The U.S.-Israeli-developed Flame virus used in an attack on Iran’s nuclear infrastructure in 2012 was one of the original cyberweapons to fear.
Researchers from antivirus firm Symantec, which developed and manufactures the venerable Norton antivirus software, said in a post on the company’s Web site that the virus, which it called “Flamer,” is similar in nature to the Stuxnet and Duqu viruses, “arguably the two most complex pieces of malware we have analyzed…”
According to the firm, “Flamer is a highly sophisticated threat, using multiple components that cleverly conceals its malicious functionality. …The modular nature of this malware suggests that a group of developers have created it with the goal of maintaining the threat over a long period of time; very likely along with a different set of individuals using the malware.”
Able to disrupt or disable entire infrastructure networks
Earlier reports said the Flame and Stuxnet viruses were introduced into Iran’s nuclear and oil infrastructure. The former was introduced to monitor computer use, while the latter was designed to cause disruptions at Iran’s plutonium enrichment facilities.
But Flame – or Flamer, as Symantec’s software engineers are calling it – is capable of much more, apparently. Originally designed to steal data from keystrokes, audio conversations and screenshots, it also “gives its operators the power to delete important files from compromised computer systems,” said tech newswire CNET.com.
Symantec researcher, Vikram Thakur, said in an interview with Reuters that Flame is not just able to monitor computer systems but can also double as a cyberweapon.
“These guys have the capability to delete everything on the computer,” Thakur said. “This is not something that is theoretical. It is absolutely there,” he said.
With the ability to delete files, that means Flame can cause critical programs to fail or shut down operating systems.
That’s an important distinction because if the virus merely monitors the computer systems of rivals and enemies, that’s one thing. But if it is used to “attack” those same systems or another nation’s infrastructure, that is something else entirely. Warfare, in this day and age, is still warfare, even if it’s fought in an unconventional, asymmetrical kind of way. What’s more, such attacks on another nation’s computer infrastructure will no doubt invite attacks on U.S. infrastructure – dams, chemical plants, manufacturing facilities, air traffic control and water purification systems, and the list goes on.
More than just a ‘virus,’ it’s a weapon
“Of course it can be used for sabotage,” Boldizsar Bencsath, an expert on cyber warfare with Hungary’s Laboratory of Cryptography and System Security, said, adding he believes there was at least a 70 percent chance Flame was used to attack Iran in April of this year. “It may have been used to attack critical infrastructure and it may be used in the future.”
What the next generation of viruses will look like is anyone’s guess. Flame, Reuters reported, was deployed more than five years ago. Then, as now, it is one of the most sophisticated viruses ever developed. It’s existence was initially uncovered by the Moscow-based Kaspersky Lab, after the security firm was tasked by the United Nations to look for a virus Iran said had sabotaged computers and deleted valuable information.
What is clear is that cyber-security experts are impressed – and nervous – about Flame’s capabilities.
“It could render computing devices useless,” Sean McGurk, a former Department of Homeland Security official who helped protect U.S. infrastructure from cyber-attack and who now works in the private sector, told Reuters. That’s a threat because computers control virtually everything related to first-world, modern life.
“Cyber elements can have catastrophic impacts,” he added.