Flame Virus,Cyber Weapons and the Cloud

The Problem

Recently there has been press on a new Cyber-Weapon called FLAME. Now many of you might be wondering why I called it a Cyber-Weapon. Well here are a list of things it can do:

  1. Record audio from your computer’s microphone.
  2. Take screenshots of your screen.
  3. Record keyboard activity, and log your passwords.
  4. Monitor networktraffic and know what websites you use.
  5. Record Skype conversations.
  6. Turn infected computers into Bluetooth beacons which attempt to download contact information from nearby Bluetooth-enabled devices.
  7. Self-destruct when it is aware that someone has began monitoring it’s source code.
  8. Transmit all the data quietly and slowly to servers around the globe.

This is not a simple virus, it is a weapon. I do not want to say it is SMART, but being able to destroy yourself and erase your forensic finger print is pretty “clever”.

Flame is going to be one of many new cyber weapons. How they begin to affect educational technology is uncertain. My worst fear is that schools will believe that over investing in localized network security will help. It will not. It will slow down the network, it will make everyone wish they were off-campus so they could get their work done, and it will develop a false sense of security. How do I know? Because this is what happens now.

I have had to only deal with 3 major network attacks in my life, so I am not an expert. However, I do take a very aggressive approach once I am aware of an attack. The first thing I do is DISCONNECT. I literally disconnect network nodes until the issue is isolated. I do not waste time trying to CLEAN one system, while others are being infected. I physically quarantine the problem, and if that means NO POWER, it means NO POWER.

The reason being that if an attack starts, the anti-virus(AV) and security have already failed. If a new attack is clever,then existing tools based-on pattern recognition cannot recognize it. Simple logic. The tools most schools invest it are not SMART enough to deal with a sophisticated threat. The best attacks are the ones that spend time disabling all the security before they spread.

We are now faced with cyber weapons that can use multiple communications protocols to spread. They can read and interpret everything we do, lay quietly in the architecture, and transmit data and personal information slowly so as not to be noticed.

Are we doomed? No. We just need to add a bit of Humanity and logic to the problem, and start teaming-up.

The Solution

I was just at a cloud computing conference in Malaysia, and I was on a panel discussion. They asked everyone about security. The question was, “if you are hosting everything with a massive service like Amazon, and they get hacked, then isn’t the damage and final resolution going to be worse than if you were managing things privately (and of course paying more money)?” I said, “I would rather be hacked with 2000 people working-on the same problem, than be hacked alone.” People laughed, but I did get a few glances from audience members that saw my point and agreed with me.


This is why our first responsible step as educational technology leaders is to start consolidating resources with cloud-based services that offer military grade protection. A few would be Amazon, Microsoft, Google, Rackspace, etc. These companies are connected to the resources they need to rapidly identify, study, and solve serious security threats. They are clustered around the world in such a way that not all of their data centers get hit at the same time. This allows them to suffer a few blows, but then counter-punch.

Dealing with serous threats requires an understudying of cryptography as well as computer systems. Is your network administrator good at crypto-analysis? Telling your AV software to update, is not going to help when the threat is smarter than any software the AV company makes.

The next phase of the solution is implementing policies that push people to work in and from the cloud, and ban them from bringing USB devices of any kind. USB devices are tough to regulate, especially with Windows. As far as I am aware, most people do not have the software in place to limit USB executables, but still allow the rest of the USB to work. This is how USB devices do damage, they give the initial threat an environment to start-up and spread.

If people are working in and from the cloud this will not happen as often, and it could be strictly implemented and/or banned completely.

In schools the big issue is media. All I can say is that it is getting better out there. If you have the bandwidth you can do big media work using cloud-based services. If you have poor bandwidth then the need for USB-based transport becomes inevitable. What can I say, stop buying AV licensing and pay for more bandwidth. 🙂

The Conclusion

Without a doubt we need local network security and policies, however if the majority of what we need and what we do is happening in the cloud then ….How much local protection do we really need?

A solid network configuration and well designed network layout can do more than most software can because it deals with issues at the port level and can work to cut off access to individual devices which are a threat. Network monitoring software can also give a single administrator an overview of the health of the network, and a visual representation of anomalies.

Humanizing a process provides a randomness that offsets the power of any cyber weapon. We are unpredictable and follow different paths to reach the same goals. We cannot be easily downloaded and observed, like security software, and we can choose to do something that software usually cannot…We can choose to not react.

We can turn off the power. Unplug the gear. Cut off the data collection. And leave a threat sitting dead on a drive while we think about the next move.

Tony DePrato