Flame: Massive cyber-attack discovered, researchers say
Published: 28th May 2012 14:17:05
A complex targeted cyber-attack that collected private data from countries such as Israel and Iran has been uncovered, researchers have said.
Russian security firm Kaspersky Labs told the BBC they believed the malware, known as Flame, had been operating since August 2010.
The company said it believed the attack was state-sponsored, but could not be sure of its exact origins.
They described Flame as "one of the most complex threats ever discovered".
Research into the attack was carried out in conjunction with the UN's International Telecommunication Union.
In the past, targeted malware - such as Stuxnet - has targeted nuclear infrastructure in Iran.
Others like Duqu have sought to infiltrate networks in order to steal data.
This new threat appears not to cause physical damage, but to collect huge amounts of sensitive information, said Kaspersky's chief malware expert Vitaly Kamluk.
"Once a system is infected, Flame begins a complex set of operations, including sniffing the network traffic, taking screenshots, recording audio conversations, intercepting the keyboard, and so on," he said.
More than 600 specific targets were hit, Mr Kamluk said, ranging from individuals, businesses, academic institutions and government systems.
Iran's National Computer Emergency Response Team posted a security alert stating that it believed Flame was responsible for "recent incidents of mass data loss" in the country.
Mr Kamluk said the size and sophistication of Flame suggested it was not the work of independent cybercriminals, and more likely to be government-backed.
He explained: "Currently there are three known classes of players who develop malware and spyware: hacktivists, cybercriminals and nation states.
"Flame is not designed to steal money from bank accounts. It is also different from rather simple hack tools and malware used by the hacktivists. So by excluding cybercriminals and hacktivists, we come to conclusion that it most likely belongs to the third group."
Among the countries affected by the attack are Iran, Israel, Sudan, Syria, Lebanon, Saudi Arabia and Egypt.
"The geography of the targets and also the complexity of the threat leaves no doubt about it being a nation-state that sponsored the research that went into it," Mr Kamluk said.
The malware is capable of recording audio via a microphone, before compressing it and sending it back to the attacker.
It is also able to take screenshots of on-screen activity, automatically detecting when "interesting" programs - such as email or instant messaging - were open.
Kaspersky's first recorded instance of Flame is in August 2010, although it said it is highly likely to have been operating earlier.
Prof Alan Woodward, from the Department of Computing at the University of Surrey said the attack is very significant.
"This is basically an industrial vacuum cleaner for sensitive information," he told the BBC.
He explained that unlike Stuxnet, which was designed with one specific task in mind, Flame was much more sophisticated.
"Whereas Stuxnet just had one purpose in life, Flame is a toolkit, so they can go after just about everything they can get their hands on."
Once the initial Flame malware has infected a machine, additional modules can be added to perform specific tasks - almost in the same manner as adding apps to a smartphone.
At 17:59:58 in EnglandA businesswoman has said she is close to securing a deal to keep a Banksy artwork in Cheltenham.
At 17:59:09 in EnglandThe Independent Jersey Care Inquiry is investigating child abuse in Jersey's care system since 1945
At 17:57:16 in EntertainmentWork on the eighth series of US sitcom The Big Bang Theory has failed to start on time, as the principal cast members fight for higher salaries.
At 17:55:41 in EnglandA monster-shaped pedalo built in Southampton is due to navigate the coast of Scotland.
At 17:47:37 in WalesA coroner has demanded officials address the dangers of paths that leave "people in peril" on Snowdon after a man fell 600ft (182m) to his death.
At 17:42:32 in Northern IrelandThere has been a further delay of the review into children's heart services in Belfast, the BBC has learned.
At 17:38:14 in SportEngland will take on Pool A winners New Zealand in the netball semi-finals on Saturday after guaranteeing the runners-up spot in Pool B.
At 17:31:55 in EnglandA rogue builder who scammed customers out of more than £100,000 has been jailed for nine years.
At 17:30:23 in EnglandThe nephew of the soldier who won the first Victoria Cross of World War One is to mark the centenary by visiting the place his uncle was killed.
At 17:21:39 in ScotlandTwo men on a motorbike are being sought in connection with a spate of break-ins across Edinburgh, Midlothian and East Lothian.
Harvard CitationBBC News, 2012. Flame: Massive cyber-attack discovered, researchers say [Online] (Updated 28th May 2012)
Available at: http://www.ukwirednews.com/news/1431353/Flame-Massive-cyber-attack-discovered-researchers-say [Accessed 30th Jul 2014]
News In Other Categories
Shadow Chancellor Ed Balls has accused David Cameron of trying to ape one of his predecessors in No 10 by pretending people have "never had it so good".
A businesswoman has said she is close to securing a deal to keep a Banksy artwork in Cheltenham.
There has been a further delay of the review into children's heart services in Belfast, the BBC has learned.
Work on the eighth series of US sitcom The Big Bang Theory has failed to start on time, as the principal cast members fight for higher salaries.
Airbus has said that the market for commercial aircraft is "still very strong" despite a wave of cancelled orders.
England will take on Pool A winners New Zealand in the netball semi-finals on Saturday after guaranteeing the runners-up spot in Pool B.