Flame: Massive cyber-attack discovered, researchers say
Published: 28th May 2012 14:17:05
A complex targeted cyber-attack that collected private data from countries such as Israel and Iran has been uncovered, researchers have said.
Russian security firm Kaspersky Labs told the BBC they believed the malware, known as Flame, had been operating since August 2010.
The company said it believed the attack was state-sponsored, but could not be sure of its exact origins.
They described Flame as "one of the most complex threats ever discovered".
Research into the attack was carried out in conjunction with the UN's International Telecommunication Union.
In the past, targeted malware - such as Stuxnet - has targeted nuclear infrastructure in Iran.
Others like Duqu have sought to infiltrate networks in order to steal data.
This new threat appears not to cause physical damage, but to collect huge amounts of sensitive information, said Kaspersky's chief malware expert Vitaly Kamluk.
"Once a system is infected, Flame begins a complex set of operations, including sniffing the network traffic, taking screenshots, recording audio conversations, intercepting the keyboard, and so on," he said.
More than 600 specific targets were hit, Mr Kamluk said, ranging from individuals, businesses, academic institutions and government systems.
Iran's National Computer Emergency Response Team posted a security alert stating that it believed Flame was responsible for "recent incidents of mass data loss" in the country.
Mr Kamluk said the size and sophistication of Flame suggested it was not the work of independent cybercriminals, and more likely to be government-backed.
He explained: "Currently there are three known classes of players who develop malware and spyware: hacktivists, cybercriminals and nation states.
"Flame is not designed to steal money from bank accounts. It is also different from rather simple hack tools and malware used by the hacktivists. So by excluding cybercriminals and hacktivists, we come to conclusion that it most likely belongs to the third group."
Among the countries affected by the attack are Iran, Israel, Sudan, Syria, Lebanon, Saudi Arabia and Egypt.
"The geography of the targets and also the complexity of the threat leaves no doubt about it being a nation-state that sponsored the research that went into it," Mr Kamluk said.
The malware is capable of recording audio via a microphone, before compressing it and sending it back to the attacker.
It is also able to take screenshots of on-screen activity, automatically detecting when "interesting" programs - such as email or instant messaging - were open.
Kaspersky's first recorded instance of Flame is in August 2010, although it said it is highly likely to have been operating earlier.
Prof Alan Woodward, from the Department of Computing at the University of Surrey said the attack is very significant.
"This is basically an industrial vacuum cleaner for sensitive information," he told the BBC.
He explained that unlike Stuxnet, which was designed with one specific task in mind, Flame was much more sophisticated.
"Whereas Stuxnet just had one purpose in life, Flame is a toolkit, so they can go after just about everything they can get their hands on."
Once the initial Flame malware has infected a machine, additional modules can be added to perform specific tasks - almost in the same manner as adding apps to a smartphone.
At 15:52:00 in Northern IrelandIt was a Belfast judge who first called the "Golden Circle" deal for what it was.
At 15:50:47 in SportWorld number three Mark Selby believes Sheffield will eventually lose the World Snooker Championship to China.
At 15:49:14 in WalesThe biggest bus operator in Wales has announced it will axe 14 services and reduce the frequency of eight others.
At 15:48:18 in EnglandA hi-tech balloon launched in Nottingham to take pictures of the Earth has been lost in Oxfordshire.
At 15:47:58 in SportTottenham's record signing Erik Lamela will miss the remaining games of this season because of a back injury, manager Tim Sherwood says.
At 15:47:28 in EnglandFireworks smoke was "not to blame" for a crash on the M5 which killed seven people, a coroner has ruled.
At 15:43:04 in SportOxford midfielder Josh Ruffels has signed a new contract which could keep him at the League Two club until 2018.
At 15:42:36 in Northern IrelandPolice have charged a 30-year-old woman with the murder of a baby in Belfast.
At 15:38:00 in ScotlandAn investigation has been launched after a man was killed in a flat fire in Edinburgh.
At 15:30:05 in ScotlandTwo men are facing life sentences for stabbing a man they blamed for the drugs death of a friend.
Harvard CitationBBC News, 2012. Flame: Massive cyber-attack discovered, researchers say [Online] (Updated 28th May 2012)
Available at: http://www.ukwirednews.com/news/1431353/Flame-Massive-cyber-attack-discovered-researchers-say [Accessed 17th Apr 2014]
News In Other Categories
The biggest bus operator in Wales has announced it will axe 14 services and reduce the frequency of eight others.
The US city of Portland, Oregon, is dumping 38m gallons (143m litres) of water from its reservoir after a teenager was caught urinating into the water supply.
A hi-tech balloon launched in Nottingham to take pictures of the Earth has been lost in Oxfordshire.
BBC News presenter George Alagiah has been diagnosed with bowel cancer.
US banking giants Goldman Sachs and Morgan Stanley have reported contrasting results for the first quarter of the year.
With the doors to its brand new £1million training centre officially open, one of the UK's leading apprentice training providers, Bristol based S&B Automotive Academy, is showcasing its world-class facilities by launching a series of foreign student exchanges for the first time in its 41-year history. To get a flavour of what life is like as an apprentice in the UK, the Academy hosted 16 apprentice engineers and bus drivers from the G9 Automotive College in Hamburg, Germany, as part of a Europe-wide vocational training initiative called the ‘Leonardo Programme’ with support from the European Social Fund. In a reciprocal arrangement, S&B will be sending nine apprentices to Germany during February 2012 so that they can get an appreciation of life in the automotive industry on the Continent. A further three German exchange groups are being planned for next year. Designed to assist the development of vocational skills and training across Europe, including work placements for trainees, the Leonardo Programme has a budget of €1.75bn, which is helping to encourage UK organisations to work with their counterparts abroad. In what is expected to be another challenging year for employers in the UK automotive sector, S&B’s Chief Executive, Jon Winter, claims that the exchange initiative will bring many benefits to the Academy and its apprentices: “In a world of global automotive brands, it’s important for our learners to understand the international context of the industry they have chosen to make their career. This new exchange programme will enable apprentices and Academy staff alike to achieve a better understanding of the challenges and opportunities within the automotive arena in Europe. With the Academy’s influence also extending to the USA and Asia, there’s every possibility that this initiative could move further afield in the future.” Continued Winter: “The need for skilled technicians across the world is on the increase and we actively encourage our apprentices to look at broader horizons during their training. Many of them have already learned the phrase ‘Vorsprung durch Gelehrtheit’, quite simply, ‘Advancement through learning.” In the 2010/11 academic year, S&B doubled the number of successful Apprenticeships over the previous year with some 350 apprentices graduating from the Academy. At the same time, achievement levels reached an all-time high with an overall success rate of 85%. For those learners on the Advanced Apprenticeship three-year programme, success rates were even higher, at over 98%. PHOTO CAPTION: As part of their exchange visit, S&B Automotive Academy arranged for the German apprentices to visit Hampshire bus operator, Bluestar, at its Barton Park depot. The students are pictured with S&B’s Andy West (3rd right) and Steve Prewett, Bluestar’s Area Engineering Manager (2nd right). Ends http://www.sandbaa.com