Malware detected! Cyber-war lunges forward

Now may be a good time to click the update button to your anti-virus software. A couple of weeks ago, while trying to locate and identify a very illusive viper/wiper program that has been infecting Iranian computers, Kaspersky Lab has detected something even larger and more threatening than described. The malware, currently dubbed as “Flame”, is speculated to be another step towards cyber-war.

The malware has been named after a common name in its modules “flame_props”. This malware has been said to be 20 times larger and more complicated than a previous Cyber-war tool named Stuxnet. Stuxnet and Duqu were two of the cyber-war weapons that were launched around 2009 and 2010. These malware were considered monsters of their time. Stuxnet apparently took at least half a year for Kaspersky Lab to analyze and it may take at least 10 years to bust Flame open. These malware ran rampant in Iranian computers and sought to gather data and destroy infrastructure.

Flame has been recorded to be infecting several countries in the Middle East, with Iran as the leading target. The size and scope of Flame’s targets seem to reflect that this is again another Government-backed cyber assault, with goals of espionage in mind. Flame has been reported to be gathering data and even deleting data from target systems. Even the spread of the malware is well controlled and remained undetected for 2 years and maybe even longer. The scope of attack and similarities to Stuxnet rules out independent acts of cyber criminals.

In Kapsersky’s statement, Flame infects its targets by installing a small compressed file into the drive, then further downloads and deploys up to 20 modules that allow the attacker to perform several tasks, taking virtual control over the affected systems. The total size of the toolkit reaches 20 MB, compared to the 500 KB of Stuxnet. The plug-ins can be deployed and turned off at will by the attacker, including well controlled deployment into USB hosts, making the malware harder to detect. It even has the ability to completely wipe itself from a computer, further making it difficult for large anti-virus firms like Kaspersky Lab to detect and analyze. Someone is definitely in the steering wheel of this ride. Flame is a malware that has grown exceedingly complicated compared to its predecessors. Who knows how many more of these are in the wild, still running undetected?

So what can this malware do? Nearly every recording and data gathering capacities of you computer is at its employ. Kaspersky Lab reports that Flame can effectively use your computer’s microphone to record conversations. It can view your keystrokes. It can browse all your data and communications in the internet. It can even use the Bluetooth device of your computer and access other devices in its coverage, gathering personal information, like names and phone numbers. It can choose who to infect and when is the best time to strike. It has all the makings of an espionage tool. No wonder Kaspersky Lab thinks this may very well be a nation’s attack upon another.

This poses a threat not only to the infected countries, but other countries as well who may one day fall on the attacker’s radar. Some can only cry out for the legality of these attacks, as these are basically Government-approved cyber crimes. For this incredibly powerful malware to fall on the wrong hands would be disastrous to the whole internet community. Privacy has become a very sensitive term in the internet, and this privacy may soon be no longer in our control, if stuff like these can be deployed and run undetected for many years. If the government can get away with attacking industries for their data, what is stopping them from spying on each and every one of us regardless of their reasons?

Google attacked for privacy concerns

Google is currently being attacked for privacy concerns due to the issue of gathering information to be used in their products. If anyone has been using Google maps in countries like the USA, you would notice that there is a “street view” option. This allows you to view in a 360 degree angle the area that you have searched. You are able to see a panoramic street view photograph of the area, allowing you to familiarize yourself with a location or route before you even visit it, a very useful tool for anyone planning to travel. I for one would love to have this for other countries as well. The recent attack, though, may just prevent this from ever happening.

During the time when Google Maps has scoured the streets to gather street view material, they have also gathered some public information from unprotected Wi-Fi access points that they have passed by during that long drive. This has been tagged by Australian Senator Stephen Conroy as the ‘single greatest privacy breech’ in the history of privacy.  This has later on been flagged as point of attack in a case against Google in Europe, which may further boil down in other countries. They want Google to stop doing what they were built to do; to stop gathering information.

Let’s face it. On a near daily basis, we use Google search. People use it for school, work, and even for personal reasons. We use a multitude of Google’s other services such as Gmail and Google Maps. Having a Google account has increasingly become more important if you own an Android handset.  That is because they have been successful in creating a search giant that people have grown incredibly attached to that provided them a very broad range of services with just one account. All of these are actually covered by a privacy policy that registered users must agree to and may review as necessary.

Yet, many people now cry “privacy”. If you want privacy, secure yourself. Don’t go on the internet. It is quite funny when people cry that they have been stalked, or they have been searched using Google after they publicly posted about their daily antics on the web using blogs, social networks and forums. People purposely share information to the public, then cry when the public sees it. Looking at it that way, you have caused your own problems. It’s Google’s job to prowl the net for public content and allow that content to be found using their search engine. Face it, there has come a time when you have used Google to find these publicly available content for your own purposes. They wouldn’t have been able to provide you that information if they did not prowl the web for you. Convenience like maps and street view can come at a cost of having to gather that information first before they can show it to you.

There are plenty of ways to secure the information that you don’t want other people to see or have. One way is to use secure transfers and locked access points. Put a password on those files. Everyone goes through the trouble of locking their house, their safe, and their drawers. People would lock their bags and seal envelopes when being shipped and delivered. Treat your information online as these day-to-day things. If you can go through the trouble of protecting your property, then surely you can extend that effort in you cyber properties as well. Privacy and security is everyone’s job and responsibility.

Facebook introduces new privacy settings

If you haven’t signed in to your Facebook account today, you probably haven’t seen this notification yet. Don’t worry though, because everyone – that’s more than 350 million members – is getting the same too and yes, you are required to do something about it sooner or later.

“We care so much about this that we will require people to go through it to get access to the service,” Elliot Schrage, Facebook’s vice president of global communications, marketing and public policy told AFP.

“The idea is to evolve, to give users better control of with whom they share when they share.”

By this he means avoiding embarrassing (not to mention compromising) images and updates from your bosses, crushes, and all those people you want to impress. 🙂

With the new privacy tools, users can pre-determine who can access profile content and can also select privacy settings for each individual post using the lock icon next to “share” buttons on profile pages.

“Facebook has balanced more sharing with less of a chance people won’t realize who they are sharing with,” Future of Privacy Forum director Jules Polonetsky said of the Facebook privacy control change.

“No service or site has ever asked their users to go through this process; it is privacy by design.”

Source: http://www.google.com/hostednews/afp/article/ALeqM5jfJ9mqAfRcxcSgDLB56Na5CSRvZw