The Automation of Espionage

AdamElkus June 3, 2012

Kapersky Labs has reported a new form of malware dubbed “Flame:”

A complex targeted cyber-attack that collected private data from countries such as Israel and Iran has been uncovered, researchers have said. Russian security firm Kaspersky Labs told the BBC they believed the malware, known as Flame, had been operating since August 2010. …This new threat appears not to cause physical damage, but to collect huge amounts of sensitive information, said Kaspersky’s chief malware expert Vitaly Kamluk. “Once a system is infected, Flame begins a complex set of operations, including sniffing the network traffic, taking screenshots, recording audio conversations, intercepting the keyboard, and so on,” he said. More than 600 specific targets were hit, Mr Kamluk said, ranging from individuals, businesses, academic institutions and government systems. …The malware code itself is 20MB in size – making it some 20 times larger than the Stuxnet virus. The researchers said it could take several years to analyse.

I hate to sound like a broken record, but I was saying “duhhh” when I read the sentence “this new threat appears not to cause physical damage.” That’s the whole point.

What this new malware reveals is not necessarily that the Chinese, Iranians, or Russians are going to destroy us all, or that this is another “cyber wake up call.” Rather, it is only the latest in a long series of incidents that displays a structural shift in the nature of espionage. Espionage has become automated.

For a way to think about this issue, let’s turn to the auto industry around the early 20th century. Most cars were exquisite, well-made machines that were out of the reach of the average consumer. Then along came Henry Ford and his Model T. His car was not only affordable, but scalable due to his new mode of assembly production. But Ford and his cars and factories were evidence of more than simply just one man’s genius. Economic geographers dub the style of production he pioneered “Fordism,” built on a political relationship between the state, industry, and labor and new methods of automation. Fordist modes of production made the earlier idea of consumption represented by automobiles virtually extinct.

Espionage 1.0 (as we might call it) was rooted in what human agents could produce. Case officers operating under various forms of cover developed agents, which in turn produced raw information that could be transformed through analysis into intelligence for policymakers. The rise of photo-reconnaissance aircraft, space-based collection platforms, and the evolution of sensors and recorders produced revolutionary new methods of collecting intelligence. We could dub this Espionage 1.5.

The informatization of society has produced Espionage 2.0. Nearly every state, corporation, or organization on the planet is networked in some shape or form. Certainly the root of many security problems lie in basic security failures and organizational problems. But there’s also another dimension. Developing spies is costly. Despite what one hears about the “grains of sand” approach to espionage, there are costs and risks to training and running spies that intelligence agencies assume. Take the Bin Laden raid, for example. It worked (mostly perfectly), but burned a Pakistani doctor and created a hubub over the use of a fake vaccination program.

Due to the extensive ways it is now possible to compromise a network and the low cost of mounting multiple attacks, Espionage 2.0 has automated the processes of taking information and made it massively scalable. Espionage 2.0 lacks human agents, so there will be no Cold War-esque spy exchanges. Espionage 2.0 preys on organizational and technical vulnerabilities rather than human psychology. Most importantly, Espionage 2.0 allows for an ability to sustain a penetration of an organization. When the CIA’s networks got rolled up in Lebanon and Iran, it more or less destroyed American covert presence in those states. But the expose of one cyber infiltration method is not nearly as costly. “Assumption of breach” is merely a recognition that while physical security vulnerabilities are more easily controllable via denial and deception methods, cyber-espionage relies on exponentially more channels. Moreover, they are also easier to conceal. Malware can sit on computers for years without exposure and lacks the need for constant supervision and back-and-forth communication that a handler performs for his agent.

Flame exemplifies this trend. It is also technically complex, combining methods for spying on conversations around the computer, Skype chats, instant messaging, Bluetooth beaconing, and a sniffer component that scans all traffic on an infected machine’s local network. It copies files and deletes those it dislikes, and is updatable:

Once the modules are unpacked and loaded, the malware connects to one of about 80 command-and-control domains to deliver information about the infected machine to the attackers and await further instruction from them. The malware contains a hardcoded list of about five domains, but also has an updatable list, to which the attackers can add new domains if these others have been taken down or abandoned.

This is the new reality we’ve lived in for some time. And just because it isn’t cyber war doesn’t mean that it isn’t a serious problem.

For more see:

About AdamElkus

Adam Elkus is a PhD student in Computational Social Science at George Mason University. He writes on national security, technology, and strategy at oodaloop.com for OODA, War on the Rocks, and his own blog Rethinking Security. His work has been published in The Atlantic, Journal of Military Operations Foreign Policy, West Point Counterterrorism Center Sentinel, and other publications.

Gain Powerful Insights Into The Future With OODA Loop’s Technology Tracking

In a continuation of our journey to bring the best, most actionable technology content to enterprise decision-makers we have merged our research and reporting activities into the OODAloop.com site (both CTOvision.com and OODAloop.com are owned and operated by OODA LLC). CTOvision will focus only on one small niche, a vision for a technology enabled future. […]

CTOvision and OODA: Big Changes Coming Soon

In a continuation of our journey to bring the best, most actionable technology content to enterprise decision-makers we are merging our research and reporting activities into the OODAloop.com site (both CTOvision.com and OODAloop.com are owned and operated by OODA LLC). This will give our community access to the same technology summaries we currently produce as […]

Give Your Career A Boost By Learning From Experienced Decision Makers

Our video and audio podcast, the OODAcast, provides content that can help accelerate your career and improve your decision making. The series is based on interviews of some of the greatest most accomplished enterprise technologists we can find. We ask questions designed to pull out lessons applicable to accelerating the career of any professional. We […]

Think Twice Before Deciding To Use A Personal VPN: You could be getting some really bad advice

From the 1930s to 1950s (far too long) the medical community just would not wake up to the fact that cigarettes could cause harm (see More Doctors Smoke Camels). Why did they stick with this misperception for so long? When so many good people come to the wrong conclusion it probably means some deeply human […]

Please help spread the word: USNI and NIP Essay Contest: This year’s challenge area a key one for the nation

Please help share the content at this link to any thinker/writer you know: 2020 Information Warfare Essay Contest This contest is open to all contributors, active-duty, military, reservists, veterans, and civilians. Generally the winners have had a solid understanding of the nature of modern conflict, but really any thinkers/writers should look over the contest and […]

Centripetal wins historic $2.6-$3.2 Bil vs. Cisco Systems; largest US patent infringement award to date

Editor’s note: I am proud to say I have a history with Centripetal Networks serving on their board and then later as an advisor. It was horrible to learn that a Tech Titan like Cisco was infringing on their patents. It is good now to see when the facts were reviewed justice was done. -bg […]

Super Bowl Ads Indicate Big Businesses Think You Are Afraid of AI

Tom Loftus provided an insightful review of some of Super Bowl ads in the 4 Feb 2019 Wall Street Journal. Like AI parody in SNL, these ads really poked fun at computers: Seriously, did anyone catch the commercials? If the Super Bowl is the zeitgeist, then it is safe to say that America is not […]

HBO’s Westworld: The Man In Black is a special kind of Twitter user

HBO’s Westworld is a modern take on the Michael Crichton SciFi tale of a robotic amusement park. The HBO version has a new twist. The creators/writers were all exposed to years of Twitter, which has influenced every episode and the entire arch of two seasons of the show. Now that season two is wrapping up, […]

All Enterprise Techies Should Watch HBO’s SciFi Epic Westworld: It will help us dialog over shared experiences on what we will not be creating

Westworld season one was a great mix of science fiction and drama and action and it was done in a way that should help people think through many tech ethics questions, like how do we want to treat our robots? Does treating robots with violence change our nature? Can robots become sentient? HBO has a […]

Related