Flame: Massive cyber-attack discovered, researchers say
Published: 28th May 2012 14:17:05
A complex targeted cyber-attack that collected private data from countries such as Israel and Iran has been uncovered, researchers have said.
Russian security firm Kaspersky Labs told the BBC they believed the malware, known as Flame, had been operating since August 2010.
The company said it believed the attack was state-sponsored, but could not be sure of its exact origins.
They described Flame as "one of the most complex threats ever discovered".
Research into the attack was carried out in conjunction with the UN's International Telecommunication Union.
In the past, targeted malware - such as Stuxnet - has targeted nuclear infrastructure in Iran.
Others like Duqu have sought to infiltrate networks in order to steal data.
This new threat appears not to cause physical damage, but to collect huge amounts of sensitive information, said Kaspersky's chief malware expert Vitaly Kamluk.
"Once a system is infected, Flame begins a complex set of operations, including sniffing the network traffic, taking screenshots, recording audio conversations, intercepting the keyboard, and so on," he said.
More than 600 specific targets were hit, Mr Kamluk said, ranging from individuals, businesses, academic institutions and government systems.
Iran's National Computer Emergency Response Team posted a security alert stating that it believed Flame was responsible for "recent incidents of mass data loss" in the country.
Mr Kamluk said the size and sophistication of Flame suggested it was not the work of independent cybercriminals, and more likely to be government-backed.
He explained: "Currently there are three known classes of players who develop malware and spyware: hacktivists, cybercriminals and nation states.
"Flame is not designed to steal money from bank accounts. It is also different from rather simple hack tools and malware used by the hacktivists. So by excluding cybercriminals and hacktivists, we come to conclusion that it most likely belongs to the third group."
Among the countries affected by the attack are Iran, Israel, Sudan, Syria, Lebanon, Saudi Arabia and Egypt.
"The geography of the targets and also the complexity of the threat leaves no doubt about it being a nation-state that sponsored the research that went into it," Mr Kamluk said.
The malware is capable of recording audio via a microphone, before compressing it and sending it back to the attacker.
It is also able to take screenshots of on-screen activity, automatically detecting when "interesting" programs - such as email or instant messaging - were open.
Kaspersky's first recorded instance of Flame is in August 2010, although it said it is highly likely to have been operating earlier.
Prof Alan Woodward, from the Department of Computing at the University of Surrey said the attack is very significant.
"This is basically an industrial vacuum cleaner for sensitive information," he told the BBC.
He explained that unlike Stuxnet, which was designed with one specific task in mind, Flame was much more sophisticated.
"Whereas Stuxnet just had one purpose in life, Flame is a toolkit, so they can go after just about everything they can get their hands on."
Once the initial Flame malware has infected a machine, additional modules can be added to perform specific tasks - almost in the same manner as adding apps to a smartphone.
At 20:50:52 in EnglandGreater Manchester's Police and Crime Commissioner says he will reduce the number of staff in his team and move to an office at police headquarters.
At 20:48:54 in EnglandThe closure of two care homes in a Kent seaside town without explanation is an "insult to residents and staff", the GMB union has said.
At 20:32:17 in HeadlinesThe Israeli Prime Minister Benjamin Netanyahu has vowed a continued campaign against Gaza militants, amid renewed fighting between the two sides.
At 20:25:25 in EnglandTraders in Birmingham say they are angry the opening of a new Tesco store, first proposed 16 years ago, has been delayed for three more years.
At 20:17:56 in Northern IrelandTwo men, aged 38 and 25, have been arrested in Bangor on suspicion of offences linked to suspected people trafficking and prostitution.
At 20:04:28 in EnglandA £1,000 reward is being offered for information on burglaries at homes and a service station in Leicester that were evacuated after a large fire.
At 20:01:51 in BusinessSince almost five decades of rule by a military junta came to an end in Myanmar (also known as Burma) in 2011, a growing number of tourists are choosing to visit the South East Asian nation.
At 19:45:41 in EnglandA section of ancient town wall in Ludlow remains unrepaired 18 months after it collapsed.
At 19:24:16 in HeadlinesSeveral lorries from a Russian convoy carrying aid are close to crossing into Ukrainian territory, local reports say.
At 19:21:25 in HeadlinesThe manager of the independent Shabelle radio station in the Somali capital has told the BBC he is in hiding after the authorities took it off air.
Harvard CitationBBC News, 2012. Flame: Massive cyber-attack discovered, researchers say [Online] (Updated 28th May 2012)
Available at: http://www.ukwirednews.com/news/1431353/Flame-Massive-cyber-attack-discovered-researchers-say [Accessed 20th Aug 2014]
News In Other Categories
Grammy Award-winning reggae star Buju Banton, who is serving 10 years in jail over drugs charges, has been granted a new hearing in his latest appeal.
With the doors to its brand new £1million training centre officially open, one of the UK's leading apprentice training providers, Bristol based S&B Automotive Academy, is showcasing its world-class facilities by launching a series of foreign student exchanges for the first time in its 41-year history. To get a flavour of what life is like as an apprentice in the UK, the Academy hosted 16 apprentice engineers and bus drivers from the G9 Automotive College in Hamburg, Germany, as part of a Europe-wide vocational training initiative called the ‘Leonardo Programme’ with support from the European Social Fund. In a reciprocal arrangement, S&B will be sending nine apprentices to Germany during February 2012 so that they can get an appreciation of life in the automotive industry on the Continent. A further three German exchange groups are being planned for next year. Designed to assist the development of vocational skills and training across Europe, including work placements for trainees, the Leonardo Programme has a budget of €1.75bn, which is helping to encourage UK organisations to work with their counterparts abroad. In what is expected to be another challenging year for employers in the UK automotive sector, S&B’s Chief Executive, Jon Winter, claims that the exchange initiative will bring many benefits to the Academy and its apprentices: “In a world of global automotive brands, it’s important for our learners to understand the international context of the industry they have chosen to make their career. This new exchange programme will enable apprentices and Academy staff alike to achieve a better understanding of the challenges and opportunities within the automotive arena in Europe. With the Academy’s influence also extending to the USA and Asia, there’s every possibility that this initiative could move further afield in the future.” Continued Winter: “The need for skilled technicians across the world is on the increase and we actively encourage our apprentices to look at broader horizons during their training. Many of them have already learned the phrase ‘Vorsprung durch Gelehrtheit’, quite simply, ‘Advancement through learning.” In the 2010/11 academic year, S&B doubled the number of successful Apprenticeships over the previous year with some 350 apprentices graduating from the Academy. At the same time, achievement levels reached an all-time high with an overall success rate of 85%. For those learners on the Advanced Apprenticeship three-year programme, success rates were even higher, at over 98%. PHOTO CAPTION: As part of their exchange visit, S&B Automotive Academy arranged for the German apprentices to visit Hampshire bus operator, Bluestar, at its Barton Park depot. The students are pictured with S&B’s Andy West (3rd right) and Steve Prewett, Bluestar’s Area Engineering Manager (2nd right). Ends http://www.sandbaa.com
Thieves and vandals struck more than 300 times at churches and religious buildings across north Wales over the last three years, new figures show.
Two men, aged 38 and 25, have been arrested in Bangor on suspicion of offences linked to suspected people trafficking and prostitution.
Cardiff City have given Crystal Palace and their sporting director Iain Moody notice that they intend to serve legal action against them.
Greater Manchester's Police and Crime Commissioner says he will reduce the number of staff in his team and move to an office at police headquarters.