malicious software

Those Israelis are cunning

The Telegraph

It seems the Israelis have done even better than they did with their Stuxnet virus:

The world’s most complex computer virus, possessing a range of complex espionage capabilities, including the ability to secretly record conversations, has been exposed.

Middle Eastern states were targeted and Iran ordered an emergency review of official computer installations after the discovery of a new virus, known as Flame.

Experts said the massive malicious software was 20 times more powerful than other known cyber warfare programmes including the Stuxnet virus and could only have been created by a state.

It is the third cyber attack weapon targeting systems in the Middle East to be exposed in recent years.

Iran has alleged that the West and Israel are orchestrating a secret war of sabotage using cyber warfare and targeted assassinations of its scientists as part of the dispute over its nuclear programme.

Stuxnet attacked Iran’s nuclear programme in 2010, while a related programme, Duqu, named after the Star Wars villain, stole data.

Flame can gather data files, remotely change settings on computers, turn on computer microphones to record conversations, take screen shots and copy instant messaging chats.

The virus was discovered by a Russian security firm that specialises in targeting malicious computer code.

It made the 20 gigabyte virus available to other researchers yesterday claiming it did not fully understand its scope and said its code was 100 times the size of the most malicious software.

Kaspersky Labs said the programme appeared to have been released five years ago and had infected machines in Iran, Israel, Sudan, Syria, Lebanon, Saudi Arabia and Egypt.

“If Flame went on undiscovered for five years, the only logical conclusion is that there are other operations ongoing that we don’t know about,” Roel Schouwenberg, a Kaspersky security senior researcher, said.

Cyber-security – Left vs. Correct Thinking

Cyber-SecurityI rate Clare Curran as one of Labour’s most dangerous. Not because she is smart, because she isn’t, but because she can write.

A couple of days ago I read her post at Red Alert on cyber-security. As is usual with Clare she was attempting to “own the language” and “fly flags”. As is usual for her she is busy nicking other peoples ideas and trying to claim them for Labour and for herself.

Nevertheless her post does have some good talking points.

On Wednesday night TVNZ7 ran a live debate on privacy and security issues on the internet. It covered a lot of ground and if you’re interested in the whole debate watch the clip here.

I was in the audience and got to ask the panel a question about NZ’s cyber security – threats such as computer viruses, worms, Trojans and malware (malicious software). Unfortunately there wasn’t much time for discussion, but it’s already generating some debate within the internet community and no doubt the public sector.

Globally, many governments take active cyber-defence roles through CERTs (Computer Emergency Response Teams), but New Zealand remains one of the few countries that lacks a national CERT.

Nice, Clare, presumably you were also at The ORB launch just the week before if you were truly interested in cyber-security. I mention The ORB, because contrary to Clare’s assertions it seems the government, albeit through its minor party partner is addressing this issue. Clare Curran is merely scurrying along as a fast follower and trying to make Labour appear “with-it”

It’s good though that someone is Labour is ow doing some thinking, but one wonders what they hell they did for the last 10 years, when they were in a position to influence this. Asking a question of Steven Joyce is definitely once over lightly stuff.

Meanwhile it shows that Heather Roy has put quite a substantial amount of thinking into addressing the issue of cyber-security and the protection of New Zealand’s electronic assets from attack from abroad.

In the year 2035, most readers will be well beyond ‘taking to the hills with a .22 rifle’ to defend New Zealand against invaders. Our children and grandchildren, however, will not.

What will warfare look like then? Is it believable that the keyboard will replace the AK47 as the most prolific weapon in the world? Will asymmetric warfare – involving proxies, non-state actors and new technologies – become the new norm, as the world’s major research institutes predict?

This series of Heather Roy’ Diary, titled ‘Keeping Future Kiwis Safe’, is not intended to pre-suppose anything that may be in the Government’s Defence White Paper. It is my update, based on world trends, of how ACT’s policy sits against the facts as they stand.

Some of you will have read ACT’s 2008 election manifesto on international relations and national security (http://roy.org.nz/Files/ACT_IRNS.pdf). Rather than turn this Diary into a tome, I’m going to keep it brief here but, if you’re stimulated or baffled by the context of anything written here, I commend you to read our policy document. You’ll see that it’s all consistent.

She rightly describes the threats as warfare. You would be much mistaken in thinking that China and many muslim nations do not already have a cyber-warfare capability. As the Wikileaks controversy has shown, even the West’s own cyber-networks need  serious work. With increasing connectivity with hardware (guns, bombs, missiles, vehicles, UAV’s) with people there is increased risk of disablement of war-fighting capability. Take out the network, take out the enemy.

Ungoverned spaces are a major issue for security planners around the world. These include a lack of effective Government. Examples of this include Somali piracy; pressure on existing treaties and agreements – such as water rights sharing and non-exploitation of mineral resources in Antarctica – and the absence of any generally agreed historical governance such as space and cyberspace.

Cyberspace refers to the entire electro-magnetic spectrum. Cyber-battle and cyber-warfare are subset terms that deal with the security aspects of this space. It is one of several physical and transient ‘ungoverned spaces’ where there is no discernable or effective governance. These are ‘spaces’ where terrorists, criminals and the disaffected gather and can operate with impunity. In cyber-war targets can range from internet, phone and media to power grids and more. It is an area where we are vulnerable. It is also an area where New Zealand can be a world leader.

Current approaches to international security can be likened to a ‘broken windows’ policy. This works fine for policing but, when someone takes down our national power grid or stock exchange from a cyber cafe overseas, who ‘kicks in the door’ and who arrests them – even if you know who ‘them’ is?

In tactical terms, cyberspace is a manoeuvre corridor. Strategically, for a nation with such dated infrastructure as ours, it represents an ‘Achilles Heel’ that could set back our recovery from the global economic recession for a very long time.

“Private” Roy has been learning quickly. She however, briefly, touches on an important area of growth that is begging for exploitation by smart Kiwis. Not just in cyber-warfare but in innovative deployment of technology to solve common military problems for countries that sit far below the technological war-fighting ability of the US, Britain or China.

In a number of areas we could build a military Industrial complex in order to export expertise and products, designed and developed here. military equipment and solutions are one of the few remaining areas where governments are prepared to pay a premium and by catering to that we could easily generate a huge amount of GDP.

One area I can see for immediate application is Search and Surveillance capability using UAVs. Right now we use antiquated, albeit, upgraded capabilities of Orion P3 aircraft. But they still require bums on seats in aircraft and eyes on binoculars. It costs a vast amount of cold hard cash to have this capability ready and waiting but even more to deploy it.

Predator and hellfire missileBy utilising a UAV platform, we could actually have more coverage, with better equipment and our people actually never leave the shore. We could monitor fishing fleets, Southern Ocean whaling and other maritime patrol tasks, all from a central location where the “pilots” and crew never leave the ground. Even better we cold have them armed if necessary to provide far more effective hitting power than our current air “force” resources contain. The technology exists, it just hasn’t yet been developed around those strategies. This is but one example where New Zealand can really contribute and really cash in.

The important thing here, though, is not to fall into the trap of playing with the big boys. Big Boys toys have a habit of having big boys price tags, just look at the debacle that we still suffer over the NZLAV. Of course we would need to co-operate with other nations, and one such nation with technical skills we could really use is Israel. Unfortunately Helen Clark in a fit of pique and antisemitism passed a law preventing such information transfer or even physical supply of equipment. Right now our troops are going into harm’s way without the protective equipment they would really like because of this silly law. I think it is high time we were a bit more grown up, remove that law and start to build New Zealand’s capability in the military industrial complex, through the sharing of ideas and technology with friendly nations out there.

It will sure as hell build more GDP than a cycleway ever will. One of the first steps I would suggest would be the creation of a New Zealand Cyber-Defence Bureau, similar to the Australian capability, but also drawing on the capabilities that Israel has.