'Flame' cyber-attack in Middle East raises whodunit questions
JERUSALEM -- The latest case of cyber warfare and intelligence gathering in the Middle East has both surprised and impressed experts worldwide, as information about the newly detected malware dubbed "Flame" emerges.
The malware was discovered by the Moscow-based Kaspersky Lab, one of the world's leading information technology companies. The firm was tapped by the United Nations' International Telecommunications Union to look into reports of suspicious computer activity.
Kaspersky experts said Flame is "the most sophisticated cyber-weapon yet unleashed."
A wide, seemingly indiscriminate range of computers belonging to individuals as well as state-related organizations were targeted the Middle East, including in Syria, Lebanon and Sudan. Hardest hit appears to be Iran, raising questions about whether a cyber attack was aimed at the country's controversial nuclear program, and, if so, prompting speculation about who's behind it.
Israeli Vice Premier Moshe Yaalon helped spur speculation Tuesday by saying in a radio interview that "whoever sees the Iranian threat as a significant threat is likely to take various steps, including these, to hobble it." He also noted Israel's high-tech prowess. Later in the day, Iran's Fars news agency said Yaalon "acknowledged the Zionist regime's cyber-attack on Iran."
Previously, Iran's Computer Emergency Response Team Coordination Center issued a statement saying it had identified the new cyber attack. The malware had slipped past 43 anti-virus detection systems but the center had since developed detection and removal tools, according to the statement.
Iran was previously hit by a large-scale computer attack known as Stuxnet, a worm-like malware created specifically to target computers controlling centrifuges. Many believe Stuxnet was an effort by Israel, the United States or both.
Flame reportedly is different, a highly innovative Trojan horse designed to siphon information from infected computers in every possible way, taking simple files, Skype conversations, audio recordings, images from remote activating cameras, real-time screenshots of instant messaging and more.
"It's like a giant industrial-strength vacuum cleaner, sucking up information at a power level previously unknown," espionage expert Yossi Melman told Israel Radio on Tuesday.
Experts describe Flame as unusually complex, with huge amounts of code, and programming languages usually not used for writing malware. They said it also has superior systems for encryption, compression of information and track-covering as the harvested information is sent back over dozens of servers throughout the world, making it difficult to trace the source.
"This is a first-rate cyber-espionage tool, the first time we've encountered a platform with such complex and comprehensive capabilities of obtaining information," said Tal Pavel, a Netanya Academic College expert on Internet and cyber threats in the Middle East.
Though Flame has turned up in a number of countries, "the number of computers this unique system affected in Iran makes this highly suggestive," Pavel said.
Many commentators are in consensus that such a massive undertaking could only be the work of state-level players, not rogue or small-time hackers. Israel, the United States, Russia and China are known to have high-level capabilities in this field. But according to Avi Weisman, head of See Security / Information Security & Cyber Warfare College, the number of countries, international organizations or agencies with such abilities is growing constantly.
"We'd better get used to this fact," Weisman said in a radio interview, listing Iran, Turkey and Egypt, among others, as countries with such capabilities.
-- Batsheva Sobelman
Photo: A screen grab from the Kaspersky Lab website shows a program of the computer virus known as Flame. Credit: AFP / Getty Images