"Flame" computer virus strikes Middle East; Israel speculation continues

iStockphoto

(AP) LONDON - A massive, data-slurping cyberweapon is circulating in the Middle East, and computers in Iran appear to have been particularly affected, according to a Russian Internet security firm.

Moscow-based Kaspersky Lab ZAO said the "Flame" virus was unprecedented both in terms of its size and complexity, possessing the ability to turn infected computers into all-purpose spying machines that can even suck information out of nearby cell phones.

"This is on a completely different level," Kaspersky researcher Roel Schouwenberg said in a telephone interview Tuesday. "It can be used to spy on everything that a user is doing."

The announcement sent a ripple of excitement across the computer security sector. Flame is the third major cyberweapon discovered in the past two years, and Kaspersky's conclusion that it was crafted at the behest of a national government fueled speculation that the virus could be part of an Israeli-backed campaign of electronic sabotage aimed at archrival Iran.

Although their coding is different, Schouwenberg said there was some evidence to suggest that the people behind Flame also helped craft Stuxnet, a notorious virus that disrupted controls of some nuclear centrifuges in Iran in 2010.

"Whoever was behind Flame had access to the same exploits and same vulnerabilities as the Stuxnet guys," he said, speculating that two teams may have been working in parallel to write both programs.

Stuxnet revolutionized the cybersecurity field because it targeted physical infrastructure rather than data, one of the first demonstrations of how savvy hackers can take control of industrial systems to wreak real-world havoc.

So far, Flame appears focused on espionage. The virus can activate a computer's audio systems to eavesdrop on Skype calls or office chatter, for example. It can also take screenshots, log keystrokes, and - in one of its more novel functions - steal data from Bluetooth-enabled cell phones.

Tehran has not said whether it lost any data to the virus, but a unit of the Iranian communications and information technology ministry said it had produced an anti-virus capable of identifying and removing Flame from its computers.

Speaking Tuesday, Israel's vice premier did little to deflect suspicion about the Jewish state's possible involvement in the latest attack.

"Whoever sees the Iranian threat as a significant threat is likely to take various steps, including these, to hobble it," Israeli Vice Premier Moshe Yaalon told Army Radio when asked about Flame. "Israel is blessed with high technology, and we boast tools that open all sorts of opportunities for us."

Flame is unusually large.

Malicious programs collected by U.K. security firm Sophos averaged about 340 kilobytes in 2010, the same year that Kaspersky believes Flame first started spreading. Flame weighs in at 20 megabytes - nearly 60 times that figure.

Alan Woodward, a professor of computing at the University of Surrey in southern England, said the virus was modular - meaning that functions could be added or subtracted to it as needed. He compared it to a smartphone, saying that, depending on what kind of espionage you want to carry out, "you just add apps."

He was particularly struck by Flame's ability to attack Bluetooth-enabled devices left near an infected computer.

Bluetooth is a short-range wireless communications protocol generally used for wireless headsets, in-car audio systems or file-swapping between mobile phones. Woodward said that Flame can turn an infected computer into a kind of "industrial vacuum cleaner," copying data from vulnerable cell phones or other devices left near it.

"I don't believe I've seen it before," he said.

Udi Mokady, chief executive of Cyber-Ark, an Israeli developer of information security, said he thought four countries, in no particular order, had the technological know-how to develop so sophisticated an electronic offensive: Israel, the U.S., China and Russia.

"It was 20 times more sophisticated than Stuxnet," with thousands of lines of code that took a large team, ample funding and months, if not years, to develop, he said. "It's a live program that communicates back to its master. It asks, `Where should I go? What should I do now?' It's really almost like a science fiction movie," he said.

It's not clear what exactly the virus was targeting. Kaspersky said it had detected the program in hundreds of computers, mainly in Iran but also in Israel, the Palestinian territories, Sudan, Syria, Lebanon, Saudi Arabia and Egypt.

The company has declined to go into detail about the nature of the victims, saying only that they "range from individuals to certain state-related organizations or educational institutions."

Schouwenberg, the Kaspersky researcher, said stolen data was being sent to some 80 different servers, something which would give the virus's controllers time to readjust their tactics if they were discovered. He added that some of Flame's functions still weren't clear.

"Maybe it's just espionage," he said. "Maybe it's also sabotage."

Kaspersky said it first detected the virus after the United Nations' International Telecommunication Union asked it for help in finding a piece of malware that was deleting sensitive information across the Middle East. The company stumbled across Flame when searching for that other code, it said.

Spokespeople for the Geneva-based Telecommunication Union didn't return emails seeking comment.

The discovery of the Flame virus comes just days after nuclear talks between Iran and six world powers in Baghdad failed to persuade Tehran to freeze uranium enrichment. A new round of talks is expected to take place in Moscow next month.

Yaalon, the Israeli vice premier, told Army Radio on Tuesday that the talks in Iraq "yielded no significant achievement" except to let Iran buy time. He appeared to take a swipe at President Barack Obama by saying it might "even be in the interest of some players in the West to play for time."

[markleary38]

And, I guess that they now have machines to make weapons of mass destruction.? A nuclear centrifuse? Or is this more lies from our GOV. to put fear into your brainwashed stupid little minds that can't think for yourself. Remember the search for weapons that came up empty. And how we killed a million MUSLIMS over nothing and then went into IRAQ and killed a million more. At a cost to you of $652 billion a year with plans for 5 more years of war. Are they going to have enough DEAD by the end of that war. No, they will kill more blacks, Mex's,poor people. And when they are dead, we will find more enemies. Until 6 billion people are dead.

[Frederika777]

This has got to be the worst story I have ever read. Do you ever actually check the garbage sent to you by these people?

A 20MB virus is not a virus, its too big. In a nuclear power plant environment, pipes are heavily restricted to prevent technicians transmitting too much information in one go. A program of 20MB would take hours to download and would trip every single saftey system in the control room.

A virus is written in a low level machine-native language, not a high level language. There is no ripple of excitement across the computer industry because they are too busy laughing at you. Kaspersky might collect information about users of its software but that information is not collected when a computer updates its virus definitions. If it did that, it would be out of business in 5 minutes flat.

And finally to break the rather idiotic bubble you live in at CBS, computer programs are not "sophisticated" because the writer has got talent. There is only one way to open a port, only one way to pipe data, only one way to handshake a bluetooth connection. You either use the inbuilt functions or your little pride and joy simply wont work.

Get a damn education for christs sake!!!

[markleary38]

I guess nobody read the article about Hillary Clinton and FLAME. She said THEY were infiltrating Middle East websites. DAH. The gov is FLAME. They are going to use it here, if they aren't already.

[foo8259]

I must indeed be infected. Sat down at the computer with a "Big Gulp" from 7-11 and it slurped it!

[cbs_tom]

Israel has been long threatoned by Iran. Iran has militias that it supports on Israel's borders continuously causing havoc. For this, and not just this, Israel has engaged into slowly relegating its sworn enemy to having less opportunity to attack. I say go Israel!

[Lerianis4]

Bull and if EXTREMELY UNLIKELY with a grain of truth in it, I am betting that Israel has done the same to Iran.

The bottom line is that many of the statements that people say are so 'anti-Israel' that Iran makes are MISTRANSLATED. Purposefully, in fact.

[notMormonOrABishop]

Well Lerianis4, at least some of the mis-translators are Iran's official state-run media. What can their purpose be in so mistranslating from Supremely spoken Farsi to written English?

[redbeachvn]

Even as we speak someone is analyzing the Flame software and calculating how they or he can use it to make money. Maybe they will come out with Flame Basic and sell it to everyone in the world. And then there will be Flame Premium for people who require more in depth snooping.

[secret_society]

Very intelligently deduced. Yet information collection isn't always about making money. Sometimes its about making the proper chess moves for control or a manipulation that leads to something being accomplished in the world that avoids the interference with political debates.

[slownewsday_6000]

by fedup12 May 29, 2012 11:01 PM EDT
No it was 50000. Sure sounded like Mortar.
----
Found 'em! It's the little puppy dog last called "Fake_Messiah".

He's a bible thumper who can't stand being beaten logically, so turns childish and bears false witness against others.

[foo8259]

I suspect it can pick your brains too if you get close to it without your tinfoil hat!

[fedup12]

whoa.... what happened. There were a ton of comments here earlier.

[slownewsday_6000]

I'm sure it's the same-ole same-ole. Those who cannot debate first hurl insults, then get upset and start reporting people, not realizing that the moderators will also look at their comments.

In a sense, they shoot themselves in the foot, which is pretty funny, imo!

[fedup12]

ha ha ha.... OK that is why earths comments are gone too.

And they left me alone again. Weird!

I figured the parasite analogy would set me up for an attack. Couldnt let slow have all the fun :)

[slownewsday_6000]

Israel's rogue government is at it again.

As usual.

[retm-w]

I see the CBS monitor is at it again slow.

[TheIrascibleOne]

Cet animal est tres mechant;
Quand on l'attaque il se defend.

This animal is very malicious; when attacked it defends itself.

[Nocults]

Nothing has changed about the Israelis, for 3,000 years.

The Old Testament states that the nomadic desert tribes of Jews invaded Canaan and slaughtered every man, woman and child to create the Apartheid Israeli Welfare State.
Canaan (Northwest Semitic) (Phoenician , Biblical Hebrew: Masoretic) is a historical and biblical name roughly corresponding to the region encompassing modern-day Israel, Palestinian territories, Lebanon, and the western parts of Jordan.
Canaan was of geopolitical importance in the Late Bronze Age Amarna period because it was the area where the spheres of interest of the Egyptian and Hittite Empires converge.
Historical mention of Canaan is attested throughout the 2nd millennium BC; while sources of the Egyptian New Kingdom mention numerous military campaigns conducted in Caanan.
In modern use, the name is mostly associated with the Hebrew Bible, where the "Land of Canaan" extends from Lebanon southward to the "Brook of Egypt" and eastward to the Jordan River Valley.
Much of the modern knowledge about the Canaanites stems from excavation in this area. Canaanite culture apparently developed in situ from the Circum-Arabian Nomadic Pastoral Complex, which in turn developed from a fusion of Harifian hunter gatherers with Pre-Pottery Neolithic farming cultures, practicing animal domestication, during the 6,200 BC climatic crisis.
Linguistically, the Canaanite languages form a group within the Northwest Semitic languages; its best-known member is the Hebrew language, being mostly known from Iron Age epigraphy. The various Canaanite nations of the Bronze to Iron Age are mentioned in the Bible, Mesopotamian and Ancient Egyptian texts.

[Nocults]

Thank you, Hermann, for draining the U.S. taxpayer dry to pay for Israelis to have universal health care, free universities, subsidized food, utilities, and housing, as well as using American technology to become the 4th largest arms exporter in the world.

Sources: CRS Report RL33222: U.S. Foreign Aid to Israel, updated Jan. 2, 2008, plus the FY '08 omnibus appropriations bill, H.R. 2764.
This estimate of total U.S. direct aid to Israel updates the estimate given in the July 2006 issue of the Washington Report on Middle East Affairs. It is an estimate because arriving at an exact figure is not possible, since parts of U.S. aid to Israel are a) buried in the budgets of various U.S. agencies, mostly that of the Defense Department (DOD), or b) in a form not easily quantifiable, such as the early disbursement of aid, giving Israel a direct benefit in interest income and the U.S. Treasury a corresponding loss. Given these caveats, our current estimate of cumulative total direct aid to Israel is $113.8554 billion.
It must be emphasized that this analysis is a conservative, defensible accounting of U.S. direct aid to Israel, NOT of Israel's cost to the U.S. or the American taxpayer, nor of the benefits to Israel of U.S. aid. The distinction is important, because the indirect or consequential costs suffered by the U.S. as a result of its blind support for Israel exceed by many times the substantial amount of direct aid to Israel. (See, for example, the late Thomas R. Stauffer's article in the June 2003 Washington Report, "The Costs to American Taxpayers of the Israeli-Palestinian Conflict: $3 Trillion.")