Iran: Powerful "Flame" computer virus briefly hit oil industry but was defeated with data recovered

AP Graphics

(CBS/AP) TEHRAN, Iran - Iran's key oil industry was briefly affected by the powerful computer virus known as "Flame" that has unprecedented data-snatching capabilities and can eavesdrop on computer users, a senior Iranian military official said Wednesday.

The comment is the first direct link between the emergence of the new malware and an attack inside a highly sensitive computer system in Iran, which counts on oil revenue for 80 percent of its income. The full extent of last month's disruptions has not been given, but Iran was forced to cut Internet links to the country's main oil export terminal presumably to try to contain the virus.

It would be the latest high-profile virus to penetrate Iran's computer defenses in the past two years, boosting speculation that Israeli programmers could have struck again.

Middle East virus sparks Israel speculation
Massive Middle East cyber-attack uncovered

Experts see technological links between Flame and the highly focused Stuxnet virus, which was tailored to disrupt Iran's nuclear centrifuges in 2010. Many suspect Stuxnet was the work of Israeli intelligence.

(Below, watch a report CBS' "60 Minutes" broadcast in March on the evident success of Stuxnet in damaging Iran and whether the United States' infrastructure is safe.)

Stuxnet: Computer worm opens new era of warfare
Stuxnet copycats: Let the hacking begin
Nuclear Iran: Sites and potential targets

As CNET reported, Flame is about 20 times the size of Stuxnet. While the majority of the machines infected with Flame were in Iran, computers in Egypt, the Israel/Palestine region, Lebanon, Saudi Arabia, Sudan and Syria were also hit with the virus.

Gholam Reza Jalali, who heads an Iranian military unit in charge of fighting sabotage, claimed that Iranian experts had detected and defeated the "Flame" virus. He told state radio that the oil industry was the only governmental body seriously affected and that all data that had been lost were retrieved.

"This virus penetrated some fields. One of them was the oil sector. Fortunately, we detected and controlled this single incident," Jalali said. "We could also retrieve the information that was lost."

Jalali said there has been no report of any other governmental agency being affected by the virus.

Iran's government-run Computer Emergency Response Team Coordination Center has said the highly sophisticated Flame virus appeared linked to espionage, but cited no specific country or source. International suspicion, however, immediately fell on Iran's archfoe Israel.

Israel's vice premier did little to deflect suspicion about the country's possible involvement in the cyberattack.

"Whoever sees the Iranian threat as a significant threat is likely to take various steps, including these, to hobble it," Moshe Yaalon told Army Radio when asked about Flame on Tuesday. "Israel is blessed with high technology, and we boast tools that open all sorts of opportunities for us."

Ali Hakim Javadi, Iran's deputy Minister of Communications and Information Technology, was quoted by the official IRNA news agency as saying Wednesday that Iranian experts have already produced an anti-virus capable of identifying and removing Flame from computers.

The Computer Center "has produced an anti-virus capable of detecting and removing the Flame for the first time in the world," IRNA quoted Javadi as saying. "The anti-virus software was delivered to selected organizations in early May."

The Russian Internet security firm Kaspersky Lab ZAO said the Flame virus is unprecedented in size and complexity.

Kaspersky's conclusion that the virus was crafted at the behest of a national government has fueled speculation it could be part of an Israeli-backed campaign of electronic sabotage against the Jewish state's archenemy.

The virus can activate a computer's audio systems to listen in on Skype calls or office chatter. It can also take screenshots, log keystrokes and — in one of its more novel functions -- steal data from Bluetooth-enabled cellphones.

Aftana.ir, a government-run website, said the Flame has been active since 2010, the same year when a virus known as Stuxnet disrupted controls of some nuclear centrifuges and some other industrial sites in Iran.

Iran has acknowledged that Stuxnet affected a limited number of its centrifuges — a key component in the production of nuclear fuel — at its main uranium enrichment facility in the central city of Natanz. But Tehran has said its scientists discovered and neutralized the malware before it could cause serious damage.

Iran says is has previously discovered one more espionage virus, Duqu, but that the malware did no harm Iran's nuclear or industrial sites. Jalali said Flame is the third.

Iran says Stuxnet and other computer virus attacks are part of a concerted campaign by Israel, the U.S. and their allies to undermine its nuclear program and economy.

[decotoguy]

In a nut shell this is called "Terrorism",and suspect number one is America.

[Scimajor]

"..... suspect number one is America."

.... based on absolutely no evidence whatsoever.

[jonnyooh]

So the Iranians say they were able to detect the virus, stop it from spreading, and remove it from infected computers. If they're lying, which they have been known to do, we will probably be able to get some feedback on that. When I say "we", I don't include myself, because I usually have a devil of a time even deciphering the English spoken by people who dream in code, but I, for one, would like to be kept up to the minute on how their people are dealing with this thing. If I'm not mistaken, they were claiming the ability to replicate the drone that dropped on their land a couple of months ago. We'll see how that works, because if they had that kind of technological feat under their belts, they would be screaming it from the rooftops.

[earth5695]

The Iranians are just completing the newest paper airplane drone but at this time it cannot be used in wet weather .

[ToolMangler1]

Personally, I think Iran made the virus themselves and it got away from them long enough to infect Iran's 'closed Internet system'. Since they made it, they knew how to defeat it quickly. That ladies and Gentlemen is the "Origin of the SUPERIRANIAN". (They are Legends in their own minds)..

[DrussRob]

Um, Kaspersky isn't Russian anymore. It was bought by an Israeli company maybe a couple of years ago. I've used Kaspersky (the best anti-virus imo) for years, and was always involved in what was going on with the company.

[Tracy5627]

I'm sure if Israel and the US put ther heads to gether, they should be able to come up with a virus that can completely cripple Iran's infrastructure.

Better now than later!

[ToolMangler1]

One Neutron Bomb over the middle of Iran would kill all Electronic devices instantly.. without harming a single person (that didn't have a pacemaker installed)

[notMormonOrABishop]

HAH! Uninvited visitors hang-out in your man cave and the best the superior Persian mind can come up with "boosting speculation that Israeli programmers" is the Boogie Man. Don't they know, only the Shadow knows for sure whether it was the Russians, the Chinese, the Saudi, or maybe just a local band of nail polish wearing female hackers tired of being woMen In Black (http://english.alarabiya.net/articles/2012/05/30/217458.html)

[earth5695]

They blame Israel for the weather at this point in time.

Waiting breathlessly for the Bishop from Iran to pop up with his cut and paste routine.