Clever security researchers have uncovered the biggest security Coup d’état on the planet.
Microsoft, the NSA, the CIA have all been colluding to create the most bloated covert piece of malware known to exist for 5 years [1] undetected. Microsoft decided somewhere along 2006 and 2007, that it was willing to throw away half of their market share (128 billion) in allowing this to occur [2].
Let us begin to analyze how this occurred. Obviously the NSA, CIA and others involved had to determine a mechanism to get the right talent hired at Microsoft. Not a big deal, the NSA has some very talented individuals.
Once hired, they had to make sure that the injected individual be placed in the EXACT department responsible for certain elements of the Windows operating system. Once that was done, the agencies had to then bypass any kind of code versioning system MS had in place that should have detected code changes.
In most software environments, that would mean quieting possibly hundreds of programmers who would have seen those changes. Because they are the NSA and CIA however, they pulled it off.
They managed to bypass Microsoft’s HR filters, bypass software developers who would have noticed changes in code, managed to get it to the market, then managed to ensure that ONLY certain countries would get the tainted OS environment.
Priceless. Reminds me of some Oceans Eleven style event.
Let us think about another method here. The CIA, NSA and Microsoft decided to pull this off. They created a completely separate operating system somewhere in the Beltway. Microsoft decided to give the agencies the specific code to make the rogue changes.
After those changes were made, Microsoft made an executive decision to allow the rogue system to be placed inside of their network and only allow a specific country to be infected by this. Surely that is how it went down. Microsoft had to make sure that all employees who noticed this anomaly would keep it a secret. Including all of their non-US citizen employees.
To do so, they offered extensions on their H1B Visas. All was kept secret for years, obviously. Pick your poison here, let me know which sounds more absurd.
When it comes to “big brother” based intervention, circumvention or any other type of scenario, I am usually all over it. I have been this way since that days of Carnivore [3], CIPAV[4], and a slew of other articles pointing out instances where big brother seemed to have their hands in the cookie jar.
Certainly I am no stranger to seeing, reading, or hearing about oddities however, this particular theory that the NSA, CIA and or some other covert agency infiltrated Microsoft to pull this off is outright laughable. I don’t even think laughable is the right term however, it just fits.
So there you have it. Had to be the NSA, CIA and other operatives quite simply because it fits. Forget the fact that someone was trying to sell a book when they reported: “Obama said, should we kill this thing” (referring to Stuxnet). We are to believe that the author had first hand knowledge and an account of what went on in a secret meeting. Don’t question this now children! Just believe! Or, we are to believe the: “I could tell you but then I would have to…” theory.
So many people are blurring the lines with technology and politics it is scary. Scary in the sense that too many assumptions are being made based on information that comes out of the sky. Anyone can create these types of malware, this is not a secret.
Many of the organized crime groups have the same capabilities as the authors of Flame and Stuxnet. In fact, many organized crime organizations have better techniques, tactics and tools than Flame. They have the money, means and motives to pull these same tactics off. In fact, they could likely pull it off more covertly.
Nevertheless, it is fun, hip and groovy to throw these theories out. With that said, here is a theory that was posted on Pastebin. I call it “False Flag Cyber Joe Jobbing” however the author dubbed it: “Internet and Oil Markets going to Flame(s)”:
- Original http://pastebin.com/8KkA7hk3
Internet and oil markets going to Flame(s)
Russia and China may now be framing the United States and other countries using cyberwarfare tactics. This should not be a startling statement nor should anyone brush this statement off as hearsay. In order to understand the dynamics of this theme, you the reader need to be aware of global politics, computing and a bit of intelligence.
I will begin with Kaspersky as an individual followed by the company. Yevgeniy (Eugene) Kaspersky is a graduate of the Russian FSB’s IKSI. IKSI is the Institute of Cryptography, Telecommunications and Computer Science of the FSB Academy. [FSB] Kaspersky you may recall wants an end to freedom on the Internet: “I’d like to change the design of the Internet by introducing regulation … about following Internet standards. And if some countries don’t agree with or don’t pay attention to the agreement, just cut them off.” [ZDN] Do you need a translation of what Kaspersky was aiming for? If so, this write up is not for you.
Fast forward to almost three years following that statement. Surprise! Kasperky discovers “the most complex malware every produced.” No one has ever seen nor heard of it. Granted there are hundreds of millions of users in the world and hundreds of antivirus companies around. How many hundreds of thousands of security researchers? Yet according to Kaspersky and company, this “Flame” malware has been around for years without ever being detected. What is the saying? If it sounds too good to be true?
Often times, I am asked as a security professional: “Don’t you think that the antivirus companies launch these things to scare us into buying their products.” Often my response is: “Why should they, there are enough criminals attacking operating systems. The AV companies won’t have to.” Whereas now, things are starting to make a little more sense. Did Kaspersky create a strain to rattle global politics? Why couldn’t he do so. After all, he is in some capacity FSB. If you recall, Kaspersky’s son was kidnapped and held for some ransom, what is to stop him from being blackmailed by the FSB of all agencies into making something like Flame. It would make logical sense.
Flame is known for targeting only Middle east targets. Mainly oil companies. Coincidentally, Russia has also been on a rampage when it comes to oil, after all it all boils down to money at the end of the day. [OIL] So why is everyone hellbent on trying to connect the dots associated with Flame and the United States. It could quite possibly entail nothing more than a power play for Russia to attempt to gain a certain amount of control of the Internet. This allows them to be able to determine dissidents via way of Internet taps. It also gives them a greater stage to collaborate and earn Chinese currency.
Granted, Flame would have to be state sponsored, as a kid there was a running theme that “whomever smelt it dealt it.” This is likely to be the case. State sponsored indeed. What better way to light fire to the United States than it would be to shift the blame on the country via a horribly written, bloated piece of malware. You know that same piece of malware that has five different encryption mechanism. Psssttt… Mr. Kaspersky, didn’t you graduate crypto school? China, your role will be analyzed soon however, it need not take a global political science major who doubles in forensics to connect those dots.
by Security Week computer security analyst Jesus Oquendo