Skip to main content

Could malware be used to predict the world's conflicts?

In terms of usefulness, we typically think of malware as somewhere between a volcano eruption and the ebola virus. But researchers from security firm FireEye have developed a technique by which the spread of malware could predict upcoming world conflicts.

According to researchers who monitored millions of malware messages sent over the past 18 months, the amount of communications sent by malware programs spiked dramatically in the lead-up to the conflict between Russia and Ukraine over the future of Crimea. A similar spike was seen in malware attacking Israel in the days before its recent hostilities with Hamas in Gaza.

The FireEye study drew on data collected from more than 5,000 corporate and government clients around the world. The software used by the researchers captures so-called "callback" messages that malware sends once it's ensconced inside a network — these messages, in which the malware "phones home" are usually either reporting its status to its controllers or picking up new commands. FireEye used those messages to determine the location of the computer controlling the malware.

Even though malware writers often disguise their location by routing callback messages through different locations, this isn't always the case – so over large enough data sets, accurate patterns emerge.

One of the more interesting findings of the study was that much of the Israeli malware that phoned home was installed on computers in the United States and Canada.

"You have an indication that maybe Israeli national security organizations are leveraging infrastructure in Canada and the US," said Kenneth Geers, who worked on the project.

"In the run-up to the Crimea crisis, you saw a rise of malware callbacks in both Russia and Ukraine."

Many countries are now using malware to both gather intelligence and actively attack targets in hostile countries.

"If the U.S., or Korea, or Japan was about to go to war, you would see a bump in callbacks—it's just part and parcel of today's national security undertakings," Geers said.

"We can see the digital equivalent of troops on the border," Kevin Thompson, a threat analyst for the company, told the press.

"But we'd like to look back at a whole year of data and try to correlate with all the world events in the same period."

One of Israel's major infrastructure hubs was shut down by a cyber-attack last September, according to insiders. Haifa's Carmel Tunnels were targeted by a Trojan that nearly shut down the city. In the past, the US has accused Iran of funding attacks on the American energy infrastructure, and major energy companies.