Giving Aid and Comfort

Anyone who doubts that we are not in the midst of cyber warfare, they are not educated as to the current state of global affairs. The United States is under siege from nearly every corner of the virtual universe. The attacks are continuous. The intent clear.  The United States has the greatest store of intellectual property the world has ever seen. We create new content hourly. We drive new trends, place our technology on the moon and Mars, and push the envelope of most every area of science and math known to human kind.

Recent discoveries of malware such as Stuxnet, Flame, Duqu, and Gauss point to alleged US efforts to penetrate Iranian cyber infrastructures to execute virtual acts of espionage and sabotage. Since 1979, Iran has made every effort to kill Americans and subvert our foreign policy. They are truly an enemy and well defined adversary. Their intelligence services from the assassination squads of Al-Quds Force Unit 400 to the Iranian Revolution Guard Corp (IRGC) to proxies such as Hezbollah, have and continue to execute acts of espionage, sabotage and assassination against Americans and friends of Americans. Whether it was the murder of Robert Dean Stethem in 1983 aboard TWA Flight 847, the bombing of the Marine barracks in Beirut during the same year or their continued sponsorship of state terrorism, Iran is bent on eliminating every facet of US influence in the Middle East and beyond. Their drive to eliminate Israel, communicated on a regular basis. Their intent with nuclear technology, well defined with their commitment to develop nuclear weapons.  They are a true adversary working to spread their revolution anywhere they believe they can gain foothold. Largely at the expense of the United States and everyday Americans.

What is vexing and causes great consternation, is why the likes of McAfee, Symantec, TrendMicro, Microsoft and Bitdefender (to name a few US-based companies and not the F-Secure’s, ESET’s or Panda’s of the world) would openly publish code examples, reverse engineering information and analysis on cyber espionage and sabotage tools. These tools serve to delay, disrupt, deny, and deceive our enemies from developing nuclear weapons that could one day be used against the United States or our allies. You might think that they are all actively on the payroll of the IRGC and have become another in a long line of Iranian proxies.

When seeing this type of information published by American companies, should the conclusion be that they really are only in the game for economic reasons? This is not a demonstration of true loyalty to United States policy since their disclosures of the malware in question can only be seen as proving to the world that they are highly skilled at malware detection and remediation. The fact is that most anti-virus solutions catch at best, 30% of the malware in the wild. If they were as good as their annual fees indicate, then they would have caught the malware in question when it was installed, not a year or two later (anti-virus solutions should be free).  However, that is not the point and intent of this writing. The point is this: Are American information security companies providing aid and comfort to our enemies and adversaries by providing solutions to our alleged cyber weaponry?

• ·        https://infosecisland.com/blogview/21482-Symantec-Flame-Analysis-A-Sophisticated-and-Discreet-Threat.html
• ·        https://home.mcafee.com/virusinfo/virusprofile.aspx?key=1396910
• ·        https://esupport.trendmicro.com/solution/en-us/1059505.aspx
• ·        https://www.microsoft.com/Security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanSpy%3aWin32%2fGauss.A&ThreatID=-2147306969
• ·        https://blogs.technet.com/b/srd/archive/2012/06/06/more-information-about-the-digital-certificates-used-to-sign-the-flame-malware.aspx
• ·        https://labs.bitdefender.com/2012/05/cyber-espionage-reaches-new-levels-with-flamer/

During the era of the Cold War, anyone giving aid and comfort to the enemy was termed to be treasonous as defined in Article III of the US Constitution. Is the application of this term and associated definition going overboard with respect to the acts of information security companies? Let us leave that to others to determine.

Kaspersky is now asking for a crowdsourcing effort to break the encryption associated with the Gauss payload. Surely US-based mathematicians, computer scientists, college students and information security companies are all rushing to become the first to do so. However, at what cost to alleged US efforts against a foreign enemy?

• ·        https://www.securelist.com/en/blog?weblogid=
• ·        https://www.wired.com/threatlevel/2012/03/duqu-mystery-language/?utm_source=Contextly&utm_medium=RelatedLinks&utm_campaign=Previous
• ·        https://www.wired.com/dangerroom/2012/07/ff_kaspersky/all/
• ·        http://news.techworld.com/security/3372156/eugene-kaspersky-reacts-angrily-to-alleged-kremlin-sympathies/

We can better understand this sentence, very shocking to our ears in the West, on social networks: “There is too much freedom , he said about Facebook. Freedom is good. But the wicked can abuse the freedom to manipulate opinions. ” Interesting and amusing when you consider his sympathy for Vladimir Putin, the “democrat” as we know it. The Russian president that pushes the development of international regulation of the Net and a tightening of control of online media, as demonstrated by the recent legislation passed by the Duma in early July.

Proximity to the makers of our time that does not stop at the Kremlin, Eugene Kaspersky is often invited to attend and intervene in safety symposiums around the world. Meetings attended by security thinkers and politicians on the planet. Ultimately, the Russian security expert watching over your PC, it would be better if he does not care for our freedoms. (As recovered via cached copy of Tech Your Day – https://techyourday.com/specifications/topic/123-eugene-kaspersky-there-is-too-much-freedom-on-social-networks/ )

The message to US-based information security firms and anyone wishing to solve our adversary’s cyber problems is this: Think very hard at what actions you take to reverse engineer, communicate, publish, and solve the cyber ills of our adversaries and enemies. You are not acting as loyal citizens of the United States and are actually betraying the trust given you by birth or acquired. The call by Kaspersky is nothing more than an effort to aid an adversary. If US-based companies are intent at reverse engineering and communicating their findings, then do so. However, do so to US authorities as a method of finding holes in the cyber weaponry for future improvements and hardening.

JSB