Security researchers have linked the Flame virus to Israel while U.S. computer security experts say that it bears the hallmarks of the National Security Agency (NSA), according to reports from Nicole Perlroth of The New York Times and Robert Windrem of NBC News.
Flame is a massive program that leaves a backdoor (i.e. Trojan) on computers through which it sucks information from networks by actions that include recording keystrokes, capturing screen images, remotely changing settings on computers, turning every computer into a listening device, and using Bluetooth to gather data from nearby cell phones and tablets.
The 20 megabyte virus was first discovered over the weekend by Russian cybersecurity firm Kaspersky Lab after a U.N. telecommunications agency asked it to analyze data on malicious software across the Middle East after Iranian reports of a data-wiping virus, according to Reuters.
The highest concentrations of compromised computers were found in Iran, followed by the Palestinian West Bank, Israel, Sudan, Syria and Lebanon. Additional infections have been reported in Hungary, Austria, Russia, Hong Kong, and the United Arab Emirates.
Kaspersky researchers told The New York Times that Flame shares notable features with the Duqu and Stuxnet malware, including exploiting the same flaw in the Windows operating system and that they believe all three viruses were written by the same state-sponsored campaign.
Duqu was a surveillance tool used to copy blueprints of Iran’s nuclear program whereas Stuxnet destroyed roughly a fifth of Iran’s nuclear centrifuges by causing them to spin out of control.
Perlroth reports that Kaspersky researchers tracked the working hours of Duqu’s operators, finding that they coincided with Jerusalem local time and were inactive during the Sabbath (i.e. between sundown on Fridays and sundown on Saturdays) when observant Jews typically refrain from secular work.
A January 2011 report in The New York Times revealed that Stuxnet was tested at Dimona (i.e. the supposed headquarters of Israel’s nuclear weapons program) in addition to other ”clues suggesting that the virus was designed as an American-Israeli project to sabotage the Iranian program.”
Cybersecurity experts noted that Flame may have been designed before or at the same time as Duqu (which researchers think was created around August 2007) and Stuxnet (which first appeared in June 2009) because the antivirus maker Webroot first encountered a sample of Flame in December 2007 and Hungarian Laboratory of Cryptography and Systems Security, which first discovered Duqu, told Reuters that Flame may have been active for at least five years and perhaps eight years or more.
- With New Malware Virus, Israel Fans a Virtual Flame Against Iran (commondreams.org)
- Researchers Link Flame Virus to Stuxnet and Duqu (nytimes.com)
- Son of Stuxnet: Sophisticated ‘Flame’ virus infected thousands of Mideast computers (news.nationalpost.com)
- Israel Gets the Blame for Flame Virus – New York Times (blog) (rendezvous.blogs.nytimes.com)
- Iranian oil industry battled complex Flame virus last month (slashgear.com)
- Iran Gets Flamed in a New Cyberattack – Businessweek (businessweek.com)