, diplomats and militaries..."
    is JUST DON'T DO IT!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Chester Wisniewski is a Senior Security Advisor at Sophos Canada. He provides advice and insight into the latest threats for security and IT professionals with the goal of providing clear guidance on complex topics. You can follow Chester on Twitter as @chetwisniewski, on App.net as Chester, Chester Wisniewski on Google Plus or send him an email at chesterw@sophos.com.