Earlier this month, researchers at Kaspersky Labs announced the discovery of a highly sophisticated piece of spyware, which they dubbed Flame. The Flame worm is a comprehensive digital surveillance tool designed to log keystrokes, record audio conversations, and take screenshots of email, instant messaging, and other activity. It spreads via USB devices and through networks. American computers were not targeted by the Flame worm (which primarily affected Iranian systems), but its discovery provides an alarming example of the security threats which are now possible and underscores the urgent need for additional attention to operational security (OpSec).
Loose Lips Sink Ships
The discovery of Flame serves as an object reminder that sensitive information should never be discussed or shared online or by cell phone, especially in-theater.
During my husband’s last deployment, a friend informed me one afternoon that her husband had told her something alarming – and done something very dangerous in the process. “We were talking on IM,” she said, “and he asked if he could call me on Skype because he wanted to tell me something it might not be safe to type and send in an instant message.” Once on Skype, inexplicably feeling safer, my friend’s husband proceeded to tell her that the unit had been warned of a potential ground attack against their base; the attack was expected within days, and my friend’s husband had just committed a potentially major security breach.
Email, chat, instant messages, and other text-based communications can be keylogged, intercepted, or – as Flame demonstrates – captured in screenshots by tech-savvy enemy agents. Despite my friend’s husband’s glib assumption, Flame also demonstrates that even voice and video communications like Skype and Google Voice can now be intercepted, recorded, and used against American forces. Unless you are exchanging information over an appropriately secured Department of Defense network, there is no secure way to share sensitive information through an Internet connection.
Skype, email, and instant messaging are incredibly valuable resources for keeping families connected through the hardships of deployment, and none of us wants to lose access to those tools – or to our loved ones. The morale and resilience benefits of media like Skype heavily outweigh the potential risks of their use if all of us act responsibly and carefully when communicating online. With the use of Skype in combat zones already under scrutiny following last month’s tragic incident, it is up to all of us to preserve this vital link with our family members by using it responsibly and sensibly.
Prevent Infection – Use Protection
The Flame worm also offers a dramatic reminder of how quickly and easily worms, viruses, and other malware can spread and how difficult such infections can be to detect – and how critical it is to follow correct security practices to prevent the spread of such infections.
Always use a current version of the best anti-virus program available for your computer and keep your operating system’s security updates current. Even if you are sure that your computer or the computer you work with is clean, always strictly follow Department of Defense and command policies and never use USB devices or removable hard drives on government computers. It is also vital that you scrupulously follow Department of Defense and command policies on restricted sites, media types, and downloads, especially on government computers. These rules exist for very specific reasons, and the threats they protect against – like Flame – are very real and very dangerous.
Whether you are staying in touch with your loved ones or operating a government computer, do not be complacent about computer security. The lives and missions of your fellow American service members rely on every spouse’s and service’s members caution, vigilance, and dedication to security – every time.