Security experts said on Monday a highly sophisticated computer virus is infecting computers in Iran and other Middle East countries and may have been deployed at least five years ago to engage in state-sponsored cyberespionage.
Evidence suggest that the virus, dubbed Flame, may have been built on behalf of the same nation or nations that commissioned the Stuxnet worm that attacked Iran’s nuclear program in 2010, according to Kaspersky Lab, the Russian cybersecurity software maker that took credit for discovering the infections.
Kaspersky researchers said they have yet to determine whether Flame had a specific mission like Stuxnet, and declined to say who they think built it.
Iran has accused the US and Israel of deploying Stuxnet.
Cybersecurity experts said the discovery publicly demonstrates what experts privy to classified information have long known: That nations have been using pieces of malicious computer code as weapons to promote their security interests for several years.
“This is one of many, many campaigns that happen all the time and never make it into the public domain,” said Alexander Klimburg, a security expert at the Austrian Institute for International Affairs.
A cybersecurity agency in Iran said on its English Web site that Flame bore a “close relation” to Stuxnet, the notorious computer worm that attacked that country’s nuclear program in 2010 and is the first publicly known example of a cyberweapon.
Iran’s National Computer Emergency Response Team also said Flame might be linked to recent cyberattacks that officials in Tehran have said were responsible for massive data losses on some Iranian computer systems.
Kaspersky Lab said it discovered Flame after a UN telecommunications agency asked it to analyze data on malicious software across the Middle East in search of the data-wiping virus reported by Iran.
Experts at Kaspersky Lab and Hungary’s Laboratory of Cryptography and System Security who have spent weeks studying Flame said they have yet to find any evidence that it can attack infrastructure, delete data or inflict other physical damage.
Yet they said they are in the early stages of their investigations and that they may discover other purposes beyond data theft. It took researchers months to determine the key mysteries behind Stuxnet, including the purpose of modules used to attack a uranium enrichment facility at Natanz, Iran.
If Kaspersky’s findings are validated, Flame could go down in history as the third major cyberweapon uncovered after Stuxnet and its data-stealing cousin Duqu, named after the Star Wars villain.
Officials with Symantec Corp and Intel Corp McAfee security division, the top two makers of anti-virus software, said they were studying Flame.
Symantec Security Response manager Vikram Thakur said that his company’s experts believed there was a “high” probability that Flame was among the most complex pieces of malicious software ever discovered.
However, privately held Webroot said its automatic virus-scanning engines detected Flame in December 2007, but that it did not pay much attention because the code was not particularly menacing.
The virus contains about 20 times as much code as Stuxnet, which caused centrifuges to fail at the Iranian enrichment facility it attacked. It has about 100 times as much code as a typical virus designed to steal financial data, Kaspersky Lab senior researcher Roel Schouwenberg said.
Flame can gather data files, change settings on computers, turn on PC microphones to record conversations, take screenshots and log instant messaging chats.
Kaspersky Lab said Flame and Stuxnet appear to infect machines by exploiting the same flaw in the Windows operating system and that both viruses employ a similar way of spreading.
That means the teams that built Stuxnet and Duqu might have had access to the same technology as the team that built Flame, Schouwenberg said.
He said that a nation state would have the capability to build such a sophisticated tool, but declined to comment on which countries might do so.
The question of who built Flame is sure to become a hot topic in the security community as well as the diplomatic world.
There is some controversy over who was behind Stuxnet and Duqu. Some experts suspect the US and Israel, a view that was laid out in a January 2011 New York Times report that said it came from a program begun around 2004 to undermine what they say are Iran’s efforts to build a bomb.
The US Defense Department, CIA, State Department, National Security Agency and US Cyber Command declined to comment.
The government is aiming to recruit 1,096 foreign English teachers and teaching assistants this year, the Ministry of Education said yesterday. The foreign teachers would work closely with elementary and junior-high instructors to create and teach courses, ministry official Tsai Yi-ching (蔡宜靜) said. Together, they would create an immersive language environment, helping to motivate students while enhancing the skills of local teachers, she said. The ministry has since 2021 been recruiting foreign teachers through the Taiwan Foreign English Teacher Program, which offers placement, salary, housing and other benefits to eligible foreign teachers. Two centers serving northern and southern Taiwan assist in recruiting and training
WIDE NET: Health officials said they are considering all possibilities, such as bongkrekic acid, while the city mayor said they have not ruled out the possibility of a malicious act of poisoning Two people who dined at a restaurant in Taipei’s Far Eastern Department Store Xinyi A13 last week have died, while four are in intensive care, the Taipei Department of Health said yesterday. All of the outlets of Malaysian vegetarian restaurant franchise Polam Kopitiam have been ordered to close pending an investigation after 11 people became ill due to suspected food poisoning, city officials told a news conference in Taipei. The first fatality, a 39-year-old man who ate at the restaurant on Friday last week, died of kidney failure two days later at the city’s Mackay Memorial Hospital. A 66-year-old man who dined
EYE ON STRAIT: The US spending bill ‘doubles security cooperation funding for Taiwan,’ while also seeking to counter the influence of China US President Joe Biden on Saturday signed into law a US$1.2 trillion spending package that includes US$300 million in foreign military financing to Taiwan, as well as funding for Taipei-Washington cooperative projects. The US Congress early on Saturday overwhelmingly passed the Further Consolidated Appropriations Act 2024 to avoid a partial shutdown and fund the government through September for a fiscal year that began six months ago. Under the package, the Defense Appropriations Act would provide a US$27 billion increase from the previous fiscal year to fund “critical national defense efforts, including countering the PRC [People’s Republic of China],” according to a summary
‘CARRIER KILLERS’: The Tuo Chiang-class corvettes’ stealth capability means they have a radar cross-section as small as the size of a fishing boat, an analyst said President Tsai Ing-wen (蔡英文) yesterday presided over a ceremony at Yilan County’s Suao Harbor (蘇澳港), where the navy took delivery of two indigenous Tuo Chiang-class corvettes. The corvettes, An Chiang (安江) and Wan Chiang (萬江), along with the introduction of the coast guard’s third and fourth 4,000-tonne cutters earlier this month, are a testament to Taiwan’s shipbuilding capability and signify the nation’s resolve to defend democracy and freedom, Tsai said. The vessels are also the last two of six Tuo Chiang-class corvettes ordered from Lungteh Shipbuilding Co (龍德造船) by the navy, Tsai said. The first Tuo Chiang-class vessel delivered was Ta Chiang (塔江)