A malware superbug described as the most complex and sophisticated “cyberweapon” ever devised has attacked computers in Iran and elsewhere in the Middle East, a Russian digital-security provider says.
Although it is one of the countries apparently affected, Israel did little to dampen speculation yesterday about its possible involvement in the malware virus “Flame”.
“Whoever sees the Iranian [nuclear] threat as a significant threat is likely to take various steps, including these, to hobble it,” the Israeli vice premier, Moshe Yaalon, told Army Radio. “Israel is blessed with high technology and we boast tools that open all sorts of opportunities for us.”
The virus could mark a new era in cyberwarfare, in which Iran’s enemies try to slow its nuclear programme without resorting to military strikes that could destabilise the Middle East and beyond, experts say.
But Iran also has the ability to hit back on the cyber front and could wreak havoc on the global economy if it chooses to retaliate against virus attacks or increasingly punitive western sanctions, others warned.
“Oil loading in the Gulf is done by computer and Iran is quite good at cyber-warfare,” said Gary Sick, an Iran expert at Columbia University in New York who was the chief White House aide on issues related to Iran during the 1979 Iranian revolution.
“Nobody’s ever seen what could be done if there is a sophisticated cyber-attack against oil production facilities,” he added.
Kaspersky Lab, which discovered the Flame malware, believes it is state-sponsored, but is not sure of its exact origins. Nor did it say at which country the virus was aimed.
But the Moscow-based company said Flame may have been created on behalf of the same nation or nations that commissioned the Stuxnet worm that attacked Iran’s nuclear programme two years ago.
Kaspersky, one of the world’s biggest producers of anti-virus software, said on its website that “the complexity and functionality of the newly discovered malicious programme exceed all those of all other cyber menaces known to date”.
Iran, which insists its nuclear activities are solely for peaceful purposes, blamed Israel and the United States for the Stuxnet attack that sent its uranium-enrichment centrifuges spinning out of control. Neither country confirmed its involvement.
Iran’s national computer emergency response team posted a security alert yesterday stating that it believed Flame was responsible for “recent incidents of mass data loss” in the country.
Tehran also said it had produced an anti-virus capable of identifying and removing the malware.
Computers at Iran’s oil ministry were attacked in late April by a data- deleting virus similar to Flame.
The incident was played down by the Iranian government at the time and it is not clear whether sensitive data was lost.
Flame, described as an industrial vacuum cleaner for sensitive information, is thought to have been in operation since at least 2010.
It contains 20 times as much code as Stuxnet and is 100 times more complex than a typical virus designed to steal financial information, Kaspersky Lab said.
Flame can gather data files, remotely change settings on computers, turn on PC microphones to record conversations, take screen shots and log instant messaging chats.
Its main goal is espionage rather than sabotage.
Iran’s military has established a special unit to defend the country against computer attacks, which works closely with the defence, intelligence and communications organisations.
Among other countries affected by the Flame virus are Sudan, Syria, Lebanon, Saudi Arabia and Egypt. Kaspersky said Iran was by far the worst affected.
Israel hints it may be behind ‘Flame’ super-virus targeting Iran
A top Israeli minister yesterday fed speculation that the Jewish state could be responsible for a powerful new virus said to have been used in a fresh attack on computers in Iran and elsewhere in the Middle East.
Mr Yaalon, a former military Chief of Staff, added: “Israel was blessed as being a country rich with high-tech. These tools that we take pride in open up all kinds of opportunities for us.”
He stopped short of directly claiming responsibility, but Israel has long been in the forefront of opposition to Iran’s nuclear programme, currently the subject of difficult negotiations between Tehran and six world powers.
Although many viruses can already steal large amounts of data, few have been as comprehensive as Flame, or steal in so many different ways. The security industry is still in the early stages of examining what exactly Flame can do, but examples already given include hijacking a computer’s microphone to record conversations, taking screen shots during chats through instant messenger and even stealing data from devices that are attached to an infected computer through a Bluetooth connection.
The Flame virus is believed to the third and, at least in information gathering, most effective cyber attack on Iranian computer systems in recent years. Tehran admitted the best known of these, Stuxnet, had damaged centrifuges at its uranium enrichment plant in Natanz in 2010.
The internet security industry has been both shocked and impressed by Flame’s complexity and how dedicated it is to stealing as much intelligence data from a computer network as possible. Rik Ferguson, director of security research at Trend Micro, told The Independent: “It’s a very comprehensive and bespoke piece of malware. It’s further evidence that certain states or organisations are using malware to deliver very effective targeted attacks that can only be developed with significant planning and resources.”
There are disagreements over how long it has been in existence. Kaspersky say the attacks began around 2010, but analysts at Budapest University’s renowned Cryptography and System Security, which has also been analysing the virus since March, say evidence suggests Flame may have been infiltrating computer systems for five years.
Iran has largely played down its vulnerability to cyber attack, which it regards as part of a continued campaign by Israel and the US against its nuclear programme. It also blames those states for targeted assassinations of nuclear scientists. Officials at Iran’s communications and technology ministry said yesterday they had produced an antivirus capable of identifying and removing the new malware, although many security analysts question such claims.
Mr Yaalon also yesterday voiced Israeli government scepticism about the ongoing negotiations with Tehran, saying last week’s inconclusive talks in Baghdad “yielded no significant achievement” except to let Iran buy time. Talks will resume in Moscow next month.
The talks have so far faltered on Iran’s resistance to demands for an end to higher grade 20 per cent uranium enrichment unless the West first eases sanctions which are due to be tightened significantly at the end of June.