A new cyberweapon has been dragged into the light, and it’s a biggie.
Despite what the delightful narrator from Fallout has to say on the subject, war is indeed changing. Incursions into the territory of a sovereign state no longer necessitate the use of spies and armies; technology has taken the mantle, leaving behind traces of code in the places formerly occupied by whispers and manila envelopes. The sneakiest weapon in this new kind of war is the data-stealing virus, and the world’s all up in arms about one in particular this week: Flame.
Flame is a nasty piece of work. After infiltrating a machine – which it can do by masquerading as a Windows Update packet or via other means – Flame has the capacity to raid the infected machine for data, keystrokes, and audio files. It takes screenshots every 60 seconds when the computer is running normally, or one every 15 seconds when the user has Outlook, email, or an instant messenging service open. It can infect microphones, collecting audio data from Skype calls and other computer-based chat services. It can even turn Bluetooth-enabled machines into beacons, using this platform to collect contact information from other Bluetooth devices in the vicinity.
All of this gathered information is stored by the virus and then sent off to the attackers’ command-and-control servers for, one presumes, human investigation.
I know, right? Pretty serious stuff. So far as cybersecurity experts at Kaspersky Lab have been able to determine, Flame has been used primarily to infect computers in Iran, the Israeli Occupied Territories, Sudan, and Syria. Customers of cybersecurity firm Symantec have reported instances of Flame from Hungary to the United Arab Emirates, maintaining the malware’s focus on Middle Eastern devices.
These facts, coupled with Flame’s incredible scope and complexity, have led researchers to conclude that the virus is part of a state-run cyberwarfare operation, something akin to the Stuxnet and DuQu cyberattacks levelled at Iranian centrifuges by the United States in 2009-10.
“Stuxnet and Duqu belonged to a single chain of attacks, which raised cyberwar-related concerns worldwide,” said Eugene Kaspersky, CEO and co-founder of Kaspersky Labs, in a statement on Flame. “The Flame malware looks to be another phase in this war, and it’s important to understand that such cyber weapons can easily be used against any country.”
So who set the Flame free, then? Two main teams have so far been pegged as the creators of the malware by various commentators: Team U.S./Israel, and Team China/Russia. While some analysts at Kaspersky believe the former to be responsible, cyberwarfare author Jeffery Carr thinks the latter has more to do with it.
Regular Windows users will be pleased to hear that since the Windows Update exploit was discovered, Microsoft has started working on ways to close the gap. Meanwhile, the Iranian Computer Emergency Response Team posted on its blog this week that it has developed software capable of detecting and removing Flame from infected devices. It said that this software was distributed to select organizations at the beginning of May.
While it’s pleasing that security steps are ostensibly being taken to protect users from Flame, full comprehension of the malware may be a long way off. “It took us half a year to analyze Stuxnet,” said Alexander Gostev, chief security expert at Kaspersky Lab. “This is 20 times more complicated. It will take us 10 years to fully understand everything.”
Expect to hear more about this particular cyberweapon as more analysts dissect it and learn its secrets. In the meantime, enjoy having an excuse (however brief) for distrusting Windows Updater. Or was I the only one?