Linked by Thom Holwerda on Mon 28th May 2012 23:32 UTC
Privacy, Security, Encryption "A massive, highly sophisticated piece of malware has been newly found infecting systems in Iran and elsewhere and is believed to be part of a well-coordinated, ongoing, state-run cyberespionage operation. The malware, discovered by Russia-based anti-virus firm Kaspersky Lab, is an espionage toolkit that has been infecting targeted systems in Iran, Lebanon, Syria, Sudan, the Israeli Occupied Territories and other countries in the Middle East and North Africa for at least two years. Dubbed 'Flame' by Kaspersky, the malicious code dwarfs Stuxnet in size." Since I'm not particularly well-versed in the subject, maybe someone can answer this question for me: if country A creates a malware infection like this to spy on and/or harm computers in country B, can it be construed as an act of war under existing international law?
Thread beginning with comment 519824
To read all comments associated with this story, please click here.
Using the software of the enemy?
by Nth_Man on Tue 29th May 2012 06:45 UTC
Nth_Man
Member since:
2010-05-16

can it be construed as an act of war?


From the article:
Also, like Stuxnet, Flame has the ability to spread by infecting USB sticks using the autorun and .lnk vulnerabilities that Stuxnet used. It also uses the same print spooler vulnerability that Stuxnet used to spread to computers on a local network.


The malware has the ability to infect a fully patched Windows 7 computer, which suggests that there may be a zero-day exploit in the code that the researchers have not yet found.

What was Iran thinking when they were using the software of the enemy?
How many (intentional or unintentional) "bugs" are left that allow remote control for computers in Iran?

Reply Score: 3

Loreia Member since:
2012-01-17

What was Iran thinking when they were using the software of the enemy?
How many (intentional or unintentional) "bugs" are left that allow remote control for computers in Iran?


This is the key question. Why would they use MS Windows for anything important?

I mean, use windows on your gaming rig, and custom Linux distribution on computers that control sensitive industrial/military equipment.

Reply Parent Score: 4

phoehne Member since:
2006-08-26

While I agree there are some manufacturers that don't release Linux drivers. For example, I typed PC Data Acquisition into the Google and my first result was a USB device with only Windows drivers.

Personally I think that if you are going to use Windows or need to use Windows for driver support, glue the USB ports shut, put it on a network physically not connected to any internet facing network, take out the DVD/CD Rom drive, and then assume it is compromised and leaking data.

Reply Parent Score: 2

Nth_Man Member since:
2010-05-16

Let's remind that Windows is made by Microsoft, and they must obey the US government.

If they are required to "leave a back-door" like the "bugs" that caused Stuxnet, Flame, etc... Microsoft will obey or face jail.

Reply Parent Score: 2

Johann Chua Member since:
2005-07-22

Um, how do you jail a corporation?

Reply Parent Score: 2