Daily Israel Report

UN to Warn World About Flame Virus Risks

UN officials are preparing an alert for member states to inform them about the risks Flame could pose to their national infrastructure.
By Gabe Kahn
First Publish: 5/29/2012, 8:47 PM

PA Internet crashed
PA Internet crashed
Flash 90

A United Nations agency that aids member nations in securing their national infrastructures is set to warn member nations about the risk posed by the 'Flame' virus.

Flame is a computer virus that Tehran says is infecting its computers and which independent experts say "most dangerous cyberwarfare tool ever created."

One technology reporter for the Herald Sun – who estimated Flame was 20 times more powerful than any virus seen before – facetiously joked the virus could "bring the world to its knees."

"This is the most serious (cyber) warning we have ever put out," Marco Obiso, cyber security coordinator for the UN's Geneva-based International Telecommunications Union, said.

"They should be on alert," he added.

Analysts say evidence suggests Flame may have been built on behalf of the same nation - or nations - that commissioned the Stuxnet worm that attacked Iran's nuclear program in 2010,.

"I think it is a much more serious threat than Stuxnet," Obiso said.

He said the ITU will set up a program to collect data - including virus samples - to track Flame's spread around the globe and observe any changes in its composition.

At present, Flame is known to have struck at least 600 specific computer systems in Iran, Syria, Lebanon, Egypt, Sudan, Saudi Arabia and the Palestinian Authority.

Flame does with one virus what hackers have previously had to deploy many separate viruses to do. That means it can deliver a more comprehensive picture than ever before of what a computer is being used for.

Boldizsar Bencsath, a computer expert at Budapest University's Laboratory of Cryptography and Systems Security that has been analyzing flame, told Radio Free Europe that Flame has now been spotted in Hungary.

According to him, "the individual things Flame does are not unique or unknown." What sets Flame apart is that it puts all those functions "in a single, enormously large software package."

"Generally speaking, [Flame's] functionality is similar to other malware components that for example, record keyboard activities," he says. "The unusual thing is that it is complex, highly complex. That means that there are lots of different functionality modules in the code and therefore the code is enormously large."

The Russian computer security Kaspersky Lab told AFP the Flame software package totals almost 20 Mb in size when fully deployed.

"This is a targeted attack, says Bencsath. "This tool is used for targeted attacks; that means that normal home computers most likely are not at any risk."

His remarks echoed those of Greg Hughes, CEO of Israel's Symantec, who told Arutz Sheva that the Flame virus found in Iran is the cyber-warfare equivalent of a “targeted killing.”

"This is a specifically targeted and highly precise attack. This attack is like a precision targeted killing rather than mass slaughter," he added, noting that the file – or a collection of files – would have to be directly inserted into vulnerable computers.

Flame has been described as a "data-stealing virus" and "cyber-espionage worm" designed to collect and delete sensitive information. It is capable of taking screen captures, downloading process logs, recording keystrokes, and copying files stored on hard drives.

Iran – which has openly accused Israel of deploying Flame – claimed they had neutralized Flame and that its creators had not been successful.

However, Iranian officials claimed to have killed the less powerful Stuxnet virus several times before finally eradicating it almost two years after it was found.

Symantec’s Hughes noted, "You have to look at this with a perspective of time," he added. "They recently discovered a number of attacks, but this began two years ago."

Israeli officials have refused to say whether Jerusalem fathered Flame, but Minister of Strategic Affairs Moshe Yaalon did say, "Whoever sees the Iranian threat as a meaningful threat – it is reasonable he would take various measures, including this one."