June 6, 2012 by Joseph Fitsanakis
By JOSEPH FITSANAKIS | intelNews.org |
When the Stuxnet computer virus was detected, in 2010, it was recognized as the most sophisticated malware ever created. It had been specifically designed to sabotage Siemens industrial software systems, which were used in Iran’s nuclear energy program. Not surprisingly, most Stuxnet-infected computers were in Iran. Now a new, massive and extremely sophisticated piece of malware has been detected in computers belonging to the Iranian National Oil Company and Iran’s Ministry of Petroleum. It is called Flame and, according to antivirus company Kaspersky Lab, which first spotted the virus last week, it is “one of the most complex threats ever discovered”. Simply consider that Stuxnet, which caused unprecedented waves of panic among Iranian cybersecurity experts, was 500 kilobytes in size. Flame is over 20 megabytes in size, consisting of 650,000 lines of code; it is so complex that it is expected to take programming analysts around a decade to fully comprehend. The two are different, of course. Stuxnet was an infrastructure-sabotaging malware, which destroyed hundreds —maybe even thousands—of Iranian nuclear centrifuges. Flame, on the other hand, appears to be an espionage tool: it aims to surreptitiously collect information from infected systems. What connects them is their intended target: Iran. We now have Stuxnet, the most complex sabotaging malware ever discovered, which must have taken dozens of programmers several months to create, and Flame, the world’s most powerful cyberespionage tool ever detected by computer security experts. And both have been primarily directed at Iranian government computers.
As far as this commentator is concerned, the question at this point is not whether Flame emerged from a state-sponsored cyberespionage operation. This should be taken as given. The question is whether the massive malware is a product of an Israeli, an American, or an Israeli-American team of computer programmers (note: the possibility of a collaborative secret effort by a host of Western countries and Israel –something like a cyberwar version of the Manhattan Project– should not be overlooked). On May 29, shortly after the announcement of Flame’s discovery by Kaspersky, Israeli Vice Prime Minister and Minister of Strategic Affairs, Moshe Ya’along, hinted that Israel may have been behind the malware, saying that “Israel is blessed to be a nation possessing superior technology, [which] opens up all kinds of possibilities”. Later that day, however, MSNBC cited an unnamed American official, who claimed that Washington was responsible for the malware.
It is worth pointing out that the claim by MSNBC was eventually backed by Israeli sources. It is also worth considering that some Israelis have gone as far as to suggest that Israel, along with Iran, was also targeted by Flame, and thus could not have been the source of the virus. This is a valid point. Over 100 computers are thought to have been infected by Flame in Israel, second-only to Iran’s 198. Other countries targeted include Lebanon, Syria, and Sudan. Before drawing firm conclusions, however, one would have to have precise information as to the precise ownership of infected computer systems. For instance, are the infected computers in Israel proper, or in the Occupied Territories? Do the infected systems in Lebanon belong to the Lebanese government, or to Hezbollah? When were the computers in Syria infected? Are there any infected systems in the United States? Pakistan? China? If there are, will we ever find out about them?
Regardless of the answers to the above questions, there is no little doubt that Flame’s handlers have collected massive amounts of intelligence for at least two years. The program was apparently able to record conversations conducted over Skype; take desktop snapshots every 15 seconds or so; and collect usernames and passwords, among other capabilities. And all that while circumventing even the strongest antivirus software. But there is also the other side of the equation: as in the case of Stuxnet, Flame is now effectively freeware. Anyone can ostensibly access it, copy it, modify it, and re-launch it against his or her target of choice –even the United States, or Israel. This is comparable to winning a battle with the help of a brand new and exclusive weapon, and then proceeding to share its blueprints with the entire world. This policy may be arguably preventing a direct military confrontation with Iran; but it is clearly detrimental to international security as a whole.