Entries in Flame (6)


US Government Accused of Hacking Into Sarkozy’s Computers

iStockphoto/Thinkstock(PARIS) – French news magazine L’Express has accused the U.S. government of hacking into the office of President Nicolas Sarkozy using a sophisticated malware called Flame.

According to L’Express, a cyber war agency had discovered the malware in the computers several months ago at the Elysee Palace, the official residence of the French President.

The U.S. embassy in Paris has denied that the country had taken part in any hacking activities. U.S. Secretary of Homeland Security Jane Napolitano did not confirm or deny the allegations, and said that the United States had an important alliance with France.

L’Express states that Flame had probably infiltrated the computers via Facebook. It was discovered not long after the second round of votes in the French presidential elections in May, and the process of eradicating the worm took three days.

Copyright 2012 ABC News Radio


Researchers Say ‘Extremely Targeted’ 'MiniFlame' Cyber Attack Hit Lebanon, Iran

iStockphoto/Thinkstock(MOSCOW) -- Researchers said Monday they have identified part of the powerful Flame cyber espionage program as a stand-alone, “highly flexible” spy program that centered its attacks on computer systems in Lebanon and Iran.

MiniFlame, as cyber experts at Moscow-based Kaspersky Labs dubbed the malware, is an “info-stealing” virus designed to hit only a few high-profile targets -- perhaps just a few dozen computer systems. Kaspersky researchers said in a blog post they actually discovered MiniFlame in July but at the time believed it to be just a module within Flame.

The larger Flame virus was described by researchers as the most sophisticated cyber espionage program ever discovered and was a veritable “toolkit” for cyber spying programs. It could take remotely take screenshots of infected computers, record audio conversations that took place in the same room as the computer, intercept keyboard inputs and wipe data on command. Researchers said that malware infected thousand of computers, mostly in Iran.

In May, a top Israeli official dropped vague hints that his country may have been behind the creation of Flame, and the U.S. and Israel have long been suspected of mounting a sophisticated cyber campaign against Iran that included the Stuxnet worm, which is credited with physically disrupting the operation of one of Iran’s nuclear facilities.

Lebanon is home to the Iran-backed militant group Hezbollah, which the U.S. considers a terrorist organization.

Kaspersky Chief Security Expert Alexander Gostev said he believes MiniFlame is used as a “second wave” of attack after Flame or another virus called Gauss, has already hit a target system.

“MiniFlame is a high-precision attack tool,” Gostev said. “After data is collected [via Flame] and reviewed, a potentially interesting victim is defined and identified, and MiniFlame is installed in order to conduct more in-depth surveillance and cyber espionage.”

Kasperky’s announcement comes weeks after U.S. officials said they suspected Iranian hackers of having a hand in a large but relatively unsophisticated cyber attack on Western financial institutions.

Last week, Secretary of Defense repeated warnings that if America doesn’t step up its cyber security on a national scale, it could face a “cyber Pearl Harbor.”

Copyright 2012 ABC News Radio


Report: US, Israel Designed Malware to Thwart Iran's Nuclear Program

iStockphoto/Thinkstock(WASHINGTON) -- What appears to be a routine Microsoft update is in reality malware meant to cripple Iran's nuclear program.

U.S. and Western officials, speaking on the condition of anonymity, told the Washington Post that the computer virus called Flame, which came to light last month when it turned up in cyber attacks on Iran's oil industry, was developed together by the U.S. and Israel.

Officials say Flame was designed to gather intelligence in anticipation of a campaign to affect Iran's uranium enrichment program, a key step in producing a nuclear arsenal.

While the National Security Agency, the CIA and Israel are all declining comment, Flame is thought to be the most sophisticated attempt yet at cyber-sabotage launched by the U.S. in collaboration with an ally.

It remains unclear, however, when an actual cyber attack on Iran’s nuclear program or critical infrastructure systems might be implemented.

Copyright 2012 ABC News Radio


'Proof' Links Flame, Stuxnet Super Cyber Weapons: Researchers

iStockPhoto/Thinkstock(WASHINGTON) -- Researchers say they have uncovered "proof" linking the authors of the Flame cyber espionage program to Stuxnet, the most powerful offensive cyber weapon ever developed -- both of which are believed to have targeted Iran.

Analysts at the Russia-based cyber security firm Kaspersky Labs, which was the first to uncover Flame and had previously analyzed Stuxnet, wrote in a blog post today that they had found the "missing link" between Flame and Stuxnet: a specific piece of code that appears to have been used in both programs.

Flame, a highly advanced "toolkit" of cyber espionage programs capable of watching virtually everything on an infected computer, was discovered last month on computers in the Middle East and Iran and had apparently been spying on those systems for years. Stuxnet, an offensive cyber weapon designed to physically alter its intended target, was discovered in 2010 after it reportedly infiltrated and managed to damage an Iranian nuclear enrichment facility -- an unprecedented feat.

In both cases, cyber security experts that analyzed the programs' code determined that due to similarities in cost, time requirement and apparent target, it was likely they had each been developed under the direction of a nation-state, leading to speculation the U.S. or Israel may be involved. However, the same experts quickly noted that Flame's code architecture was vastly different from Stuxnet's and determined that while both could have come from the same nation-state, they were not likely written together.

But now Kaspersky Labs says the two cyber tools appear to have been developed in tandem and a section of code directly from Flame was used in an early 2009 version of Stuxnet, meaning that the two development teams overlapped in their work at least for a little while, even if they appear to have gone their separate ways in 2010 when newer versions of the programs appeared.

"We believed that the two teams only had access to some common resources, [but] that didn't show any true collaboration," Kaspersky Labs senior researcher Roel Schouwenberg told ABC News. "However, now it turns out that the Stuxnet team initially used Flame to kickstart the project. That proves collaboration and takes the connection between the two teams to a whole new level."

After Stuxnet's discovery, a Congressional report in December 2010 put the U.S. and Israel on a short list of countries believed to be capable of carrying out that attack -- a list that also included Russia, China, the U.K. and France. A month later, The New York Times reported Stuxnet may have been the result of a joint U.S., Israeli project to undermine Iran's nuclear program.

Five different U.S. government agencies declined to comment to ABC News about allegations they were involved in Flame and the Israeli government has reportedly denied any link to the virus.

News of the new connection between the two programs came just days after a U.S.-based cyber security firm, Symantec, reported Flame appears to have been given a "suicide" command that would wipe any trace of it from an infected computer.

Copyright 2012 ABC News Radio


Who Is Behind Super Cyber Spy Tool?

iStockphoto/Thinkstock(WASHINGTON) -- Cyber security experts around the world are racing to dissect Flame, the largest cyber espionage program ever discovered, as clues in the code and vague statements from Western officials fueled speculation as to whether the U.S. or Israel may be behind what researchers are calling a potential game-changer in the burgeoning arena of cyber warfare.

The existence of Flame, an unprecedented intelligence-gathering program designed to track and record basically everything an infected computer does, was disclosed Monday by two international cyber security firms as well as the Iranian government, which said Flame had been discovered on its networks.

One of the firms, Kaspersky Labs, reported the malware had been discovered in several countries in the Middle East, mostly in Iran, and had been operating for at least two years. Kaspersky Labs, along with a Hungarian cryptology lab called Crysys that also analyzed Flame, said that because of the expertise, time and funding required to create such a large and sophisticated program, it was likely some government agency had created the malicious code, rather than a group of cyber criminals or rogue hackers.

Clues in the code, such as the names of processes like "Beetlejuice" and "Platypus," led some experts to believe it could have been written by native English-speakers, but others pointed out that English is a common coding language in many countries.

Roel Schouwenberg, a senior researcher at Kasperky Labs, told ABC News on Wednesday some monikers used in coding mean nothing at all or are just inside jokes among the programmers.

"We are talking about a very high stakes operation here, covert cyber ops, but that doesn't mean these guys aren't just having fun sometimes," he said.

Another possible clue in the code, Schouwenberg said, is that even though the program's structure and capabilities are very different, Flame shares some sophisticated techniques and geographical targets with another infamous cyber weapon, Stuxnet. Stuxnet was an offensive cyber weapon that was only discovered in 2010 after it had reportedly infected and caused physical damage to an Iranian nuclear facility.

Schouwenberg said Kaspersky Labs is operating under the theory that Stuxnet and Flame were created by different development teams but likely under the direction from the same backer and with access to each other's work. A researcher with the U.S.-based cyber firm Symantec told ABC News that scenario was a "definite" possibility and in its report Crysys said it could not be ruled out.

After Stuxnet's discovery, a Congressional report in December 2010 put the U.S. and Israel on a short list of countries believed to be capable of carrying out that attack -- a list that also included China, France, Russia and the U.K. A month later, The New York Times reported Stuxnet may have been the result of a joint U.S., Israeli project to undermine Iran's nuclear program.

Publicly, U.S. officials repeatedly denied involvement in Stuxnet, while Israeli officials declined to comment.

Within hours of Flame's public disclosure, a top Israeli official, vice prime minister Moshe Yaalon, sparked speculation when he hinted to an Israeli news outlet that his country may have been behind it all, as ABC News reported Tuesday.

"Whoever sees the Iranian threat as a serious threat would be likely to take different steps, including these, in order to hurt them," Yaalon told Israel's Army Radio, referring to the cyber attack. "Israel is blessed to be a nation possessing superior technology. These achievements of ours open up all kinds of possibilities for us."

However, after those comments made headlines, Yaalon took to Twitter and said that "plenty of advanced Western countries, with apparent cyber-warfare capabilities, view Iran and especially its nuclear program as a real threat."

Later, NBC News reported that an unnamed U.S. official who acknowledged having no first-hand knowledge of the virus said, "It was us." And on Wednesday the Israeli military magazine Israel Defense quoted its own unnamed Israeli officials who said they believe the virus came from the U.S.

For their part, the official spokespersons for an alphabet soup of American government agencies have stayed quiet on where exactly Flame came from.

In response to questions from ABC News on Wednesday, the National Security Agency, Central Intelligence Agency, Department of Defense Cyber Operations and State Department either declined to comment or referred ABC News to the Department of Homeland Security. The DHS said in a statement it was analyzing Flame to determine its impact on the U.S., but refused to comment on whether the U.S. had a hand in its creation.

Though cyber security experts said it will be months, and possibly years, before Flame is completely analyzed, Schouwenberg said there is little chance much more information about the author will be gleaned from the code itself.

"What is proof in cyber? It's very tough. When you look at the remnants of a bomb, at least you know who made it," he said. "In cyber, you never know for sure."

Copyright 2012 ABC News Radio


Israel Behind Largest Cyber Spy Weapon Ever?

iStockPhoto/Thinkstock(WASHINGTON) -- A top Israeli official hinted Tuesday that his country could be behind the most sophisticated cyber espionage program ever developed, known as Flame, which infiltrated and spied on computer systems throughout the Middle East, including those in Iran, for the past two years.

"Whoever sees the Iranian threat as a serious threat would be likely to take different steps, including these, in order to hurt them," Israel's vice prime minister Moshe Yaalon told Israel's Army Radio on Tuesday, referring to the cyber attack. "Israel is blessed to be a nation possessing superior technology. These achievements of ours open up all kinds of possibilities for us."

Flame, also known as sKyWIper, is a veritable "toolkit" of cyber spying programs that is capable of remotely taking screenshots while the computer user works, recording audio conversations through the computer's own microphone, intercepting keyboard inputs and wiping data, among other sophisticated capabilities, according to cyber security experts. The code has been active for two years and has infected dozens of computers throughout the Middle East, mostly in Iran.

Three cyber security firms, both in the U.S. and abroad, that have begun to analyze Flame said the code is unprecedented in complexity and, due to its sheer sophistication, was most likely developed by a hacking team working under the direction of a nation-state.

"We can't pinpoint who is actually behind it, but we can narrow the list of potential actors," Vikram Thakur, a manager at Symantec, told ABC News Monday. "It's a project that's been out for years, and flown under the radar. It is extremely well funded."

One of the cyber security companies that has analyzed Flame, the Russia-based Kaspersky Labs, said that the malware was discovered only after sensitive information began suddenly disappearing from computer networks in the Middle East. The wiping program turned out to be just one arm of Flame.

Iran's government cyber security response team acknowledged the breech in an online posting Monday, which described the malware's capabilities and said that its methods and functionality made Iranian experts believe it had a "close relation" to Stuxnet, another highly sophisticated cyber weapon discovered in 2010 that appeared to target and damage an Iranian nuclear enrichment facility. Israel was suspected of being behind that attack and the Israeli government has repeatedly declined to comment on those allegations.

Analysis from Kaspersky and the Hungary-based cryptology lab Crysys shows that the code used in Flame is so much bigger and so different from that used in Stuxnet that it is unlikely the two were developed by the same group of hackers, but their reports did not discount the possibility that the same nation could have funded and directed both attacks, considering the common target.

So far, researchers in the U.S. and abroad have said Flame appears to only be used for spying purposes, rather than being used to cause physical damage to systems, like Stuxnet. Still, Kaspersky Labs said in a blog post, "such highly flexible malware can be used to deploy specific attack modules" that could target a country's critical infrastructure and there could also be variations of the code that have yet to be discovered.

Further analysis of the complex Flame code by several cyber security firms is ongoing.

Copyright 2012 ABC News Radio

ABC News Radio