Who will Flame burn?

 
It’s a scenario familiar from thousands of science fiction movies: a glitch in a highly destructive secret weapon causes it to turn on its creators and destroy them.  This is what came to mind when I heard about the “flame” cyber weapon which was recently discovered on computers throughout the Middle East, particularly in Iran.  According to a wired.com report, The Flame virus is twenty times more complex than the Stuxnet virus , which struck Iran’ s nuclear facilities in 2007.  Flame can take screenshots, and capture messages sent over an infected network, and even use the computer’s microphone to record conversations.
 
The experts believe that this level of complexity indicates that Flame was created by a government rather than an individual criminal or group of hacktivists.  Commentators quoted in the Telegraph have suggested that Israel, China, or the United States may be responsible.  Israel and United States were widely suspected of creating the Stuxnet virus, and Iran claims that it has noted significant similarities between Flame and Stuxnet, although the western cyber security firms investigating Flame disagree.
 
On the face of it, Flame seems like a remarkably clever espionage tool.  It can be targeted at specific machines and communicate remotely with its operator.  Furthermore, Kaspersky Lab, the security firm which uncovered the virus, says that the cyber weapon was active on computers throughout the Middle East for five years before it was uncovered. Also, there is something very attractive about the idea of cyber espionage; it seems like a clean, bloodless, intellectual game.
 
However, if this cyber weapon were to fall into the wrong hands and cleverness can make it extremely dangerous.  Of course, I am sure that Iran and the other Middle East nations affected by the virus consider that it is in the wrong and hands already,  but from a U.S. National Security standpoint, it is troubling to realize that any country in which systems or infected with the virus could isolate and then reverse engineer this sophisticated spying tool.  In a report published by the Mehr News Agency Tuesday afternoon, Iran claimed to have a tool which could isolate and remove the virus from machines networks.  At the same time, said the security companies around the globe will be studying and reconstructing the virus just as they did successfully with Stuxnet.  When I googled “Stuxnet code” this morning, seven websites on the first page of resolve offered the Stuxnet code for free.  I do not know of any of the sites offered the real code, but this in the most and the difficulty of keeping anything secret, especially given the sharing ethos that pervades the technology community.  Whenever nation organization is responsible for the Flame virus, they won’t be able to keep it under wraps.
 
I am not saying that the code for Flame will be trending on twitter tomorrow- Kaspersky Lab says it could take 10 years to unravel the code-but I am certain that it will eventually be available to anyone with the skills to use it.  Flame appears to be primarily a piece of information gathering software rather than a sabotage program, but some sources and Iran’s say that information was wiped from infected computers.  In any case, a piece of software that only records information could do plenty of damage in sensitive areas.
 
Leaving aside the question of espionage of foreign governments on the malice of terrorist organizations, imagine what an identity thief could do with a piece of software that records every keystroke you type in copies of the e-mail you send; imagine what a voyeur could do with the virus that can record, stationed using your computer’s own microphone.  I find that concept very disturbing. I think that in some ways, cyber weapons are like the atomic bomb.  There are developed and used in situations that may seem like a lesser evil, but they are dangerous and destructive, and once the knowledge of how to produce them is out there, it’s impossible to keep it secret or unlearn it.  As has been seen in the controversy over nuclear weapons in Iran, the knowledge and materials to build this weapon can so easily fall into the hands  of the builders’ of enemies.
 
The United States is known for more than five years that their doubts in the security protecting not only its intelligence secrets, but the integrity of its infrastructure.  I hope that if the United States did  create the flame  virus, someone knows how  to turn it off.