Flame: Massive cyber-attack discovered, researchers say
Published: 28th May 2012 14:17:05
A complex targeted cyber-attack that collected private data from countries such as Israel and Iran has been uncovered, researchers have said.
Russian security firm Kaspersky Labs told the BBC they believed the malware, known as Flame, had been operating since August 2010.
The company said it believed the attack was state-sponsored, but could not be sure of its exact origins.
They described Flame as "one of the most complex threats ever discovered".
Research into the attack was carried out in conjunction with the UN's International Telecommunication Union.
In the past, targeted malware - such as Stuxnet - has targeted nuclear infrastructure in Iran.
Others like Duqu have sought to infiltrate networks in order to steal data.
This new threat appears not to cause physical damage, but to collect huge amounts of sensitive information, said Kaspersky's chief malware expert Vitaly Kamluk.
"Once a system is infected, Flame begins a complex set of operations, including sniffing the network traffic, taking screenshots, recording audio conversations, intercepting the keyboard, and so on," he said.
More than 600 specific targets were hit, Mr Kamluk said, ranging from individuals, businesses, academic institutions and government systems.
Iran's National Computer Emergency Response Team posted a security alert stating that it believed Flame was responsible for "recent incidents of mass data loss" in the country.
Mr Kamluk said the size and sophistication of Flame suggested it was not the work of independent cybercriminals, and more likely to be government-backed.
He explained: "Currently there are three known classes of players who develop malware and spyware: hacktivists, cybercriminals and nation states.
"Flame is not designed to steal money from bank accounts. It is also different from rather simple hack tools and malware used by the hacktivists. So by excluding cybercriminals and hacktivists, we come to conclusion that it most likely belongs to the third group."
Among the countries affected by the attack are Iran, Israel, Sudan, Syria, Lebanon, Saudi Arabia and Egypt.
"The geography of the targets and also the complexity of the threat leaves no doubt about it being a nation-state that sponsored the research that went into it," Mr Kamluk said.
The malware is capable of recording audio via a microphone, before compressing it and sending it back to the attacker.
It is also able to take screenshots of on-screen activity, automatically detecting when "interesting" programs - such as email or instant messaging - were open.
Kaspersky's first recorded instance of Flame is in August 2010, although it said it is highly likely to have been operating earlier.
Prof Alan Woodward, from the Department of Computing at the University of Surrey said the attack is very significant.
"This is basically an industrial vacuum cleaner for sensitive information," he told the BBC.
He explained that unlike Stuxnet, which was designed with one specific task in mind, Flame was much more sophisticated.
"Whereas Stuxnet just had one purpose in life, Flame is a toolkit, so they can go after just about everything they can get their hands on."
Once the initial Flame malware has infected a machine, additional modules can be added to perform specific tasks - almost in the same manner as adding apps to a smartphone.
At 13:58:38 in BusinessA leading YouTube entrepreneur is facing legal action for alleged copyright infringement in her videos.
At 13:57:58 in WalesPolice investigating child sexual abuse at care homes in North Wales say 275 people have now come forward to make allegations - according to briefing note seen by the BBC.
At 13:57:20 in SportSquash player Chris Simpson will carry Guernsey's flag at the opening ceremony of the Commonwealth Games.
At 13:46:12 in EnglandA Guernsey lorry driver has been cleared of the death of a cyclist.
At 13:45:40 in EnglandAn investigation into the death of man found naked on a Cornwall beach is being featured on BBC Crimewatch.
At 13:40:54 in WalesThe Gwent Police force could be putting crime fighting at risk as it tries to find savings, a watchdog has warned.
At 13:37:22 in SportReal Madrid have signed World Cup Golden Boot winner James Rodriguez from French club Monaco.
At 13:36:58 in SportNicky Hunt says Great Britain's women's team are capable of a top-four finish at the European Championships.
At 13:36:30 in EnglandPolice job cuts "may be necessary" in Suffolk following a decision not to merge its force control room with Norfolk, government inspectors said.
At 13:32:21 in SportGordon Strachan reckons the people of Scotland will make the Commonwealth Games a success - just as the Brazilians did for the World Cup.
Harvard CitationBBC News, 2012. Flame: Massive cyber-attack discovered, researchers say [Online] (Updated 28th May 2012)
Available at: http://www.ukwirednews.com/news/1431353/Flame-Massive-cyber-attack-discovered-researchers-say [Accessed 22nd Jul 2014]
News In Other Categories
A Guernsey lorry driver has been cleared of the death of a cyclist.
A leading YouTube entrepreneur is facing legal action for alleged copyright infringement in her videos.
An Irish government genealogy site has been criticised by the country's data watchdog for leaking ID information.
A pine tree planted in 2004 in memory of former Beatle George Harrison in a Los Angeles park has died after being infested by beetles.
With the doors to its brand new £1million training centre officially open, one of the UK's leading apprentice training providers, Bristol based S&B Automotive Academy, is showcasing its world-class facilities by launching a series of foreign student exchanges for the first time in its 41-year history. To get a flavour of what life is like as an apprentice in the UK, the Academy hosted 16 apprentice engineers and bus drivers from the G9 Automotive College in Hamburg, Germany, as part of a Europe-wide vocational training initiative called the ‘Leonardo Programme’ with support from the European Social Fund. In a reciprocal arrangement, S&B will be sending nine apprentices to Germany during February 2012 so that they can get an appreciation of life in the automotive industry on the Continent. A further three German exchange groups are being planned for next year. Designed to assist the development of vocational skills and training across Europe, including work placements for trainees, the Leonardo Programme has a budget of €1.75bn, which is helping to encourage UK organisations to work with their counterparts abroad. In what is expected to be another challenging year for employers in the UK automotive sector, S&B’s Chief Executive, Jon Winter, claims that the exchange initiative will bring many benefits to the Academy and its apprentices: “In a world of global automotive brands, it’s important for our learners to understand the international context of the industry they have chosen to make their career. This new exchange programme will enable apprentices and Academy staff alike to achieve a better understanding of the challenges and opportunities within the automotive arena in Europe. With the Academy’s influence also extending to the USA and Asia, there’s every possibility that this initiative could move further afield in the future.” Continued Winter: “The need for skilled technicians across the world is on the increase and we actively encourage our apprentices to look at broader horizons during their training. Many of them have already learned the phrase ‘Vorsprung durch Gelehrtheit’, quite simply, ‘Advancement through learning.” In the 2010/11 academic year, S&B doubled the number of successful Apprenticeships over the previous year with some 350 apprentices graduating from the Academy. At the same time, achievement levels reached an all-time high with an overall success rate of 85%. For those learners on the Advanced Apprenticeship three-year programme, success rates were even higher, at over 98%. PHOTO CAPTION: As part of their exchange visit, S&B Automotive Academy arranged for the German apprentices to visit Hampshire bus operator, Bluestar, at its Barton Park depot. The students are pictured with S&B’s Andy West (3rd right) and Steve Prewett, Bluestar’s Area Engineering Manager (2nd right). Ends http://www.sandbaa.com
A 25-year-old man has pleaded guilty to dangerous driving causing the deaths of eight people in a road crash in County Donegal.