New computer malware targeting Iran
(Financial Times) — The discovery of a malicious computer program that appears to be collecting sensitive information from Iran and others indicates the global cyberwar has moved to a new level, warn security experts.
Kaspersky Labs, the Russian internet security company that discovered the malware, codenamed Flame, said it was more complex and sophisticated than any of the cyberweapons it has seen to date. “The Flame malware looks to be another phase in this war,” said Eugene Kaspersky, co-founder of Kaspersky Lab.
At the end of April, computers at Iran’s oil ministry were reported to have been attacked by hackers, and experts at Symantec, the US IT security company, said on Monday that parts of the Flame program were identical to the malware used in that attack. The incident was played down by the government at the time and it was unclear if any data was lost.
Earlier this year the head of Iran’s Civil Defence Organisation had also said that the country’s energy sector had been subject to an increasing number of cyberattacks over the past two years. Flame is thought to have been in operation since 2010.
The Stuxnet virus raised widespread panic when it was discovered in 2010, because it was believed to have caused physical damage at Iran’s nuclear facilities, the first known computer worm to target industrial controls. While Flame is not thought to have caused this kind of damage, it appears to be able to spy on organisations in a number of ways, including switching on microphones attached to a computer to record conversations and sounds.
Orla Cox, senior security operations manager at Symantec, said the code was likely to have been written by a nation state. “It is very professionally written and does not even look like a piece of malware. We suspect there is some nation state involvement because of the funding you would need to have behind this.”
Apart from anything else, she said, the amount of information being collected by the program was so vast, it would require large resources to sift through it all. “This is a fully-featured spying program that is grabbing anything it can,” Ms Cox said.
Only a few hundred individuals appear to have been affected by the malware, Ms Cox said, and security experts were still trying to see whether there was any link or pattern to those affected.
Stuxnet and Duqu, another malware program, are widely believed to have been created by the US and Israeli governments, although neither country has confirmed their involvement.
Iran’s armed forces have created a special unit to defend the country against computer attacks, which works closely with the defence, telecommunications and intelligence organisations.
© The Financial Times Limited 2012