Cyber warfare · Hackers

About Gauss

Lithograph showing a portrait of the German ma...
German mathematician Carl Friedrich Gauss at the age of 50 (Photo credit: Wikipedia)

I did an analysis of Gauss from a ‘whodunit’ perspective for a reporter, I thought I might share a few of my conclusions.

A bit of history first.  On August 9th, 2012, the Russian cybersecurity firm Kaspersky issued a press release and leaped to the conclusion that this is a State sponsored effort without providing any evidence, other than Gauss sharing some code and functionality with Stuxnet and Flame.  I happen to agree, however, after walking through the alternatives.

Occam’s Razor logic test says that is the best conclusion and it is merely an intelligence gathering operation.

The argument that this is a well-funded hacker group doesn’t pass an examination because the Return on Investment is probably too low.

I also have fairly reliable information that the Olympic Games program had more subordinate programs than just Stuxnet and Flame…  we shall see how this develops.  The chance of a disclosure from the White House, however, is minimal to nil.

When will we know for certain?  Many decades, is my best guess. Many decades.

A few notable findings of mine, related to this issue.

Kaspersky is a cybersecurity firm and sells its services.  In this case Kaspersky did not monopolize the field, another firm almost simultaneously released a Gauss detection tool, here.

The International Telegraph Union, the ITU, is the world’s telecommunication governing body.  The United States is actively resisting them as the governing body.  With Kaspersky’s announcement and Kaspersky’s close relationship with the ITU, the United States’ argument grows weaker.  The US wants to retain as much control over the internet as is possible to insure freedom of speech and freedom of operations on the internet.  The US may recognize what an advantage it has by having de facto control over the internet.

Welcome to the battlefield of the future, I call it Shadow Warfare or, perhaps more descriptive is Warfare in the Shadows.  We may never see our attacker.  We may never hear the killing blow.  We may never smell any evil intent.  We may not taste our cyber-blood spilling onto the ground. We might never even feel our collective bodies slumping over and dying…  and nobody might ever die…   But the attacks will happen and governments will find odd ways to communicate they were behind an action in cyberspace, as I happen to believe the Stuxnet disclosure really was such a communication.