Samsung Galaxy Note 4 design, specs and launch rumours: LIVE

Feedback

Malware goes pro with ‘Gauss’

SecurityBlog
by John C. Dvorak, 11 Aug 2012Blog

First, a published leak led us to the discovery that some U.S. government spy agency had created Stuxnet. This is essentially a malware toolkit that can be used to enter systems and then carry out rogue functions. Stuxnet was released to get into the Iranian nuclear research facilities with the sole purpose of ruining equipment. A variant called Flame may be even more sophisticated.

Now, we discover that something called Gauss is in the wild. Yesterday, we reported on this story, stating:

“Kaspersky Lab has provided details on 'Gauss', a cyber-threat targeting users in the Middle East that is intended to steal personal details, like banking information.”

“According to Kaspersky, Gauss includes characteristics not found in any previously discovered cyber weapons.”

Our article went on to say:

“Kaspersky said that Gauss is a ‘nation-state sponsored cyber-espionage toolkit,’ but did not elaborate. Recently, the Stuxnet and Flame viruses were tied to the US and Israeli governments.”

It's unclear why anyone might think this is a good idea. Unless there are tremendous safeguards, this is dangerous stuff. And if there was some sort of safeguard, I'm sure it could be easily defeated by a talented hacker.

The reason I say this is because Kaspersky Labs found this code, and once the code is brought out of the wild, it can be deconstructed and sent back into the wild targeting the sender. It's like capturing a live Tomahawk missile and reprogramming it to return home and explode.

While nobody can actually capture a live flying Tomahawk missile and do that, it's not impossible with computer code. This is more like capturing a Tomahawk, making 10,000 copies, and reprogramming them all to return home and explode. The United States will end up becoming the target of the attacks thanks to its own code.

I doubt government officials and those who put this type of malware in the field understand what a skilled hacker can do. I'm certain, though, that there are a lot of talented techies in the various intelligence agencies. So, either they weren’t consulted, or they were simply ignored since they are obnoxious and adamant about these problems. They are the ones who see the big picture and know that you cannot release this sort of code without getting injured yourself.

I've been watching a lot of various broadcasts featuring the experts who are behind these decisions. I have yet to see one who knows anything about anything on a technical level. And worse, as far as I can tell, they can barely use computers. Many are lawyers.

I expect to see a fully reverse-engineered Stuxnet toolkit, for example, available on the underground scene, to be used by anyone who can do simple coding and targeting. These may be released as spambots or pure malicious code to ruin equipment or take out a competitor.

At the end of the day, there will be a government hearing and questions will be asked as to why this code was released in the first place. There will be no good answers.

Topics
blog comments powered by Disqus