• ARRSE have partnered with Armadillo Merino to bring you an ARRSE exclusive, generous discount offer on their full price range.
    To keep you warm with the best of Merino gear, visit www.armadillomerino.co.uk and use the code: NEWARRSE40 at the checkout to get 40% off!
    This superb deal has been generously offered to us by Armadillo Merino and is valid until midnight on the the 28th of February.

Iran the target for the world's most complex computer spy virus

#1
There was Duqu then Stuxnet, but now Flame is spreading‏
Kaspersky Lab is calling it "one of the most complex threats ever discovered. It's pretty fantastic and incredible in complexity," said Alexander Gostev, chief security expert at Kaspersky Lab. "It took us half-a-year to analyse Stuxnet," he said. "This is 20-times more complicated. It will take us 10 years to fully understand everything."

Iran the target for the world's most complex computer spy virus

http://www.wired.co.uk/news/archive/2012-05/28/massive-spyware-network-flame
Iran the target for the world's most complex computer spy virus
 

Wordsmith

LE
Book Reviewer
#4
It's looking like cyber warfare.

Flame: world's most complex computer virus exposed - Telegraph

Experts said the massive malicious software was 20 times more powerful than other known cyber warfare programmes including the Stuxnet virus and could only have been created by a state... Flame can gather data files, remotely change settings on computers, turn on computer microphones to record conversations, take screen shots and copy instant messaging chats.

The virus was discovered by a Russian security firm that specialises in targeting malicious computer code. It made the 20 gigabyte virus available to other researchers yesterday claiming it did not fully understand its scope and said its code was 100 times the size of the most malicious software. Kaspersky Labs said the programme appeared to have been released five years ago and had infected machines in Iran, Israel, Sudan, Syria, Lebanon, Saudi Arabia and Egypt.

"If Flame went on undiscovered for five years, the only logical conclusion is that there are other operations ongoing that we don't know about," Roel Schouwenberg, a Kaspersky security senior researcher, said. The file, which infects Microsoft Windows computers, has five encryption algorithms, exotic data storage formats and the ability to steal documents, spy on computer users and more.

Components enable those behind it, who use a network of rapidly-shifting "command and control" servers to direct the virus, to turn microphone into listening devices, siphon off documents and log keystrokes.
Some very skilled people have spent serious money crafting an expensive program that has zero commercial value, but great espionage value.

Kaspersky Labs said the programme appeared to have been released five years ago and had infected machines in Iran, Israel, Sudan, Syria, Lebanon, Saudi Arabia and Egypt.
That reads like a wish list of states the US would like to keep an eye on.

-- Iran because of its uranium enrichment and attempts to export terrorism.
-- Israel because the US doesn't want them unilaterally smacking Iran.
-- Sudan because it on the way to being a failing state.
-- Syria because its hostile to the US.
-- Lebanon because its politically unstable and essentially under Syrian domination.
-- Saudi because of fears of political instability in one of the US's most important allies in the region.
-- Egypt, because it could end up a militant state if its revolution goes badly.

And I'll bet they're not the only infected states.

These boys have something to do with it?

United States Cyber Command - Wikipedia, the free encyclopedia

Wordsmith
 
#7
It has to come from Israel. Given the number of companies who use the Land of Red Sea Pedestrians for writing encryption codes and given the targets I think it's a no-brainer.
 
#9
I'm loving the apparant surprise that Flame is "the most complex threat ever discovered". Is that really a shock? With the speed at which technology is developing, we have kids sat at home DDOS'ing online players of MMORPG's, not caring that they're breaking the law at the age of 14. As with anything, you would always expect viruses to get smarter and more complex.

The only thing I found intriguing was hearing that this virus is believed to have originated ~5 years ago and will take 10 years to decode. Imagine how complex the most current highly funded virus is.


*Puts on tinfoil hat*
 
#11
I'm loving the apparant surprise that Flame is "the most complex threat ever discovered". Is that really a shock? With the speed at which technology is developing, we have kids sat at home DDOS'ing online players of MMORPG's, not caring that they're breaking the law at the age of 14. As with anything, you would always expect viruses to get smarter and more complex.

The only thing I found intriguing was hearing that this virus is believed to have originated ~5 years ago and will take 10 years to decode. Imagine how complex the most current highly funded virus is.


*Puts on tinfoil hat*
That'll be a quid please, young sir.
 
#13
This is a virus found in Iran, Egypt, Saudi, Sudan and Syria and investigated by the Russians?

Hardly a hotbed of sophisticated computer networks.
 
#14
Pies can also be infected by viruses, if the duty chimp in the bakery sneezes or happens to wipe his arse on one.

That's why you should aways heat your pie to at least 66 degrees centigrade, throughout, before you shovel it down your ferret.

Do Iranians have pies.....perhaps that's why all their arses are hanging off.......?
 
#15
It has to come from Israel. Given the number of companies who use the Land of Red Sea Pedestrians for writing encryption codes and given the targets I think it's a no-brainer.
According to the BBC Israel too has been targetted by this: A complex targeted cyber-attack that collected private data from countries such as Israel and Iran has been uncovered, researchers have said.

A complex targeted cyber-attack that collected private data from countries such as Israel and Iran has been uncovered, researchers have said.
 
#16
For anyone interested in more detail:

Kaspersky Lab and ITU Research Reveals New Advanced Cyber Threat

and

The Flame: Questions and Answers - Securelist

Interesting it showed up while investigating Wiper.

Well I say interesting ;-) it is to me because its evidence to help in the fight to keep my wages in a position to pay the mortgage :)

I can't see it being a threat as everyone will have learned from Stuxnet and will have tightened up on unauthorised removable media...................................Whoops, forgot this is the real world and people just can't function without their shiny little data transfer devices.
 
#17
For anyone interested in more detail:

Kaspersky Lab and ITU Research Reveals New Advanced Cyber Threat

and

The Flame: Questions and Answers - Securelist

Interesting it showed up while investigating Wiper.

Well I say interesting ;-) it is to me because its evidence to help in the fight to keep my wages in a position to pay the mortgage :)

I can't see it being a threat as everyone will have learned from Stuxnet and will have tightened up on unauthorised removable media...................................Whoops, forgot this is the real world and people just can't function without their shiny little data transfer devices, and viewing porn sites.
There that's more like it
 
#19
Iran were bound to blame Israel or the US which are it's two greatest "enemies".

It may just end up as one of those "Arthur C Clarke mysteries" along with other conspiracies.
Don't worry, as a mate of mine always used to say in exasperation at the idiocy of others:

"It's always the Jews!"

(I used to have to follow behind him saying to slightly stunned people, 'He is Jewish, it's alright he's just a bit fed up').

Iran and Saudi would blame the wildlife it had opposible thumbs and didn't do much on a Saturday.
 

Wordsmith

LE
Book Reviewer
#20
For anyone interested in more detail:

Kaspersky Lab and ITU Research Reveals New Advanced Cyber Threat

and

The Flame: Questions and Answers - Securelist

Interesting it showed up while investigating Wiper.
Thanks for the links - I'll get our security guru to translate some parts from nerd to English for me....

Assuming this is cyber warfare by a large nation, it must have been an interesting project for someone. In my neck of the woods (commercial software) we go through a series of design stages including Business Requirements, Functional Design and Technical Design. And after the developers have coded it, it gets QA tested. Its not beyond the bounds of possibility that a large organisation will go through a similar process. (Although I doubt they'd offer customer support...)

Must have been quite a bit of programming effort as well. 20MB worth of C++ carrying out some specialised functions must have taken some writing - and a fair amount of preliminary R & D.

I've always been interested in how Enigma was broken in the second world war. Although some of the breaks were pure cryptanalysis, a necessary precursor was 'pinches' of settings, plain text, etc. For example, the Royal Navy captured several German weather ships carrying Enigma and came away with a fair bit of intelligence material. Another way into Enigma was to break a message in a low level code that was being retransmitted in a higher level code. This virus appears to have some of those intelligence gathering capabilities.

And interestingly enough, Iran seems to have about 50% of the recorded infections. Methinks they might have a bit of a communications security problem.

Pity we'll never know more than a fraction of the true story - I'll bet its a fascinating one.

Wordsmith
 

Latest Threads