Srs cyber bsns. (Photo: Wikimedia)

With cyber attacks whistling by at an ever-increasing clip, it's not surprising that the Obama administration is hard at work nailing down how to respond. The policies will remain hush-hush once they're finalized, but the New York Times (which previously connected the president to the deployment of Stuxnet) has one juicy tidbit: A classified legal review has found that the president has "broad power to order a pre-emptive strike if the United States detects credible evidence of a major digital attack looming from abroad."

That'll sound familiar to anyone who hasn't entirely repressed the memory of the Bush administration! (Mr. President, a very agitated Colin Powell is on line two. Something about enriched uranium and the U.N.?)

Now, this does not mean that President Obama will be launching the cyber nukes to prevent "routine" attacks, like when some hacktivists wants to DDOS your online banking provider. That's the province of Homeland Security and the F.B.I., because your inability to check your balance? Not actually an imminent national security threat.

But when someone launches an infrastructure-crippling attack on the power grid, for example (it's always the power grid!), it becomes a military concern. In that instance, the president has the authority to act preemptively should he see fit.

However, as rationales go, it's not totally airtight:

Pre-emption in the context of cyberwar raises a potentially bigger quandary, because a country hit by a pre-emptive cyberstrike could easily claim that it was innocent, undermining the justification for the attack. “It would be very hard to provide evidence to the world that you hit some deadly dangerous computer code,” one senior official said.

Glad to know diplomacy in the age of cyberwar hasn't changed that much: It's still mostly just throwing up one's hands and shouting "wasn't me!"

Mr. Dotcom.(commons.wikimedia.org/
Andreas_Bohnenstengel)

Kim Dotcom's new service, Mega, will offer users a whopping 50GB of free storage. [TNW]

Welcome to the age of the cyber arms race, folks. An Air Force official recently informed reporters that, having been caught unprepared by Stuxnet, Iran has beefed up its cyber arsenal and will soon be a "force to be reckoned with." [Reuters]

You can now turn your Facebook data into a 3D-printed tchotchke. [Wired]

Hey iPhone users: You can make voice calls from within your Facebook Messenger app. Provided, of course, you actually use Facebook Messenger, as opposed to communicating wholly through Snapchats. [New York Times]

It seems that for all the talk of sharp-elbowed recruiting techniques in the tech world, a couple of companies--including Apple and Google--once had a gentlemen's agreement not to poach. That's now coming back to potentially bite them in the butt, in the form of a possible class-action lawsuit. [Reuters]

Stuxnet's command and control. (Krebs On Security)

In Stephen King's apocalyptic horror novel The Stand, a government-created virus escapes into the wild and kills most of the people on Earth. About two years ago, a similar scenario almost came true--but, fortunately for living creatures the bug was the U.S.-and-Israeli-made Stuxnet malware. The unintended victim was Chevron's computer network.

Stuxnet was the highly sophisticated worm that successfully infiltrated Iran's nuclear enrichment plants in 2010. According to The Wall Street Journal, Stuxnet wasted no time infecting friends as well as foes:

Chevron found Stuxnet in its systems after the malware was first reported in July 2010, said Mark Koelmel, general manager of the earth sciences department at Chevron. “I don’t think the U.S. government even realized how far it had spread,” he told CIO Journal. “I think the downside of what they did is going to be far worse than what they actually accomplished,” he said.

As the WSJ’s Rachael King notes, Chevron's Stuxnet infection was apparently unintentional, "much like an experimental virus escaping from a medical lab."

It might be premature to say Stuxnet was the cyberweapon equivalent of Stephen King’s fictional Captain Trips virus, since it seems Chevron wasn’t too badly damaged by the infection. But we wouldn't be surprised if someone were already using that code name for something still in development.

Mr. Kaspersky not looking supervillain-like at all. (Photo: flickr.com/cebitaus)

Inspired by the behaviors of sophisticated malware such as Stuxnet, Flame, Duqu and Gauss, Russian billionaire and possible real-life Batman Eugene Kaspersky announced today that his Kaspersky Lab is developing a new operating system.

Mr. Kaspersky's announcement wasn't heavy on details about the OS, but security was obviously priority one. Acknowledging that Microsoft, Apple and the open source communities haven't been able to create truly secure controls, Mr. Kaspersky basically said the problem with the previous systems was their universality:

First: our system is highly tailored, developed for solving a specific narrow task, and not intended for playing Half-Life on, editing your vacation videos, or blathering on social media. Second: we’re working on methods of writing software which by design won’t be able to carry out any behind-the-scenes, undeclared activity. This is the important bit: the impossibility of executing third-party code, or of breaking into the system or running unauthorized applications on our OS; and this is both provable and testable.

Mr. Kaspersky linked to "Securing Critical Information Infrastructure: Trusted Computing Base" to help answer questions regarding the new OS. It's essentially a paper that dissects the way industrial cyber-attacks work and details why they work.

The study lists the following necessary elements of a "maximally secure" computer network:

• The operating system can’t be based on existing computer code; therefore, it must be written from scratch.
• To achieve a guarantee of security it must contain no mistakes or vulnerabilities whatsoever in the kernel, which controls the rest of the modules of the system. As a result, the core must be 100% verified as not permitting vulnerabilities or dual-purpose code.
• For the same reason, the kernel needs to contain a very bare minimum of code, and that means that the maximum possible quantity of code, including drivers, needs to be controlled by the core and be executed with low-level access rights.
• In such an environment there needs to be a powerful and reliable system of protection that supports different models of security.

With these features in mind, Kaspersky Lab states that its new system's central feature will be a "categorical impossibility" of running any background programs, giving engineers total control and management of the system.

Cyber-warfare being what it is today, it's safe to say the malware makers who inspired Mr. Kaspersky's Lab to develop this new system are likely already working on new exploits with it in mind.

Countries where MiniFlame and Flame have been found. (Kaspersky Lab)

Researchers at Kaspersky Lab have been patiently picking apart the ingenious malware packages that romped through computer networks in the Middle East, sucking up data and destroying Iranian nuclear centrifuges and it seems Kaspersky finds a new addition to the allegedly U.S. and Israeli-sponsored family of cyber-weapons every other month. Monday they announced the discovery of the Flame malware's baby cousin, MiniFlame.

Kaspersky's bug hunters found that MiniFlame's association with Flame and related infections was Transformers-like in nature:

In early July 2012, we discovered a smaller Flame module, which appeared to be able to work by itself. The module had many similarities with Flame, so we thought it might simply be an earlier version. In the months that followed, we not only studied the connection of this malware with Flame, but also came across examples of this module being used concurrently with Gauss and being controlled by the Gauss main module.

Researchers found that MiniFlame was something of a ninja assassin compared to the other programs. Whereas Flame, Duqu and Gauss had large missions to infiltrate multiple computers in countries like Iran, Syria and Lebanon, MiniFlame targeted just a few select victims in what Kaspersky calls "highly targeted attacks." Kaspersky reported that MiniFlame, while rare compared to the more well-known malware packages, was more likely to show up in a variety of countries, including a computer located at the Francois Rabelais University in Tours, France.

Wired also noted that Kaspersky determined that one machine in Lebanon is the lucky recipient of every nasty cyber weapon in the family:

[There] is one machine in Lebanon – what [senior Kaspersky researcher Roel] Schouwenberg calls "the mother of all infections" – which has Flame, Gauss, and miniFlame/SPE on it. "It is like everybody wanted to infect that specific victim in Lebanon for some reason," he says.

Kaspersky knows there are two more malware packages still in the wild, currently code-named only SP and IP. They may function much like the previously known malicious programs, churning through the guts of target computers for sensitive data to send home to their controllers before they execute the final trick in their arsenal, deleting themselves and vanishing from the infected system as if they'd never been there at all, like ghosts. Or ninjas.

Stuxnet, the first shot across the bow. (Krebs On Security)

Cyber attackers who went after Chase and Bank of America with Directed Denial of Service (DDoS) attacks on the banks' websites may have been working for Iran.

A report from the Washington Post cites several officials who have made this claim, including Senator Joseph Lieberman, the chair of the Homeland Security and Governmental Affairs Committee.

The Post reports that in an interview with C-SPAN, Sen. Lieberman disputed the idea the attackers were independent hacktivists outraged by a controversial anti-Muslim film:

"I don’t believe these were just hackers who were skilled enough to cause disruption of the Web sites," said Lieberman in an interview taped for C-SPAN's "Newsmakers" program. "I think this was done by Iran and the Quds Force, which has its own developing cyberattack capability." The Quds Force is a special unit of Iran's Revolutionary Guard Corps, a branch of the military.

Lieberman said he believed the efforts were in response to "the increasingly strong economic sanctions that the United States and our European allies have put on Iranian financial institutions."

The Post also reported that there have been similar attacks against American telecoms such as AT&T and Level 3.

What wasn't clear from Sen. Lieberman's remarks or the Post's report was whether the "Cyber fighters of Izz ad-din Al qassam," who claimed credit for the attacks and dubbed them "Operation Ababil" were opportunistic trolls or misdirection by Iranian cyber forces.

If officials and cyber-security experts quoted by the Post are correct, it is likely Iran intended the bank attacks as a response to U.S. actions such as the infiltration of the Stuxnet worm, which disrupted Iranian nuclear operations in 2010. Stuxnet targeted uranium enrichment centrifuges and caused them to spin wildly out of control.

The most recent Pastebin post from the Cyber fighters of Izz ad-din Al qassam claimed the attack on Chase's web properties was step two. They seemed to imply there were several more steps to go.

This guy could also be a government agent. (Image Devdsp on Flickr

Humanity's fear of "war without end" has yet to be completely fulfilled in the analog world, but state-sponsored cyber warfare has been afoot for years and is only getting worse. That's one takeaway from cyber security expert Pete Warren's report in The Guardian on government-created malware.

Mr. Warren consulted a number of anonymous security experts with military ties to get a sense of how long major governments have been developing nefarious software packages like Flame, Duqu and Stuxnet. Some systems, writes Mr. Warren, "have been under development since at least 1996."  Moreover, the United States and its allies aren't the only nations with skin in the malware game:

"There are a lot of countries that now have these systems. Every Middle Eastern country and all the states now known as the 'Stans' [Pakistan and the former satellite states of the Soviet Union] have them", said another expert with close links to the UK intelligence agencies and who is actively engaged in combating the software.

An unnamed ex-military man in London went further, telling Mr. Warren that "Every nation now has an armory; whether well-stocked or not depends on their resources."

Like guerrilla soldiers adopting military tactics to cause destruction and mayhem, government-made software like the Flame worm has inspired copycats. The mid-August Shamoon attack, for example, targeted a Saudi-owned oil company and knocked up to 75 percent of that company's workstations offline. Shamoon resembled Flame, but a hacker group calling itself The Cutting Sword of Justice claimed credit for Shamoon. They say they are an "anti-oppression hacker group" and are "fed up of (sic) crimes and atrocities taking place in various countries around the world."

Ours is a brave new world, with lots of scary new creeping software in it.

THUNDA STRUCK!

Looks like the Iranian nuclear facility at Natanz is, at the very least, 0 for 2 against cyber attacks. First came Stuxnet, which wreaked havoc with the equipment used to purify uranium. And now--at least, if a recent report (via VentureBeat) is true--they are dealing with a malware infestation involving sudden, late-night AC/DC.

F-Secure chief research officer Mikko Hypponen received the following email from someone who claimed to be an Iranian nuclear scientist: 

I am writing you to inform you that our nuclear program has once again been compromised and attacked by a new worm with exploits which have shut down our automation network at Natanz and another facility Fordo near Qom.

According to the email our cyber experts sent to our teams, they believe a hacker tool Metasploit was used. The hackers had access to our VPN. The automation network and Siemens hardware were attacked and shut down. I only know very little about these cyber issues as I am scientist not a computer expert.

There was also some music playing randomly on several of the workstations during the middle of the night with the volume maxed out. I believe it was playing 'Thunderstruck' by AC/DC.

Hypponen was unable to confirm the story--but he was able to confirm the email came from the Atomic Energy Organization of Iran.

Memo to the American cyberweapons program: We're not saying this was you guys, but if it was, you might want to opt for a less obvious calling card in the future.

Let slip the dogs of cyber war. (flickr.com/anhonorablegerman)

Remember last summer, when all anyone could talk about was hacktivists? For a while there, we were living in a William Gibson novel, with hackers wreaking havoc and corporate types running scared. Well, so far, this June is shaping up a little differently, with a wave of state-sponsored attacks straight out of a spy novel.

Much as we love lone teenaged lone wolves typing away in their moms' basements, it's clear they're just the loudest and proudest of hackers. Just because the spies don't have official Twitter accounts and release YouTube videos doesn't mean they're not there, though. The latest two instances come courtesy of Fast Company, which points out that dissidents are increasingly a target of state-sponsored hacks.

For example: Tibetan activists recently received a phishing email, disguised as an official communique regarding a recent European resolution, which takes root in their computers and calls up a server in Hong Kong. Meanwhile, members of the Syrian opposition are being targeted with malware, distributed via Skype, that installs spying software.

Google has even started warning Gmail users when they've been targets of an attempted state-sponsored cyber attack.

This is different from just a couple of months ago, when Stuxnet and Flame looked conveniently aligned with the strategic goals of the U.S. and Israel, but mum was the word as to where the infections came from. Now, thanks to exposes in the New York Times and the Washington Post respectively, we've good as got confirmation they were programs developed by the two nations working in concert to slow Iran's nuclear weapons program.

Nor is the cyber tussle between the U.S. and Iran is over. Just today, an Iranian news agency (described by the AP as "semiofficial") claimed to have fought off another "massive" cyber attack. The expression "can of worms" comes to mind.

LulzSec, we have to say, was a lot more entertaining.

Starting to look a little annoyed. (Photo: flickr.com/anhonorablegerman)

We already suspected this to be the case, and now the Washington Post has confirmation from unnamed officials that yes, the U.S. was behind the Flame virus infecting computers across the Middle East, as part of a campaign to slow the development of Iran's nuclear weapons program. In other news, America's cyber weapons program apparently has more leaks than a watering can.

The Post reports:

The massive piece of malware was designed to secretly map Iran’s computer networks and monitor the computers of Iranian officials, sending back a steady stream of intelligence used to enable an ongoing cyberwarfare campaign, according to the officials.

According to the Post's sources, the NSA, CIA, and Israeli military were all involved.

If Flame starts your conspiracy engines, it's worth noting that cyber-spying has only gotten more sophisticated since the virus was created five years ago. As one "former high-ranking U.S. intelligence official" told the paper, “Cyber collection against the Iranian program is way further down the road than this.” So stay tuned.

Meanwhile, back on American soil, the NSA has no intention of admitting whether it's spied on you.