By Sergei L. Loiko, Los Angeles Times
5:00 AM PDT, May 31, 2012
MOSCOW — Computer virus experts at Kaspersky Lab, acting with the blessing of the United Nations, were searching for a villain dubbed the Wiper when they came across a much more menacing suspect requiring a new moniker: Flame.
The malicious program left experts all but certain that a government sponsor intent on cyber warfare and intelligence gathering was behind some suspicious activity, in part because of the likely cost of such a sophisticated endeavor.
"We entered a dark room in search of something and came out with something else in our hands, something different, something huge and sinister," Vitaly Kamlyuk, a senior antivirus expert at Kaspersky Lab, said in an interview Wednesday.
Kamlyuk said Flame can copy and steal data and audio files, turn on a computer microphone and record all the sounds in its vicinity, take screen shots, read documents and emails, and capture passwords and logins.
The program can communicate with other computers in its radius via the infected computer's Bluetooth capability and locate their whereabouts even without an Internet connection, he said.
"We haven't figured out yet whether it can carry out some destructive actions but we can say with confidence that it is a powerful universal set of tools for cyber espionage," Kamlyuk said.
"Many people still think that cyber warfare is a myth and a fantasy but as we reassemble and study one by one the numerous components and modules of this unique program we see that it is a real weapon of this undeclared war that is already going on."
Experts worldwide have been surprised and impressed by the emergence of Flame, which Kaspersky Lab detected after being asked several weeks ago by the United Nations' International Telecommunication Union to check reports of suspicious computer activity. It is believed that a wide variety of computers belonging to individuals and state-related organizations were targeted in the Middle East and North Africa, including Iran, Syria, Lebanon and Sudan.
Kaspersky Lab has uncovered damage to at least 189 computers in Iran, 98 in Israel and the Palestinian territories, 32 in Sudan, 30 in Syria, 18 in Lebanon, 10 in Saudi Arabia and five in Egypt. Many more computers may have been infected by Flame, Kamlyuk said.
Experts are still studying the software program and trying to determine the point of entry.
A previous worm-like malware known as Stuxnet targeted computers in Iran controlling centrifuges at nuclear facilities and was believed to be an effort by Israel, the United States or both.
"Stuxnet's goal was to identify infrastructural ties with industrial systems of Iran and cause material damage," Kamlyuk said. "The malware could reprogram the control of [uranium enrichment] centrifuges, command the speed of the engine, keep it to the maximum without rest and eventually destroy the equipment."
Kaspersky then found a way to oppose that threat and protect its clients but stopped short of identifying the culprit.
Analyzing Flame, which is considered a far more powerful weapon than Stuxnet, may take many months, but Kaspersky experts have little doubt that it is a government-backed program carried out in secrecy.
"Cyber weapons like Stuxnet and Flame can be potentially considered serious threats to national security," Kamlyuk said. "Humankind has entered a new era, the era of cyber war, but we don't want to paint scary scenarios and provide potential clues for current and future perpetrators of such attacks."
Despite the accomplishments of a private company such as Kaspersky Lab, some analysts in Russia said the country remains unprepared for cyber war.
"It is a natural process that all these new breakthrough technologies immediately attract military and intelligence agencies," Leonid Ivashov, vice president of the Academy on Geopolitical Affairs, a Moscow-based think tank, said in an interview.
"And it would be rash and stupid to hope that those who still think of world supremacy will not try to take advantage of these new technologies, which can help them conquer the world without bombs and missiles."
Russia does not have adequate industry, research centers, institutes or expertise to meet the challenges of modern cyber technology, said Ivashov, a former chief of the Russian Defense Ministry's international military cooperation directorate.
Gennady Gudkov, deputy chairman of the security committee of the State Duma, the parliament's lower house, said the country's computer technology, largely dependent on foreign-made software and hardware, leaves it "extremely vulnerable and virtually defenseless in conditions of cyber warfare."
Copyright © 2014, Los Angeles Times