News broke out in global media outlets at the end of May about the most sophisticated computer malware virus ever discovered. Dubbed Flame, it has infected hundreds of computers across the Middle East. Here is how media outlets describe it:
Kaspersky Lab, a Russian cyber security firm, has discovered that thousands of computers in the Middle East (mostly government machines, mostly in Iran) have been infected with a malicious piece of software they are calling Flame. Flame is insidious, destructive, and very cool. And no one will ever take credit for building it.
Similarities between Flame and the Stuxnet and DuQu viruses are leading to speculation that the programs were all created by the same people. Stuxnet, which bloodlessly set back the Iranian nuclear program by as much as a decade, is widely believed to be the product of an Israel-America cyberweaponry team-up. Of course, neither country has confirmed this.
From Discovery News
The most sophisticated and powerful cyberweapon to date — a Swiss Army Knife spy tool that can evolve and change to deal with any situation — has been discovered on the loose in several Middle Eastern countries, security researchers said Tuesday.
The Worm.Win32.Flame threat, or “Flame” for short, was likely built by the same nation-state responsible for the Stuxnet virus that targeted Iran’s nuclear power plant in 2010.
Flame can grow and change, too: What makes this cyberweapon so powerful is the ability to be reconfigured with new modules that turn an infected PC or industrial control system into whatever tool a spy dreams up.
Experts see similarities between Flame and the Stuxnet virus, which disrupted Iran’s nuclear centrifuges in 2010. Stuxnet was widely believed to be the work of Israeli intelligence, leading to speculation that Israeli programmers may have struck again.
From Surface Earth
According to a wired.com report, The Flame virus is twenty times more complex than the Stuxnet virus , which struck Iran’ s nuclear facilities in 2007. Flame can take screenshots, and capture messages sent over an infected network, and even use the computer’s microphone to record conversations.
The experts believe that this level of complexity indicates that Flame was created by a government rather than an individual criminal or group of hacktivists. Commentators quoted in the Telegraph have suggested that Israel, China, or the United States may be responsible. Israel and United States were widely suspected of creating the Stuxnet virus, and Iran claims that it has noted significant similarities between Flame and Stuxnet, although the western cyber security firms investigating Flame disagree.
From National Post
He said there was evidence to suggest the code was commissioned by the same nation or nations that were behind Stuxnet and Duqu, which were built on a common platform.
Both Flame and Stuxnet appear to infect machines by exploiting the same flaw in the Windows operating system and employ a similar way of spreading.
That means the teams that built Stuxnet and Duqu might have had access to the same technology as the team that built Flame, he said.
From New York Times
Flame, these researchers say, shares several notable features with two other major programs that targeted Iran in recent years. The first virus, Duqu, was a reconnaissance tool that researchers say was used to copy blueprints of Iran’s nuclear program. The second, Stuxnet, was designed to attack industrial control systems and specifically calibrated to spin Iranian centrifuges out of control.
Because Stuxnet and Duqu were written on the same platform and share many of the same fingerprints in their source code, researchers believe both were developed by the same group of programmers.
From The Globe and Mail
In addition to its massive size and many modules, the software’s sophistication is evident from the way it infected machines in the first place. To get on a host computer, Flame was designed to provide a fake Microsoft security certificate. Pulling that off, experts say, would have required incredibly advanced knowledge of cryptography, indicating that math geniuses were among Flame’s authors.
Notice what these articles tell us that software security experts are deducing:
- A common design team developed both the Flame malvirus and the earlier discovered Stuxnet and Duqu viruses because of similarity in architecture between them.
- The ability of Flame to adjust and change (evolve) means that experts and resources on the level of nation states are behind this virus. This was not made by a bedroom hacker.
- Complexity of the malware is broadly measured by its functionality. It can do many things, more things than Stuxnet, and is thus considered more complex.
This reasoning and these deductions seem so reasonable to us that we, without much thought, follow along in their line of reasoning. And that should make us re-think another line of reasoning that is directly confronted by this logic. Notice what the following university textbooks quotes tell us about evidence for naturalistic evolution.
It became apparent that animal species that were similar in their anatomy also had similar genetic instructions. Researchers have also shown that, even though the wing of an insect and the arm of a primate look very different, the same basic instructions are used during their development. … The only explanation for these similarities and this connectedness that has withstood scientific scrutiny is evolution, and the only mechanism for evolution that has withstood scientific scrutiny is natural selection. Bernard Wood. Human Evolution. 2005. p. 22
Hox gene expression provides the basis for anterior-posterior axis specification throughout the animals. This means that the enormous variation of morphological form among animals is underlain by a common set of instructions. Indeed hox genes provide one of the most remarkable pieces of evidence for deep evolutionary homologies among all the animals of the world. Developmental Biology 8th Ed. 2006. SF Gilbert. p. 725
These two university textbooks (and many others could be cited) are telling us that similarity in genetic code is ‘one of the most remarkable pieces of evidence for deep evolutionary homologies’. Really? So why does similarity in code between computer viruses indicate to computer experts a common design team behind them? These are very analogous comparisons and yet the conclusions drawn are opposite.
So how strong is this evidence for evolution? A couple of years ago, because of my background in software development and database design I picked up a university textbook dealing directly with sequencing of genetic information and storing that information in computer databases. Note how an expert in DNA sequencing data sees similarity in genetic information.
It is important to distinguish sequence homology from the related term sequence similarity because the two terms are often confused by some researchers who use them interchangeably in scientific literature. To be clear, sequence homology is an inference or conclusion about a common ancestral relationship drawn from sequence similarity comparison when the two sequences share a high enough degree of similarity. On the other hand, similarity is a direct result of observation from the sequence alignment. Sequence similarities can be quantified using percentages… In dealing with real research problems the issue of at what similarity level can one infer homologous relationships is not always clear … Essential Bioinformatics Jin Xiong 2006 p 32
In other words, the homology (i.e. evolution) is just an inference from the data. Therefore other inferences could also explain the data. But Xiong notes that the scientific literature ‘often’ (his word) confuses the inference with the data itself. If this is the case, then these researchers will not recognize other inferences since they think that their inference is really data. The issue is not with the data, but with the mind interpreting the data.
The inferences drawn from the experts who reported Flame should lead us all to recognize that there is another good inference that can be drawn from similarity in DNA sequences between organisms. Similarity in code naturally infers common designer. And this makes sense. The reason that the iphone, ipad and the ipod share common features has nothing to do with evolution. They share common features because they share a common design team – those working in Apple. The fact that so many textbooks do not even acknowledge this very natural inference should raise our curiosity. The design inferences from Flame, in a context outside of biology, should prompt us to also consider design inferences in the natural sciences.