In 2009 a computer worm known today as Stuxnet began to tunnel through the networks of industrial programs around the world. Computer security experts figured out that Stuxnet was designed to make nuclear centrifuges go haywire and, despite the malware’s broad reach, some thought it was meant to sabotage Tehran’s alleged nuclear weapons program (Tehran denies trying to build a bomb). Indeed, the mysterious bug ultimately destroyed 20 percent of Iran’s nuclear centrifuges, and former Israeli intelligence chief Meir Dagan said “technical difficulties” had set back the country’s ambition to build a bomb until perhaps 2015.

At the time, Stuxnet was arguably the most effective cyber-Trojan Horse in history. We now know from NYT reporting that it was part of the Olympic Games cyber warfare program launched by the Bush administration in 2006 and continued by President Obama. With Israel’s help, the U.S. developed the worm specifically to undermine Tehran’s nuclear program. Stuxnet got “into the wild” due to a coding error.

This week Tehran said computers at its Oil Ministry and National Oil Company were infiltrated by what the Russian anti-virus software company Kaspersky Lab calls a super-cyberweapon 20 times larger than Stuxnet. Kaspersky announced the discovery of “Flame” Monday, after being hired by the International Telecommunication Union, which Tehran had asked to help investigate a virus that Iranian experts began to find on government computers this spring.

Kaspersky calls Flame “one of the most complex threats ever discovered.” Unlike Stuxnet, Flame is designed more for cyber espionage than cyber warfare. It infiltrates computers through various transmission methods, including thumb drives, to steal data from displays, stored files and elsewhere. The information is then returned to the operator.

Spying malware is nothing new, Kaspersky notes, but Flame stands out for an extraordinary complexity that has allowed it to go undetected since being unleashed in March 2010. In addition, it is currently active, meaning that the operator is mining data and infiltrating new systems.

So who’s behind Flame? The Obama administration tells The Times¬†that it is not part of Olympic Games, but the Iran link certainly suggests U.S. and Israeli involvement. Interestingly, though, Hungarian computer systems have also been infected.

Another key question: “Is my home computer vulnerable?” Kaspersky emphasizes that, given Flame’s size, the analysis is still in early days. The company is posting updates on its blog. The most recent entry includes instructions for checking for Flame.

Some will point out that Stuxnet got loose. But Boldizsar Bencsath of Budapest University’s Laboratory of Cryptography and Systems Security tells Radio Free Europe that home computers are probably safe.

“This is a targeted attack,” he says. “This is a tool for targeted attacks; that means that normal computers most likely are not at any risk.”

 Photo from Flickr

 

S. Adam Cardais

S. Adam Cardais is a TOL contributing editor. Email: adam.cardais@tol.org.

More Posts