New malware said to “dwarf Stuxnet in size and sophistication” has reportedly hijacked computer systems in Middle Eastern countries including Iran, Israel, Sudan, Syria, Lebanon, Saudi Arabia and Egypt.
Researchers believe the malware known as “Flame” has been stealing and deleting massive amounts of information since 2010. They said it was “one of the most complex threats ever discovered.”
Flame is twenty times larger and far more advanced than Stuxnet, yet it isn’t out to destroy as Stuxnet was.
Instead, it can record network traffic, take screenshots, record audio from microphones, intercept keyboard strokes, read email and instant messages, while sending all of the data to the attacker and then delete it.
As with Stuxnet, Iran seems to have taken the brunt of the damage: “Iran’s National Computer Emergency Response Team posted a security alert stating that it believed Flame was responsible for ‘recent incidents of mass data loss’ in the country,” reported the BBC.
It was Iran who sought the help of multinational computer security firm Kaspersky Labs after discovering the loss of data.
As for the origins, chief malware expert at Kaspersky, Vitaly Kamluk, told the BBC that there is “no doubt” that the origin of the malware is from a nation-state:
‘Flame is not designed to steal money from bank accounts. It is also different from rather simple hack tools and malware used by the hacktivists. So by excluding cybercriminals and hacktivists, we come to conclusion that it most likely belongs to the third group…
The geography of the targets and also the complexity of the threat leaves no doubt about it being a nation-state that sponsored the research that went into it,’ Mr Kamluk said.
Although it’s pretty clear to the experts that an attack this sophisticated had to have come from a State sponsor, investigators are unsure of Flame’s origins.
It’s become widely accepted that Israel and the U.S. were behind the Stuxnet attack on Iran, a claim repeated yesterday by Forbes and never denied by either government.
As the West has yet to face a meaningful cyber attack, one must wonder why they’re pushing so hard for privacy-destroying cybersecurity legislation. Apparently, they know how effective these attacks can be because it’s beginning to appear as though they’re the only ones using this technology.
Indeed, this attack if anything appears to galvanize support for increasing cooperation to “protect” against cyber threats. As Eugene Kaspersky, CEO of Kaspersky labs said in a statement:
Stuxnet and Duqu belonged to a single chain of attacks, which raised cyberwar-related concerns worldwide.
The Flame malware looks to be another phase in this war, and it’s important to understand that such cyber weapons can easily be used against any country.
It should be noted that Kaspersky is part of the cyber military-industrial complex which stands to gain immensely as the next “phase of this war” heats up. Yet they deserve some credit for exposing Stuxnet, Duqu, and now Flame. Otherwise the public would know nothing about them.
“This is one of many, many campaigns that happen all the time and never make it into the public domain,” Alexander Klimburg, a cyber security expert at the Austrian Institute for International Affairs, told Reuters.
One thing we know for sure, guys in caves with box cutters couldn’t pull this one off. The blame game really can’t involve too many players.
But since the main damage was done to Iran, this story will likely go away as quickly as it came. However, expect enough buzz from officialdom to propagate the need for cybersecurity legislation.
Read other articles by Eric Blair HERE