“Cyber weapons based on a common platform enable governments to engage multiple targets with only the modification of payloads.”
“A cyber weapon acquisition process works much in the same way that it does for any weapon system; requirements are established and guide development.”
“The modular nature of Tilded allowed for the weapons based off of it to not only change payloads but also configuration files, encryption methods, and stealth techniques.”
In December 2011 the anti-virus company Kaspersky referred to the platform, or base framework and source code, used to create the Stuxnet and Duqu malware as Tilded. A platform approach to creating malware allows developers to create code that can be modified to utilize different payloads and exploits against a variety of targets. Tilded goes beyond the basic platform approach, such as having two parts to the code: weapon system and payload, to that of a modular platform.
This modular approach allows for the cyber weapon to be quickly customized to any number of functions while avoiding anti-malware detection techniques. Through its modular nature Tilded allows for the cyber weapons based off of it to be nearly polymorphic in nature. In reference to nation-state made weapons this modular capability allows for cyber weapons to be employed more quickly and with the use of fewer resources.
Stuxnet, discovered in June 2010, etched its place out in malware history as an advanced cyber weapon when it damaged nearly a thousand centrifuges at the Nantanz uranium enrichment facility in Iran. Although the authors behind Stuxnet were never positively identified it is widely accepted that the malware was built with nation-state support. In September, 2011 the Duqu malware was discovered and quickly identified as being similar to Stuxnet.
Although Duqu is very similar to Stuxnet, the newer discovered malware did not have the same targets or payload as Stuxnet. Instead, Duqu is primarily a stealthy information gathering tool; its targets included locations in Sudan, Iran, Indonesia, Austria, the UK, and the USA. Despite their differences, the use of a common platform links the two pieces of malware and suggests that there may be other unidentified weapons which trace back to as early as 2007.
There has been much speculation of the authorship of the Tilded platform and analysis done on the code itself but little discussion on the motives governments have to use a common platform for cyber weapons. Cyber weapons are a great choice for governments due to the limited attribution associated with them, the decreased cost to human life, and ability to precisely degrade enemy capabilities while simultaneously gathering intelligence information. These aspects make cyber weapons powerful political and military tools but do not describe the benefits to a modular cyber weapon. The real motive behind modular based cyber weapons exists in the proof usually given to identify weapons as nation-state sponsored: the resources devoted to them.
With the global economic downturn in recent years governments are struggling to maintain their nation’s direction with a smaller budget. The US Department of Defense is not immune to this and Defense Secretary Leon Panetta has stated a vision of a “smaller, leaner” military. With the current threat landscape from adversaries throughout the world it is easy to understand the lure of cyber weapons as a cost effective means to projecting power. Cyber weapons based on a common platform give governments the chance to create an even more cost effective solution by exploiting multiple targets with only the addition of various payloads.
This platform based approach is used not only in the open source community with tools such as Metasploit but also in the military community with aircraft. Instead of creating costly new aircraft for specific functions, existing platforms may be outfitted with a variety of weapons, sensors, and tools to make them operationally diverse. Tilded has taken this concept to the next level by adding a modular capability to the platform. Instead of just outfitting the platform with different payloads, a nation-state can now create new cyber weapons altogether off of the same base of coding.
The weapons created could range from an information gathering program, such as Duqu, to a weapon that damages nuclear centrifuges, as was done with Stuxnet. This makes the modular style of Tilded incredibly cost effective. The ability to create cost effective weapons is a strong reason to use modular cyber weapons but it is not the most important; time is the most important reason.
To understand how much modular cyber weapons save in terms of time it is important to understand a little about government acquisition and approval processes. Government acquisition processes are generally not quick and can be very costly. The Lockheed Martin F-22 is one of the most advanced pieces of weaponry currently available to the US Air Force; the need for this aircraft was identified in 1981 and the first prototype wasn’t flown until 1990.
Following the first prototype it was 1997 before the first F-22 took flight. As impressive as the F-22 is, the fact remains that the time and money to get one flying was extensive. One of the reasons that the F-22 took so long to become operational is that government acquisition programs involve a lot of approval processes in an attempt to spend tax payers’ money responsibly.
To read the full story, go tohttp://www.malaysiasecuritymagazine.com/subscribe/ and purchase a subscription today!
***Disclaimer***
Robert M. Lee is an officer in the United States Air Force; however this paper and his views do not constitute an endorsement by or opinion of the US Air Force or Department of Defense.