This past week, a Russian Internet security firm disclosed that it had found a massive malware program infecting principally computers in Iran, but one suspected of having targeted about 600 sites in the Mideast and Eastern Europe.
The program was dubbed Flame, or sometimes Flamer, and its basic mission was to spy. Flame’s operators — suspicions immediately pointed to the Israelis and, to a lesser extent, us — infected computers in incremental steps until eventually they had installed a hidden 20-megabyte program that has been described as the most sophisticated cyberweapon to date — at least, that we know of.
Unlike two earlier programs, Stuxnet and Duqu, aimed at sabotaging Iran’s nuclear program, Flame appears to have been intended purely, as one account put it, to vacuum up industrial quantities of knowledge.
Flame collected data, documents, user names and passwords; recorded conversations, keystrokes and screen grabs; monitored Skype transmissions and conversations on nearby cellphones.
The operators had a program that would erase every trace of Flame’s presence — perhaps why it went undetected for at least two years and perhaps as long as five to eight years.
It would be obtuse bordering on the delusional to believe that the U.S., Israel and maybe a handful of other nations are the only ones with the expertise to conduct this kind of cyberwarfare.
That’s why it’s reassuring to learn, through an assuredly well-timed leak, that the Pentagon is engaged in an ambitious new program, dubbed Plan X, to vastly improve both its offensive and defensive cyberwarfare capabilities and go beyond just disabling infrastructure and conducting espionage to give U.S. commanders the tools to dominate both cyberspace and the battle space.
The program is in the hands of the wizards at the Defense Advanced Research Projects Agency, the outfit that contributed mightily to the creation of the Internet. DARPA plans to enlist universities and private-sector technology companies in the effort, which will begin modestly enough this summer with a five-year, $110 million program to solicit proposals.
The program is only a small part of DARPA’s cyberbudget of $1.54 billion from 2013 to 2017, but it will repay huge dividends if it prevents unpleasant surprises — like the ones the Iranians keep encountering.