HomeLatest ThreadsGreatest ThreadsForums & GroupsMy SubscriptionsMy Posts
DU Home » Latest Threads » Forums & Groups » Main » General Discussion (Forum) » Stuxnet and Flame, is the...
Introducing Discussionist: A new forum by the creators of DU

Wed Jun 27, 2012, 06:39 AM

 

Stuxnet and Flame, is there any legal ground on which to act, is there no liability for

those who created what might eventually do billions of dollars in damage?

In other words, if Microsoft, Cisco, Sun, etc products are compromised to the point where their products allow or cause outrageous damage to a nations infrastructure/control systems/utilities is there no one held responsible?

I mean, didn't the melissa virus do untold damage, create internet mayhem and wasn't there a price to be paid by the author?? Seems to me that there are some areas where the govt should not hold itself above the law no matter the ends.

http://www.theregister.co.uk/2001/08/01/justice_mysteriously_delayed_for_melissa/
When Melissa struck on 26 March 1999, it introduced a generation of Netizens to the concept of a computer virus. The worm targeted Microsoft Word users, and spread by sending an infected e-mail to the first 50 addresses in each victim's Microsoft Outlook address book. Though non-destructive by design, the virus propagated so quickly that it jammed corporate and government networks, forcing some large companies to sever their connections to the Internet temporarily. By some estimates, the virus caused millions of dollars in losses.

Within a week of the outbreak, New Jersey police and FBI agents tracked the virus through a hijacked AOL account to Smith, then 30. On 9 December of that that year the programmer pleaded guilty to computer crimes in state and federal court, and stipulated in a detailed plea agreement to having caused over $80,000,000 in damage. The losses, coupled with other stipulations in the plea agreement, carry a prison term of 46 to 57 months.

Then-US Attorney General Janet Reno lent a quote to the press release; Smith remained free on $100,000 bail.


http://www.npr.org/2011/11/02/141908180/stuxnet-raises-blowback-risk-in-cyberwar
Stuxnet Raises 'Blowback' Risk In Cyberwar

by Tom Gjelten

Instructor Mark Fabro leads an exercise at the Department of Homeland Security's cyberdefense facility at the Idaho National Laboratory in September. Training at the lab is intended to help protect the nation's power, water and chemical plants, electrical grid and other facilities from computer viruses such as Stuxnet.
text size A A A
November 2, 2011

The Stuxnet computer worm, arguably the first and only cybersuperweapon ever deployed, continues to rattle security experts around the world, one year after its existence was made public.

Apparently meant to damage centrifuges at a uranium enrichment facility in Iran, Stuxnet now illustrates the potential complexities and dangers of cyberwar.

Secretly launched in 2009 and uncovered in 2010, it was designed to destroy its target much as a bomb would. Based on the cyberworm's sophistication, the expert consensus is that some government created it.


http://www.greenewave.com/flame-virus-and-blowback-on-the-digital-battlefield/
The “Flame” virus is the atom bomb of 21st century espionage, to date the largest and most elaborate computer bug ever discovered. It has lived in the deep recesses of Iranian government computers for years, spying on everyone and everything it comes into contact with.

It is more than a mere surveillance virus, it’s an “entire” self-contained “cyber espionage operation” according to Roel Schouwenberg, a senior security researcher with Russian based Kaspersky Labs, one of the first security networks to analyze the malware. While mostly infecting Iranian computer systems the virus has also been detected throughout the Middle East in Saudi Arabia, United Arab Emirates, Egypt, Sudan and even as far as Europe under the name sKyWIper or “Wiper,” this according to Hungarian based CrySyS Lab. By their estimates Flame may have been active “for as long as five to eight years.”


ON EDIT TO ADD:
http://www.greenewave.com/flame-virus-and-blowback-on-the-digital-battlefield/
Flame exceeds previous generations of malware. It has the capability to collect lists of “vulnerable passwords”, “create series of user’s screen captures,” covertly send intelligence back to remote servers, link to discoverable Bluetooth devices and even act as a beacon for a Bluetooth device to link back. It is quite versatile, capable of infecting Windows XP, Vista and 7 other common operating systems.


9 replies, 1018 views

Reply to this thread

Back to top Alert abuse

Always highlight: 10 newest replies | Replies posted after I mark a forum
Replies to this discussion thread
Arrow 9 replies Author Time Post
Reply Stuxnet and Flame, is there any legal ground on which to act, is there no liability for (Original post)
2on2u Jun 2012 OP
Scootaloo Jun 2012 #1
customerserviceguy Jun 2012 #2
frylock Jun 2012 #8
dipsydoodle Jun 2012 #3
2on2u Jun 2012 #4
dipsydoodle Jun 2012 #6
2on2u Jun 2012 #9
nancyoberoi Jun 2012 #5
Swede Atlanta Jun 2012 #7

Response to 2on2u (Original post)

Wed Jun 27, 2012, 07:12 AM

1. Oh, silly! Stuxnet and Flame don't hurt anyone!

Iranians aren't really people; they're just Muslims! Just ask the IDF and American Military experts behind them.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to 2on2u (Original post)

Wed Jun 27, 2012, 07:23 AM

2. I guess we could always go back

to drone strikes, and if we're really being old school, nuclear bombs.

I have no problem with any friendly government using cyberwar techniques to keep nuclear bombs out of Iranian hands. The collateral damage is trivial compared to other methods of "persuasion".

Reply to this post

Back to top Alert abuse Link here Permalink


Response to customerserviceguy (Reply #2)

Wed Jun 27, 2012, 02:29 PM

8. somewhere in china, somebody is typing the same thing..

reap the whirlwind.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to 2on2u (Original post)

Wed Jun 27, 2012, 07:24 AM

3. To my mind it doesn't really matter

as long as though who created it don't whine incessantly when it comes back to bite them big time.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to dipsydoodle (Reply #3)

Wed Jun 27, 2012, 07:44 AM

4. My point is that MS, Cisco, Sun and others could be hammered, possibly have legal action

 

taken against them, they didn't make the malware, but they may end up being responsible for its blowback aftermath.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to 2on2u (Reply #4)

Wed Jun 27, 2012, 07:53 AM

6. Whoever constructed that malware and put it to use

is responsible : not the makers of the operating systems they took advantage of.

I don't think its a matter of if the blowback occurs : its when it does and the manner in which it happens.

People who piss other people off deserve retribution. I would recommend you read the full version The Count of Monte Cristo sometime.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to dipsydoodle (Reply #3)

Thu Jun 28, 2012, 06:27 PM

9. But but but who could have imagined that the code could be used against us?? In a Rice like

 

statement of incredulity. Yeah, who the feck could have imagined. Making peace is far less expensive but far less profitable as well and therein lies the problem.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to 2on2u (Original post)


Response to 2on2u (Original post)

Wed Jun 27, 2012, 08:26 AM

7. The problem with this is....

 

the world's "e-verse" is interconnected. So when the U.S. or some other government targets the computer systems of an enemy there is a high likelihood that the virus will spread beyond the intended target.

I'm not a computer programmer but I assume it is difficult to create a virus that will only ever infect and affect target computers or systems. If that assumption is correct then I believe the software/hardware manufacturers and the U.S. government should be subject to liability for all damage that the virus causes on otherwise legal computer systems around the world.

The designers of the viruses know or should know that there is a high likelihood the virus will spread beyond the target and that spread is highly likely to cause damage. It is a classic negligence tort analysis.

Reply to this post

Back to top Alert abuse Link here Permalink

Reply to this thread