What’s The Difference between Stuxnet & Flame?



There have been two major reported cyber attacks on Iranian assets in the past couple of years, by viruses (or malware) called Stuxnet and Flames.

These have some similarities to each other, and some important differences.

For those who are interested in such topics, this is the line-up:

Similarities: both Stuxnet and Flame attacked thousands of computers, the overwhelming majority within Iran.

They were both distributed by removeable media and by local networks.

There is also apparently some common code used for modules within these two viruses, for example the module which exploits a weakness in a printing routine.

Differences: Stuxnet is an attack malware – which rendered thousand of computer controlled nuclear enrichment centrifuges useless. Flame, on the other hand, is designed to collect and relay intelligence data – it’s a massive spying device.

Flame did not solely target the nuclear facilities, but also thousand of computers in Iranian industry, including Government ministries and the vital oil and gas facilities.
.
Stuxnet targeted Seimens industrial controllers; Flame works on standard Windows PC operating systems.

As a starter, Flame copies keyboard entries, sifts through emails & text messages, records microphone sounds and interconnects with Bluetooth devices.

The data is then communicated to command & control servers, scattered around the world.

On a purely legal front, whereas Stuxnet could be considered a hostile & illegal attack under international cyberspace legislation, Flame doesn't seem to directly infringe international treaties such as The Council of Europe Convention on Cybercrime. 

According to most observers, both Stuxnet and Flame are the products of one or more Governments. Fingers have been stubbornly pointed at the USA and, ahem, Israel.

This conclusion has been justified by the complexity of the code, which is apparently well beyond solo geeks, or even whole industries.

My logic would point to the receiving end of the Flame data, collected by this enormous and unprecedented cyberspying mission.

Which geek, or industry, is going to have the resources to obtain useful, even critical, data from simultaneously spying on thousands of Iranian computers?

Whoever is behind this double attack – Stuxnet on the nuclear facilities, and Flame’s mega-espionage on Iranian infrastructure… Yeshar koachachem!!. 

Comments

Popular posts from this blog

Marrying a Soloveitchik