World’s best cryptography brains behind Flame spy virus - News and Current Events | futures trading

Go Back

> Futures Trading, News, Charts and Platforms > Traders Hideout > News and Current Events

World’s best cryptography brains behind Flame spy virus
Started:June 8th, 2012 (07:28 AM) by kbit Views / Replies:143 / 0
Last Reply:June 8th, 2012 (07:28 AM) Attachments:0

Welcome to

Welcome, Guest!

This forum was established to help traders (especially futures traders) by openly sharing indicators, strategies, methods, trading journals and discussing the psychology of trading.

We are fundamentally different than most other trading forums:
  • We work extremely hard to keep things positive on our forums.
  • We do not tolerate rude behavior, trolling, or vendor advertising in posts.
  • We firmly believe in openness and encourage sharing. The holy grail is within you, it is not something tangible you can download.
  • We expect our members to participate and become a part of the community. Help yourself by helping others.

You'll need to register in order to view the content of the threads and start contributing to our community. It's free and simple, and we will never resell your private information.

-- Big Mike

Thread Tools Search this Thread

World’s best cryptography brains behind Flame spy virus

Old June 8th, 2012, 07:28 AM   #1 (permalink)
Elite Member
Aurora, Il USA
Futures Experience: Advanced
Platform: TradeStation
Favorite Futures: futures
kbit's Avatar
Posts: 5,839 since Nov 2010
Thanks: 3,275 given, 3,321 received

World’s best cryptography brains behind Flame spy virus

The spy malware Flame used bogus Microsoft certificates to infect new computers, a prominent cybersecurity expert says. The science needed to pull the trick probably required some of the world’s best knowledge of cryptography.

The virus, which spread across the Middle East and particularly Iran, can mask itself as legitimate patches distributed through a Windows Update, reports Marc Stevens from the Centrum Wiskunde & Informatica (CWI) in Amsterdam.

It does so by providing a fake digital certificate, stating that the malware is a code originating from a trusted producer, which appears to have been issued by Microsoft itself.

Obtaining such a fraudulent certificate required a so-called chosen-prefix collision attack. It’s an attack targeting a specific cybersecurity algorithm called Message-Digest algorithm 5, or MD5. MD5 basically takes a piece of data and turns it into a unique digital fingerprint called a hash.

The important feature of a hash is that it cannot be used to reverse-engineer the original data, so, for instance, a database of password hashes cannot be used to establish the passwords, but can be used to match a password to its hash and verify it. Hash functions are vital to online commerce, safe file distribution and other important parts of cyber infrastructure.

A malign party would want to find a way to find pairs of data, which would generate identical hashes, called a collision. A criminal using hash collisions may intercept communication and act as a middle man, eavesdropping on the exchange or modifying it as he pleases.

For MD5, which was developed in the early 1990s, a way to perform such an attack was first theorized in 2004, although it was deemed impractical by the cybersecurity community. In 2008, Stevens and his group managed to improve on the method and construct a rogue Certification Authority, a body with the authority to issue digital certificates.

The demonstrated vulnerability of MD5 prompted national governments and IT leaders to speed up the shift to better and more secure hash functions. In June 2009, Stevens made public how exactly he and his team performed the attack, assuring that this would not compromise the Internet.

But apparently Microsoft failed to disallow D5-based signatures in their Terminal Server Licensing Service (TSLS), and the authors of the Flame virus made use of this, executing a collision attack in February 2010, Stevens speculates in a statement. The result of this attack was a code-signing certificate appearing to be from Microsoft that may be used to sign Windows Updates. Stevens discovered that the attack took place using custom-made software his team created for their cryptography research.

More interestingly, the Flame collision attack is an entirely new and unknown variant, not the one Stevens used. He adds that the method used by Flame’s coders was already in development before June 2009, when he and his colleagues revealed their take on the problem. “This has led to our conclusion that the design of Flame is partly based on world-class cryptanalysis,” Stevens says.

The Flame virus was used by unidentified perpetrators for a massive espionage operation in the Middle East, which lasted for at least two years. It was first reported in late May. Some cybersecurity experts judged that the level of sophistication evident in the malware shows nation-state-level backing was needed to create it.

World?s best cryptography brains behind Flame spy virus — RT

Reply With Quote

Reply > Futures Trading, News, Charts and Platforms > Traders Hideout > News and Current Events > World’s best cryptography brains behind Flame spy virus

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Upcoming Webinars and Events (4:30PM ET unless noted)

An Afternoon with FIO trader bobwest

Elite only

NinjaTrader 8: Programming Profitable Trading Edges w/Scott Hodson

Elite only

Anthony Drager: Executing on Intermarket Correlations & Order Flow, Part 2

Elite only

Adam Grimes: Five critically important keys to professional trading

Elite only

Machine Learning Concepts w/FIO member NJAMC

Elite only

MarketDelta Cloud Platform: Announcing new mobile features

Dec 1

NinjaTrader 8: Features and Enhancements

Dec 6

Similar Threads
Thread Thread Starter Forum Replies Last Post
Your Gut Beats Your Brains in Shady Transactions madLyfe Psychology and Money Management 2 June 12th, 2012 03:07 AM
Powerful "Flame" cyber weapon found in Iran kbit News and Current Events 0 May 28th, 2012 04:43 PM
New virus-infected emails ..... kbit News and Current Events 2 February 3rd, 2012 09:03 AM
Avast anti-virus Big Mike Tech Support 2 February 25th, 2011 02:16 AM
anti virus software Riverend Tech Support 6 February 1st, 2010 02:45 PM

All times are GMT -4. The time now is 11:28 PM.

Copyright © 2016 by All information is for educational use only and is not investment advice.
There is a substantial risk of loss in trading commodity futures, stocks, options and foreign exchange products. Past performance is not indicative of future results.
no new posts

Page generated 2016-10-24 in 0.07 seconds with 19 queries on phoenix via your IP