Cyber Intrigue: The Flame Malware International Politics

This blog post is created by Chris Bronk, a Fellow in Information Technology Policy at the Baker Institute for Public Policy, Rice University.

First there was Stuxnet, a piece of computer code that is widely believed to have been specifically designed to instruct computers in the Iranian nuclear enrichment program to damage centrifuges necessary to produce fissile material and identified in 2010. Next, in 2011, came Duqu, a computer worm which appears to hold the capacity to remove and delete data from infected computer hosts. Now, the computer security community has its latest item of study, Flame, yet another piece of software designed to purloin data, perhaps including via the clandestine operation of onboard web cams found in many of the world’s personal computers.

Over the coming days and weeks, security experts will deconstruct Flame and explain what it can and can’t do. This work ongoing, it is also important to consider the politics of Flame, as they matter as much if not more. I suggest considering seven interrelated points on Flame that stretch from its discovery to the blitz of awareness regarding its existence.

1. News reports identify instances of Flame on computers in the Middle East, from Iran to the Palestinian Occupied Territories. Flame was quite possibly the malware detected in the Iranian petroleum refining and export complex at Kharg Island.

2. According to some reports, the Iranians brought Flame to the International Telecommunications Union (ITU), a body of the United Nations concerned with international telecom regulations issues, but interested in a broader role in Internet governance.

3. ITU officials tapped Kaspersky Lab, a Russian security company, to study Flame. The ITU could have shared Flame’s code with multiple security firms, the international Computer Emergency Response Team (CERT) community, or academic research institutions that study malware code and produce formal reports and proceedings on their analysis, but chose instead to use Kaspersky.

4. Kaspersky, based in Moscow, put out an FAQ on its findings on its website, not a full malware analysis report. While the FAQ is informative, it does not methodically walk through Flame’s software code and explain what subcomponents of the software do. Security researchers aren’t given the ability to see the proof of their work.

5. The Laboratory of Cryptography and Systems Security (CrySyS Lab) at the Budapest University of Technology and Economics did conduct a thorough analysis of sKyWIper, which Kaspersky later announced was an exact match to Flame and also the software identified as Flamer by the Iranian national CERT.

6. Now the politics. Once the Kaspersky press machine kicked on, the Iranians were quick to castigate Israel as Flame’s source. Arguments are now circulating on the Web that Flame’s code was written during the Jerusalem time working hours and not written on days of the Jewish Sabbath. Anyone who has developed software knows that working hours usually translate to whenever the coders feel like working, and often over very long stretches of time. This seems to be a stretch.

7. Now the ITU is about to issue its first ever cyber warning. This is advance of the organization’s major World Conference on International Communications which will take place in Dubai in December. The Dubai conference will detail how the ITU intends to expand its role in international Internet governance, a job currently undertaken by the International Corporation for Assigned Names and Numbers (ICANN) of Marina del Rey, California, a private, non-profit corporation.

All of this adds up to a story that is much more about international politics surrounding a piece of malware than the malware itself. Thanks to Stuxnet, the Internet Freedom agenda, and the Arab Spring, cyberspace is now political space and matters a great deal in international relations.

About Chris Bronk

Chris Bronk is a Fellow in Information Technology Policy at the Baker Institute for Public Policy, Rice University. He previously served as a career diplomat with the U.S. Department of State on assignments both overseas and in Washington, D.C. His last assignment was in the Office of eDiplomacy, the department’s internal think tank on information technology, knowledge management, computer security and interagency collaboration. Since arriving at Rice, Bronk has divided his attention among a number of areas, including information security, technology for immigration management, broadband policy, Web 2.0 governance and the militarization of cyberspace. He teaches on the intersection of computing and politics in Rice’s George R. Brown School of Engineering. Holding a PhD from The Maxwell School of Syracuse University, Bronk also studied international relations at Oxford University and received a Bachelor’s degree from the University of Wisconsin-Madison.

This entry was posted in Blog, News. Bookmark the permalink.

Comments are closed.