Tweet
Overwhelmingly, comments on this article have congratulated Israel, although no hard evidence exists to say what country or persons came up with this grandaddy of all spy viruses.
http://www.nytimes.com/2012/05/30/wo....html?_r=1&hpw
ran Confirms Attack by New Data Virus
By THOMAS ERDBRINK
Published: May 29, 2012 68 Comments
TEHRAN — The computers of high-ranking Iranian officials appear to have been penetrated by a data-mining virus called Flame, in what may be the most destructive cyberattack on Iran since the notorious Stuxnet virus, an Iranian cyberdefense organization confirmed on Tuesday.
In a message posted on its Web site, Iran’s Computer Emergency Response Team Coordination Center warned that the virus is potentially more harmful than the 2010 Stuxnet virus, which destroyed several centrifuges used for Iran’s nuclear enrichment program. In contrast to Stuxnet, the newly identified virus is designed not to do damage but to secretly collect information from a wide variety of sources.
Flame, which experts say could be as many as five years old, was discovered by Iranian cyberexperts. In a statement about Flame on its Web site, Kaspersky Lab, a Russian producer of antivirus software, said that “the complexity and functionality of the newly discovered malicious program exceed those of all other cyber menaces known to date.”
The virus bears special encryption hallmarks that an Iranian cyberdefense official said bear strong similarities to previous Israeli malware. “Its encryption has a special pattern which you only see coming from Israel,” said Kamran Napelian, an official with Iran’s Computer Emergency Response Team. “Unfortunately, they are very powerful in the field of I.T.”
While Israel never comments officially on such matters, its involvement was hinted at by top officials there. “Anyone who sees the Iranian threat as a significant threat — it’s reasonable that he will take various steps, including these, to harm it,” said the vice prime minister and strategic affairs minister, Moshe Yaalon, in a widely quoted interview with Israel’s Army Radio on Tuesday.
In a speech Tuesday night, Prime Minister Benjamin Netanyahu did not mention Flame specifically, but he did include cyberthreats as one of five critical types of threats Israel faces, saying, “We are investing a great deal of money in that, human capital and financial capital. I expect these investments to yield a great deal in the coming years.”
Mr. Napelian said that Flame seems designed to mine data from personal computers and is distributed through USB sticks rather than the Internet, meaning that a USB has to be inserted manually into at least one computer in a network.
“This virus copies what you enter on your keyboard, it monitors what you see on your computer screen,” Mr. Napelian said in a telephone interview. That includes collecting passwords, recording sounds if the computer is connected to a microphone, scanning disks for specific files and monitoring Skype.
“Those controlling the virus can direct it from a distance,” Mr. Napelian said. “Flame is no ordinary product. This was designed to monitor selected computers.”
Mr. Napelian said he was not authorized to disclose how much damage Flame had caused, but guessed the virus had been active for the past six months and was responsible for a “massive” data loss. Iran says it has developed antivirus software to combat Flame, something that international antivirus companies have yet to do, since they have just become aware of its existence.
“One of the most alarming facts is that the Flame cyberattack campaign is currently in its active phase, and its operator is consistently surveilling infected systems, collecting information and targeting new systems to accomplish its unknown goals,” Alexander Gostev, chief security expert at Kaspersky Lab said on the company’s Web site.
In his speech Tuesday, at the annual conference of Israel National Security Studies, Mr. Netanyahu made his first public comments about the talks last week in Baghdad on Iran’s nuclear program, expressing disappointment that the Western powers were not demanding more of Tehran.
“Not only should the sanctions be intensified, the demands should be intensified,” Mr. Netanyahu said. “I say sadly that this is not what’s being required of Iran today. In the previous round they were asked to stop the 3.5 percent enrichment and that’s not what’s happening now.”
He added: “They have continued to enrich, undisturbed. In other words, they are moving ahead, constantly, with their nuclear program to build a nuclear bomb.”
Jodi Rudoren contributed reporting from Tel Aviv.
By THOMAS ERDBRINK
Published: May 29, 2012 68 Comments
TEHRAN — The computers of high-ranking Iranian officials appear to have been penetrated by a data-mining virus called Flame, in what may be the most destructive cyberattack on Iran since the notorious Stuxnet virus, an Iranian cyberdefense organization confirmed on Tuesday.
In a message posted on its Web site, Iran’s Computer Emergency Response Team Coordination Center warned that the virus is potentially more harmful than the 2010 Stuxnet virus, which destroyed several centrifuges used for Iran’s nuclear enrichment program. In contrast to Stuxnet, the newly identified virus is designed not to do damage but to secretly collect information from a wide variety of sources.
Flame, which experts say could be as many as five years old, was discovered by Iranian cyberexperts. In a statement about Flame on its Web site, Kaspersky Lab, a Russian producer of antivirus software, said that “the complexity and functionality of the newly discovered malicious program exceed those of all other cyber menaces known to date.”
The virus bears special encryption hallmarks that an Iranian cyberdefense official said bear strong similarities to previous Israeli malware. “Its encryption has a special pattern which you only see coming from Israel,” said Kamran Napelian, an official with Iran’s Computer Emergency Response Team. “Unfortunately, they are very powerful in the field of I.T.”
While Israel never comments officially on such matters, its involvement was hinted at by top officials there. “Anyone who sees the Iranian threat as a significant threat — it’s reasonable that he will take various steps, including these, to harm it,” said the vice prime minister and strategic affairs minister, Moshe Yaalon, in a widely quoted interview with Israel’s Army Radio on Tuesday.
In a speech Tuesday night, Prime Minister Benjamin Netanyahu did not mention Flame specifically, but he did include cyberthreats as one of five critical types of threats Israel faces, saying, “We are investing a great deal of money in that, human capital and financial capital. I expect these investments to yield a great deal in the coming years.”
Mr. Napelian said that Flame seems designed to mine data from personal computers and is distributed through USB sticks rather than the Internet, meaning that a USB has to be inserted manually into at least one computer in a network.
“This virus copies what you enter on your keyboard, it monitors what you see on your computer screen,” Mr. Napelian said in a telephone interview. That includes collecting passwords, recording sounds if the computer is connected to a microphone, scanning disks for specific files and monitoring Skype.
“Those controlling the virus can direct it from a distance,” Mr. Napelian said. “Flame is no ordinary product. This was designed to monitor selected computers.”
Mr. Napelian said he was not authorized to disclose how much damage Flame had caused, but guessed the virus had been active for the past six months and was responsible for a “massive” data loss. Iran says it has developed antivirus software to combat Flame, something that international antivirus companies have yet to do, since they have just become aware of its existence.
“One of the most alarming facts is that the Flame cyberattack campaign is currently in its active phase, and its operator is consistently surveilling infected systems, collecting information and targeting new systems to accomplish its unknown goals,” Alexander Gostev, chief security expert at Kaspersky Lab said on the company’s Web site.
In his speech Tuesday, at the annual conference of Israel National Security Studies, Mr. Netanyahu made his first public comments about the talks last week in Baghdad on Iran’s nuclear program, expressing disappointment that the Western powers were not demanding more of Tehran.
“Not only should the sanctions be intensified, the demands should be intensified,” Mr. Netanyahu said. “I say sadly that this is not what’s being required of Iran today. In the previous round they were asked to stop the 3.5 percent enrichment and that’s not what’s happening now.”
He added: “They have continued to enrich, undisturbed. In other words, they are moving ahead, constantly, with their nuclear program to build a nuclear bomb.”
Jodi Rudoren contributed reporting from Tel Aviv.
http://www.nytimes.com/2012/05/30/wo....html?_r=1&hpw
Comment