Flame, a virus twenty times the size of Stuxnet, which has lurked for about two years in Middle Eastern (especially Iranian) energy facilities, and thought to have been the creation of the U.S. and Israel has been ordered to vanish without a trace by its creators.
According to AFP, quoting a blog entry by security firm Symantec, “Flame command-and-control servers sent an updated command to several compromised computers.” Symantec added, ”This command was designed to completely remove (Flame) from the compromised computers.”
Flame-infected computers that got the delete command proceeded to delete files and flood the computer disks with randomly-generated characters to hide the virus’s code, according to security researchers.
It should be noted that Kaspersky Lab, one of the world’s biggest producers of anti-virus software, discovered a connection between Stuxnet and Flame. We know that Stuxnet was created by the U.S. and Israel because of a leak in the Obama administration. Kaspersky Labs writes that it “discovered that a module from the early 2009-version of Stuxnet, known as ‘Resource 207,’” was actually a Flame plugin.
“This means that when the Stuxnet worm was created in the beginning of 2009, the Flame platform already existed, and that in 2009, the source code of at least one module of Flame was used in Stuxnet,” adds Kaspersky Lab. It doesn’t absolutely prove that Flame was created by the U.S. and Israel but it’s quite hard to deny the connection.
That critical infrastructure here in the U.S. and abroad is run by computer programs seems rather counter-intuitive to the reality of state and corporate espionage. It is a truism that any system can can eventually be hacked, which necessitates strong, vigilant cryptographic code to counteract the threat. Why any country, whether it be the U.S. or Iran, would expose itself to this threat is puzzling. Then again, as technology advances exponentially, the machinery that is manufactured for, say, an energy facility is tending toward complete computerization.
In the era of Flame and Stuxnet, it seems rather more wise to adopt a more Ludditian approach to protecting critical infrastructure. That is, the most critical components of any system should be operated by actual human beings and not computer code.