Cyber boomerangs a risk in digital war
U.S. laws are ambiguous about cyberweapons.
The WASHINGTON — Obama administration is warning American businesses about an unusually potent computer virus that infected Iran’s oil industry even as suspicions persist that the United States is responsible for secretly creating and unleashing cyberweapons against foreign countries.
The government’s dual roles of alerting U.S. companies about these threats and producing powerful software weapons and eavesdropping tools underscore the risks of an unintended online boomerang.
Unlike a bullet or missile fired at an enemy, a cyberweapon that spreads across the Internet may circle back accidentally to infect computers it was never supposed to target.
The Homeland Security Department’s warning about the new virus, known as “Flame,” assured U.S. companies that no infections had been discovered inside the U.S.
It described Flame as an espionage tool that can move through corporate or private networks.
But suspicions about the U.S. government’s role in the use of cyberweapons were heightened by a report in Friday’s New York Times.
Based on anonymous sources, it said President Barack Obama secretly had ordered the use of another sophisticated cyberweapon, known as Stuxnet, to attack the computer systems that run Iran’s main nuclear enrichment facilities.
The order was an extension of a sabotage program that the Times said began during the Bush administration.
Cyberweapons are uncharted territory because the U.S. laws are ambiguous about their use.
Whether a cyberweapon can boomerang depends on its state of the art, according to computer security experts.
Russian digital security provider Kaspersky Lab said Flame’s complexity and functionality “exceed those of all other cybermenaces known to date.” Other experts said it wasn’t as fearsome.