01/06/2012

IDG Connect Dan Swinhoe (Iran)- Meet Flame: The Super Cyber Weapon

The Global Business Library

Start Searching
All White Papers Video Case Studies

Go
Join

White Papers Full Library

Case Studies About us

Video Blog

Home > Blog Ab stract

Connect with us:

Dan Swinhoe (Iran)- Meet Flame: The Super Cyber Weapon

Posted b y Dan Swinhoe Company IDG Connect 05/31/2012

Search blog

Editorial Calendar
June 2012
Mon Tue Wed Thu Fri 1 4 11 18 25 5 12 19 26 6 13 20 27 7 14 21 28 8 15 22 29 Sat 2 9 16 23 30 Sun 3 10 17 24

What you're Saying Douglas Cohen (South Africa) - Connecting Rural Areas (Part 2)
These are some good ideas, b ut I doub t the government will act with any haste to fix anything. Like you said, the USAF has b een untapped and implementing... Patrick 05-29-2012

Early last week, the IT newswires lit up the revelation that Iran had suffered another major Malware attack. This threat, known as Flame' or 'Skywiper,' has b een dub b ed the most complicated piece of malicious software ever created. Discovered b y the Russian Kaspersky Lab , called it a super-cyb er weapon, ' saying It is a b ackdoor, a Trojan, and it has worm-like features, allowing it to replicate in a local network and on removab le media if it is commanded so b y its master.' The threat has b een found across the Middle East b ut Iran suffered the most, with almost 200 infections found. Experts say it has b een around since 2010 or even earlier. It's not the first time Iran has b een targeted, b ut the third. The Stuxnet virus attacked Iran's nuclear program in 2010, and its data-stealing cousin Duqu was discovered in Septemb er of last year. Experts studying the codes of these attacks say they are highly likely to have originated from the same source. An industrial vacuum cleaner for sensitive information Flame' contains ab out 20 times as much code as Stuxnet, which caused centrifuges to fail at the Iranian enrichment facility it attacked. It has ab out 100 times as much code as a typical virus designed to steal financial information. When installed the malware makes up 20 megab ytes and contains multiple lib raries, SQLite3 datab ases, various levels of encryption (b oth some strong and weak) and 20 plug-ins that can b e swapped to provide functionality. Its code is modular, extendab le and updateab le, and capab le of a wide range of covert, malicious b ehaviours. Flame' can steal data, capture screen shots, record audio using the compromised system's microphone-b ut that just b arely scratches the surface It covers all major possib ilities to gather intelligence, including keyb oard, screen, microphone, storage devices, network, wifi, Bluetooth, USB and system processes. It seems the authors had the ab ility to change functionality and b ehaviour as they wished. These c changes can b e introduced as upgrades to functionality, fixes, or simply to evade security products. Still A Threat? It sounds scary and is a milestone in Malware, b ut should you b e worried? Thankfully, prob ab ly not. For one, it doesn't seem its purpose was to ever interfere, just to watch, making it closer to a wiretap than harmful virus. And b y Wednesday Iran's National Computer Emergency Response Team (Maher) said in a statement that the detection and clean-up tool was finished and ready for distrib ution to organisations at risk of infection. In all likelihood it seems there was only ever a small chance that your system was infected, b ecause although the list of systems attacked ranged from individuals and b usinesses to academic institutions and government systems, the
Share

Share

Kasey Cassells (Europe) - A Taste of the New UK Cookie Laws

In your article you ask "what do you think of the ePrivacy Directive, and how has it affected you?" In my opinion, the movements in e-Privacy Directive,... Guido Sanchidrian View all comments 05-26-2012

IDG Connect Soundbite

Glob al: Are you clear for launch into the cloud? http://t.co/URmfGCpC US: Can the Megaupload case take place in the US? http://t.co/U9Bo5hsh Middle East: Is Iraq digitally isolated or connected? http://t.co/nOVGFVNS Glob al: Will Apple end its feud with Faceb ook under Tim Cook? http://t.co/MWU9fxs3 Follow idgconnect on Twitter

Partners

Contributors

www.idgconnect.com/blog-abstract/542/dan-swinhoe-iran-meet-flame-the-super-cyber-weapon

1/2

01/06/2012

IDG Connect Dan Swinhoe (Iran)- Meet Flame: The Super Cyber Weapon
Seoul Space IDG Connect Marketers ILX Group Gerdau SA Afrinnovator South African Local Government Association idgconnectlaw Popular Tags idgconnect IT Infrastructure Cloud Computing Regional Content Technology IT skills Data Management Data Security Glob al trends (ISC)2 Monster Reksoft CSC Netmagic Solutions Smart Sky Electronics We45 Solutions Business Daily Web sense Afrinnovator Business TechNode Security Cib ecs Computing Cloud Venafi ility Mob ILX Group Data CAMM IT Skills ISACA Trends Brocade Internet

general consensus is that this was a targeted attack. Its targeted nature was on the reasons that it escaped detection for so long. According to PCWorld.com, one vendor predicts there was a delay in it b eing introduced and b ecoming active. As many security tools use some form of reputation analysis to help determine if a given program is malware or not (So if the file or command has b een seen b efore without causing harm it's given a pass and trusted) it's theorized the amount of time that has passed b etween the initial development of the underlying Flame' code and its active use as a tool for cyb er espionage or cyb er warfare may have b een an intentional effort to game the reputation system and sneak in under the radar.' Purpose-Built Its complexity has led the scientists who found it to suggest that it must've b een a state-led attack. A Symantec b log noted, "As with the previous two threats, this code was not likely to have b een written b y a single individual b ut b y an organized, well-funded group of people working to a clear set of directives." Though they couldn't say where it originated, the Kaspersky Lab said; "Currently there are three known classes of players who develop malware and spyware: hacktivists, cyb ercriminals and nation states. Flame is not designed to steal money from b ank accounts. It is also different from rather simple hack tools and malware used b y the hacktivists. So b y excluding cyb ercriminals and hacktivists, we come to conclusion that it most likely b elongs to the third group" So who might've sent it? It's not my job to point fingers, b ut much speculation in the media points to neighb ours Israel. According to the Jerusalem Post, Israel's Vice Premier Moshe Ya'alon last Tuesday said that "whoever sees the Iranian threat as a serious threat would b e likely to take different steps, including these, in order to hurt them." Later he also added, "Israel is b lessed to b e a nation possessing superior technology. These achievements of ours open up all kinds of possib ilities for us." Whether that was a hint or just a b oast that they could if they wanted, a piece from RichardSilverstein.com is less sub tle and claims a high-ranking source admitted his country was the source. Until proof is found or someone admits to writing it, this is all speculation, b ut it can't help what are already frosty intentional relations in the region. It's going to take years to fully unravel Flame.' At the rate these attacks are occurring, b y the time they do fully understand it, the next attack will b e imminent or already have happened. It might already b e lurking in systems right now. Pointing fingers won't do any good, neither will retaliating with home-grown state Malware. The right and clever course of action here is to tighten up the holes that let Flame' in, and try and use this as a lesson to prepare for any future attacks. More checks, tighter security and stricter access may b e a good way to start.

Categories

Mob ility Management Epicor Software Social Media Mob ile Phones Gerdau SA Other CIO East Africa eDevelopment Resource Centre

Add Com m ent

Share

Share

PREVIOUS POST > NEXT POST >

Peter Duffy (Global) - IT Analytics: Clearing you for Launch into the Cloud

Bob Scott (Europe) - Smart Leaders Identify Opportunities from Within

White Papers Copyright 2012, IDG Connect, All rights reserved. Designated trademark s and brands are the property of their respective owners. Use of this web site constitutes acceptance of the IDG Connect Terms and Conditions and Privacy Policy.
CIO Computerworld CSO GamePro Games.net World Expo Infoworld PC World

Case Studies About us

Video Blog

Full Library Connect with us:

ITworld JavaWorld

Linuxworld

MacUser

Macworld

Network World

www.idgconnect.com/blog-abstract/542/dan-swinhoe-iran-meet-flame-the-super-cyber-weapon

2/2