Latest viruses could mean ‘end of world as we know it,’ says man who discovered Flame

Eugene Kaspersky: We’re at the mercy of cyberterrorists, armed with weapons more serious than any previous IT security threat

By David Shamah

The Flame virus, whose existence was announced several weeks ago by Eugene Kaspersky, is not just any old virus. It’s so sophisticated that it represents a new level of cyber threat, one that could be “the beginning of the end of the [interconnected] world as we know it,” Kaspersky said at a press conference Wednesday. “I have nightmares about it.”

Information security expert Kaspersky, whose team of researchers uncovered Flame’s existence, was a featured speaker at Wednesday’s second annual cyber-security conference sponsored by the Tel Aviv University’s Yuval Ne’eman Workshop for Science, Technology and Security. The conference comes at a time when interest in cybersecurity is at a peak, as a result of speculation about who was behind the Flame attack and the earlier Stuxnet virus attack that is thought to have damaged, or at least delayed, progress by Iran on its nuclear program.

Also speaking at the conference were a host of top security and government officials, including Defense Minister Ehud Barak, Israel Space Agency chairman Yitzhak Ben-Yisrael, former Shin Bet director Yuval Diskin, and others.

While many companies — including Kaspersky’s — advertise sundry solutions for computer viruses and Trojans, they won’t help when it comes to Flame and other still undiscovered viruses of similar or even greater strength that are likely out there, he said. “Right now we have no way to defend against these global attacks.”

The term “cyber-war” is used by many to describe the situation, but that term — which implies that there are two equal, known enemies duking it out — is outmoded, he said. “With today’s attacks, you are clueless about who did it or when they will strike again. It’s not cyber-war, but cyberterrorism.”

Flame, which has stealthily stolen large chunks of data during the months or perhaps years it has been on the loose, is especially scary because of its many sophisticated tools, said Kaspersky. Besides being able to quickly replicate itself on networks and break up data into very small segments, making it almost impossible to trace as it is sent onwards, the virus has many unique features. “It can of course be spread very quickly via a disk-on-key, when one is plugged into a network,” but in addition, it can use bluetooth, wifi, and other communications protocols to propagate, he said.

The Russian-born Kaspersky, 46, whose company is the world’s largest privately held vendor of software security products, described the process by which his team discovered Flame, saying that he got interested in the matter when he heard that Iran had actually accused his company of designing the attack tool. “We thought that maybe our internal system was compromised, so we conducted a thorough investigation.”

It was this investigation, which entailed contacts with IT personnel in Iran itself, that yielded the data on Flame. “Dealing with what we discovered was too big a job for a company,” so Kaspersky took what he knew to the UN’s International Telecommunications Union, which was just as shocked as he was. “We worked out an arrangement where we would gather the data, and they would take care of the other issues.”

Data-gathering is a technical issue, not a political one, Kaspersky said, so he could not speculate on who invented Flame, or why. But anyone and everyone is a suspect. “There are many countries with hackers and experts who are sophisticated enough to pull something like this off.”

The US, Israel, China, and Russia are on that list, but so is Romania, “which has many talented hackers.”

But even countries without a staff of their own could kidnap the scientists they need or hire “hacktivists” to do their dirty work, and there is no shortage of willing and capable people, Kaspersky said.

Still, any country thinking of stockpiling cyber-weapons of these magnitudes should think twice, Kaspersky said, as they have a way of getting out of control.

“It’s like biological weapons; when you set one off in one place, it affects many others.” Cyber-weapons of the magnitude of Flame are just as destructive. “The world is just so interconnected today, and the viruses that attack one power plant puts them all at risk,” Kaspersky said.

Governments must work together to, for example, order a complete rewrite of software for essential systems to protect them against attacks — “there are still many systems out there using MS-DOS,” Kaspersky said — to agreeing to pool information and act jointly when an attack occurs.

The alternative, Kaspersky said, is a world in which cyberterrorists have a free hand – something like the world in the movie Die Hard 4 (also known as Live Free or Die Hard). That movie’s plot involves hackers causing blackouts, blowing up government buildings, and trying to shut down America’s computer system.

“We at Kaspersky Labs have been aware for a long time that such a scenario was possible, but until that movie came out in 2007, we forbade anyone inside the organization from using the term ‘cyber-terrorist.’ Now that the cat is out of the bag, we routinely use that word to describe what is going on.”

He, and other researchers like him, are hard at work coming up with the solutions as the problems arise. What’s at stake, he said, is nothing less “than life as we know it today. Let’s hope and pray we can keep the cyber world safe for our kids and grandkids.”

Mass Transit Cameras Spot Bad Guys, No Human Judgment Required

 A new camera system for San Francisco's MUNI system will use algorithms and machine learning to track and monitor commuters. Can computer programs predict bad guys... and what will they be looking for?

By Neal Ungerleider

A new breed of security cameras can supposedly detect terrorism and crime without a human judgment call--and mass transit agencies are shelling out big bucks for the product. San Francisco's Municipal Transit Authority, which oversees the city's MUNI trains, has signed a contract with security firm BRS Labs to deploy cameras to 12 subway stations that use algorithms and machine learning techniques to spot anomalous behavior.

BRS Labs is a security firm that provides behavior recognition software for video surveillance. The company's clients include government, tourist attractions, military bases, and private industry; BRS's software issues real-time text alerts when cameras detect strange behavior. Servers connected to security cameras observe locations for weeks at a time and then establish a baseline of “normal” behavior based on this timespan; anomalous activities afterwards (loitering, abandoned packages, abnormally high/low numbers of passengers) trigger an alert. No tripwires or programming of initial parameters are required.

According to a publicly available product bid, the San Francisco MUNI project will include up to 22 connected cameras at each train station; video monitoring will be conducted by train control, MUNI Metro East facility, and in-station personnel. The video systems will build memories of observed behavior patterns that mature with time; the systems, in the bid's words, “[have] the capability to learn from what [they] observe.”

In an interview with Fast Company, BRS Labs President John Frazzini said that the company's AIsight behavior recognition product relies on 11 patents related to computer vision technology and surveillance imagery. BRS's patents primarily deal with the intersection between computer vision and machine learning; video footage grabbed by MUNI cameras will be automatically translated into code for real-time processing. Clips of anomalous activity are dispatched to MUNI employees automatically; SMS text message alerts are also sent to staffers' mobile phones.

The post-9/11 emphasis on “homeland security” and anti-terrorism efforts has resulted in a gold rush of surveillance contracts from mass transit agencies and public institutions nationwide. While large mass transit agencies such as New York's MTA and Chicago's CTA have been cagey about their counter-terrorism efforts, trade show presentations and chatter in industry publications have given a basic idea of what is happening. Apart from machine learning-based video surveillance, subway security has also taken on wackier (and scarier) aspects: The Homeland Security Department has publicly announced their plans to release bacteria into Boston T tunnels this summer in order to test new biological weapon detectors deployed throughout the subway system.

The same technology that's being deployed in San Francisco's subway is also intended for the global market. BRS, which is based in Houston, has overseas offices in London, Sao Paulo, and Barcelona. BRS Labs' AISight product is primarily intended for use in counter-terrorism efforts. AISight's software algorithm has limited success in detecting in-station muggings or subway perverts, two issues of much more immediate interest to mass transit ridership than terrorist attacks.

Another unique aspect of BRS's product is the fact that it heavily relies on timestamps and time recognition. Behavior and objects are coded according to the times of day or days of the week in which they most frequently occur; the velocity, acceleration, and path of customers passing through a station are analyzed as well. Spatial anomalies and classification anomalies are taken into account as well.

One worrying--or appealing to budget-minded clients--aspect of BRS's product is the fact that their software product sharply reduces the need for human camera maintenance. The algorithms behind AISight compensate for lighting changes, shaky images, and poor bandwidth. Between the automated evaluation of “anomalies” and their software-based maintenance process, the need for human supervision for effective software operation sharply declines.

BRS's promotional literature promises that their software product can accurately detect loitering in unusual places at train stations, abandoned objects, and “tailgating” at entrances.

Verified customers of BRS's system beyond the SFMTA include the City of Houston, Boeing, the Louisiana Port Commission, the City of Birmingham (AL), and security contractors for the Nuclear Regulatory Commission. Publicly available documents indicate that the Port Authority of New York and New Jersey is deploying BRS's technology for a pilot project at the World Trade Center as well. Fast Company is based at the World Trade Center complex.

Urgent Windows Update To Kill Off Spy Virus

Microsoft has carried out an emergency update of Windows after discovering that the makers of a spy virus had exploited a software bug.

The Flame espionage tool infected PCs across the Middle East by tricking computer security systems into accepting it as a genuine Windows product.

Mike Reavey, a senior director with Microsoft's security team, said the attacks were targeted and "highly sophisticated".

As a result of the bug fix, any viruses that bears the fake Microsoft code are likely to stop working.
Microsoft declined to comment on whether other viruses had exploited the same flaw in Windows, or whether the company was looking for similar bugs in the operating system.

Experts said the method had probably been used to deliver other viruses that have not yet been identified.

"It would be logical to assume that (the virus creators) would have used it somewhere else at the same time," said Mikko Hypponen, chief research officer for security software maker F-Secure.

Flame has been in circulation since 2010 but because of its complexity was only discovered last week.

It was aimed primarily at Iran, but also affected Israeli and Palestinian territories, Sudan, Syria and Lebanon.

Researchers say that technical evidence suggests it was built on behalf of the same nation that commissioned the Stuxnet worm that attacked Iran's nuclear program in 2010.

Information about the virus is still being gathered by computer analysts.

Leaders plotting EU superstate: 'Fiscal union' looms... with the Germans in charge

By James Chapman, Political Editor

European leaders are edging closer to a federal union in response to the financial crisis engulfing the Continent.

In crisis talks yesterday, Britain and the US joined forces to urge Germany to create a central Brussels body that could assume sovereignty over individual countries’ budgets and fiscal policies.
There is growing frustration in London and Washington at Germany’s reluctance to take steps towards a single economic government and put its vast resources behind the struggling countries in the eurozone.

Their fears were aired yesterday in a conference call between finance ministers from the G7 group of leading nations.

Four EU leaders have been asked to draft proposals for a deeper eurozone fiscal union, to be presented to an EU summit at the end of this month.

Senior Tory MPs are to press David Cameron to hold a referendum on Britain’s future in Europe if the moves go ahead.

They insist the Government must seek a mandate from voters to demand that key powers are repatriated from Brussels to Westminster in exchange for agreeing to treaty changes that would allow eurozone countries to pool sovereignty.

They fear a core eurozone, led by Germany, would be in a powerful position to push whatever policies it wanted affecting the rest of the 27-member EU.

The Prime Minister and Chancellor George Osborne have long argued that a single currency can only work if the eurozone creates an effective fiscal union.

They believe that for any single currency to work, richer areas must pay to support poorer ones.
Britain would stand outside any such arrangement, and Mr Cameron refused to sign a treaty taking more tentative steps towards a fiscal union last year.

But senior Conservatives say such a move would so fundamentally alter the balance of power and daily running of the EU that a referendum would have to be offered to determine whether British voters wanted to remain in Europe’s ‘slow lane’.

Up to ten chairmen of Commons select committees are understood to be preparing to call for a popular vote on Britain’s future place in the EU if a fiscal union goes ahead.

Some believe Britain should leave the EU in such circumstances, while others argue that a demand for a looser relationship with Brussels would be given greater force if endorsed in a referendum.

Conservative MP Bernard Jenkin, chairman of the public administration select committee, said: ‘Clearly the European Union becoming a federation which expressly does not include the UK is a dramatic change in the terms of our relationship with our EU partners.

‘The Government needs to lay its demands on the table so British law and British taxpayers’ money are both protected by a sovereign UK Parliament.

‘Any new arrangements should be subject to a referendum.’

The Coalition has changed the law to ensure that no more powers can be passed from Westminster to Brussels without a referendum. But it is far from clear that one would be triggered if the eurozone countries decide to pool sovereignty.

German Chancellor Angela Merkel confirmed this week that measures to create a closer union for countries in the euro were being considered.

‘The world wants to know how we see the political union in complement to the currency union,’ she said.

‘That requires an answer in the foreseeable future and Germany will be a very constructive partner.’

Berlin does not expect to take final decisions on strengthening economic policy coordination until March 2013, with only a ‘roadmap’ being agreed at the Brussels summit this month.

Porn star Luka Rocco Magnotta ate victim's body parts, claim Montreal police

Video footage of the suspected Montreal murderer Luka Rocco Magnotta show him eating the body parts of his alleged victim, police said yesterday.

Montreal Police Commander Ian Lafrenière said that while it could not be confirmed, his officers suspected Magnotta of eating parts of the lover he is accused of killing and dismembering.
German prosecutors further revealed yesterday that they intended to extradite Magnotta to Canada following his surprise arrest in Berlin on Monday.

The pornographic-film actor and model, 29, is wanted on suspicion of murdering and dismembering his male Chinese student lover and

sending his victim's body parts to political parties in one of Canada's most gruesome killings.
Magnotta fled from Montreal to Berlin via Paris. He was arrested in an internet café in the German capital on Monday morning. Yesterday he appeared before a judge and was remanded in custody until further notice.

Prosecutors said they were awaiting a request from Montreal Police for his extradition. A spokesman said the process could take "several days".

Canadian police have confiscated a film of a man killing his victim with an ice pick. The video is thought to show Magnotta murdering his 33-year-old lover, Jun Lin. His motive is said to have been jealousy.

The killer is suspected of dismembering his victim's body and posting parts of the corpse to Canada's Conservative and Liberal parties.

Magnotta is nicknamed "psycho killer" because the soundtrack to the video allegedly showing the murder carried excerpts from the film American Psycho.