Middle East set alight by ‘Flame’ cyber virus
MOSCOW / TEHRAN
US officials update anti-virus software for Air Force units to assist in the prevention of cyberspace hackers in this file photo. Security experts have discovered a highly sophisticated computer virus affecting countries in Middle Eastern countries, including Iran. U.S. Air Force Photo
A top Russian anti-virus software firm has said it has uncovered a new computer virus with unprecedented destructive potential, “Flame,” which is being used as a “cyber weapon” against several countries, mostly Iran.
Digital security provider Kaspersky Lab, which identified the virus, said in a release posted on its website late May 28, “the complexity and functionality of the newly discovered malicious program exceed those of all other cyber menaces known to date.” The virus is several times larger than the Stuxnet worm that was discovered in 2010 and was used against the Iranian nuclear program, the release states.
According to Kaspersky, Flame “can steal valuable information, including but not limited to computer display contents, information about targeted systems, stored files, contact data and even audio conversations.” It did not say which country the virus was aimed at, but said the investigation was initiated after a series of incidents with a still unknown virus which deleted data on computers in the “Western Asia” region. Kaspersky said Flame had been “in the wild” for more than two years, since March 2010. According to BBC, the malware can spread by USB stick.
Iran produces anti-virus
Flame is “actively being used as a cyber weapon attacking entities in several countries,” the statement said, describing its purpose as “cyber espionage.” Kaspersky’s research shows the largest number of infected machines are in Iran, followed by Israel and the Palestinian territories, then Sudan and Syria.
Experts are confident it was responsible for the disruption to Iran’s oil industry last month, daily Guardian reported. According to reports, the cyber-attack forced Iran to convene a “crisis committee” that ordered the disconnection of six of its main oil terminals from the internet, to stop the worm spreading. The Iranian Students’ News Agency (ISNA) said that the virus had successfully erased information on hard disks at the oil ministry’s headquarters.
The CrySys Laboratory, in Hungary, said: “The results of our technical analysis supports the hypothesis that [the worm] was developed by a government agency of a nation state with significant budget and effort, and it may be related to cyber warfare activities.”
Orla Cox, a senior analyst at Symantec, the international computer security firm, said: “I would say that this is the most sophisticated threat we have ever seen.” A unit of the Iranian communications and information technology ministry said it produced an anti-virus capable of identifying and removing the new malware. Coincidentally, Iran announced yesterday it had delayed the launch of an experimental observation satellite that was supposed to have happened a week ago, saying it would now take place sometime within the next 10 months. Suspicion immediately fell on Israel, famous for its technological innovation and its tireless campaign against Iran’s suspected nuclear program. For anyone facing the threat of a nuclear Iran, using cyber weapons such as Flame, would be a “reasonable” step, Israel’s vice prime minister said yesterday.
Pentagon: No comment
“For anyone who sees the Iranian threat as significant, it is reasonable that he would take different steps, including these, in order to hobble it,” Strategic Affairs Minister Moshe Yaalon told Israel’s army radio, just hours after the virus was discovered. “Israel is blessed with being a country which is technologically rich, and these tools open up all sorts of possibilities for us,” he said. The U.S. Defense Department, CIA, State Department, National Security Agency, and U.S. Cyber Command declined to comment.
If Kaspersky’s findings are validated, Flame could go down in history as the third major cyber weapon uncovered after Stuxnet and its data-stealing cousin Duqu, named after the Star Wars villain.