The Middle East has been arena of many military conflicts thus far. Will the following one be run by computer virus? During research conducted on behalf of International Telecommunication Union (ITU), a Russian company Kaspersky Lab, famous for being one of the biggest producer of anti-virus software in the world, has reported discovering a worm that may appear to be the third major cyber-weapon since 2010, after Stuxnet and Duqu.
Flame has been reported to attack computers in Sudan, Syria, Lebanon, Saudi Arabia and Egypt, but the main target seems to be Iran – the country that has already struggled with worms attacking its oil sector as well as the infamous nuclear programme, which was targeted by previously mentioned Stuxnet. Flame is dedicated to espionage, being able to go through documents, capture screenshots, use Bluetooth to search for other devices and even make audio records through microphone. It can infect another computers by various means: through websites, e-mails, local network or external drives. The gathered information can be sent through covert, enciphered connection that is yet to be investigated by Kaspersky. Flame is said to be such a huge progress in cyber weapons development, that it “redefined the notion of cyberwar and cyberespionage”. With almost 20 MB (!) module package , it is also “one of the most advanced and complete attack-toolkits ever discovered”.
Similarly to Stuxnet and Duqu (the latter dedicated to reconnaissance), Flame’s authorship remains unknown. However it is commonly linked with American and Israeli attitude towards Iranian nuclear programme. Although it has been active for over two years by now (since March 2010), its range is seriously limited; there are only between dozens and hundreds of computers being affected. According to both Kaspersky and Symantec experts, the sophistication of the virus, its exclusiveness to “highly targeted” attacks and the geography of these targets bring to conclusion that its creation was sponsored by someone with means, probably a nation state, in order to accomplish certain, refined goals. Clearly it has little in common with worms designed to break into bank accounts or typical hackers’ activities.
Israel is the primary suspect for unleashing the virus, and the statement of its Vice Prime Minister and Strategic Affairs Minister, that “Whoever sees the Iranian threat as a serious threat would be likely to take different steps, including these, in order to hurt them” clearly does not cease speculations. Journalists also point out that this kind of virus is an exceptional tool which can be used for certain political goals, allowing the police and intelligence to infiltrate another countries as well as to spy its own citizens.
Just a month ago Iran has announced finally dealing with previous virus that had been deleting data from its oil sector servers. The government reacted firmly, setting up a crisis committee to fight the danger. Now Tehran states that countermeasures against the new threat have been already developed. However, the previous attacks of Stuxnet had severely slowed down Iranian nuclear programme and the damages made so far by Flame are difficult to estimate. This cyberwar is clearly very unlikely to stop in the near future.