Is Israel behind the 'Flame' worm?
Security researchers are warning of what they call one of the most sophisticated worms to date, and believe that this time, the worm may be the work of a nation-state rather than hackers. Called "Flame", the Trojan has hit Middle Eastern countries particularly hard, most notably Iran.
According to Kaspersky, Flame is capable of stealing "computer display contents, information about targeted systems, stored files, contact data and even audio conversations". The worm appears to be targeted to specific computers, likely indicating its creators are searching for specific information.
Unique to Flame is its usage of Bluetooth. In theory, any Bluetooth-enabled device nearby could also be at risk, as the worm also attempts to collect data via file transfer from those mobile devices.
"One of the most alarming facts is that the Flame cyber-attack campaign is currently in its active phase, and its operator is consistently surveilling infected systems, collecting information and targeting new systems to accomplish its unknown goals", Kaspersky Lab chief security expert Alexander Gostev says.
Flame is quite large in size -- about 20 megabytes. This would make it over 20 times the size of the Stuxnet worm.
Given that Flame appears to be targeting Middle Eastern governments, suspicion that this may be the work of hackers connected to the Israeli government is high. While the Jewish state has not taken responsibility for the attack, the comments of Vice Premier Moshe Yaalon did little to quell speculation otherwise.
"Whoever sees the Iranian threat as a significant threat is likely to take various steps, including these, to hobble it", Yaalon is reported to have said on Israeli Army Radio Tursday. "Israel is blessed with high technology, and we boast tools that open all sorts of opportunities for us".
Even with Yaalon's comments, it is still important to note that Kaspersky found Flame on computers in Israel as well, although nearly every other country that Flame has been detected in -- Egypt, Iran, Lebanon, the Palestinian Territories, Syria, and Sudan -- do not have the best relations with Israel.
Flame evaded detection for two years as it was successfully able to morph itself by attempting to detect what antivirus software was running. From there, it would hide itself in files that the antivirus software would not expect to be holding malicious code.
That is the biggest problem here, say experts. Traditional antivirus techniques failed, and Flame is successfully exploiting these holes.
"The reality here is that threats, regardless of whether they are crafted by nation states or not, find their way into networks", SourceFire development chief Alfred Huger said of the news. "Most technology focuses on stopping threats yet gives us little recourse if they fail to do so. This is the area that needs attention when we talk about threats like Flame. The gap that presents itself in the 'what if' and 'what now' is best summarized by a lack of visibility and a lack of control".