Israel hints it may be behind 'Flame' super-virus targeting Iran

'Flame' cyber attacks that can steal vast amounts of sensitive data come as Tehran nuclear talks falter

Donald Macintyre,Jerome Taylor
Wednesday 30 May 2012 12:02 BST
Iran has largely played down its vulnerability to cyber attack
Iran has largely played down its vulnerability to cyber attack

A top Israeli minister yesterday fed speculation that the Jewish state could be responsible for a powerful new virus said to have been used in a fresh attack on computers in Iran and elsewhere in the Middle East.

Click HERE to view graphic

The discovery of the unprecedented complex data-stealing "Flame" virus was disclosed by a Russian-based digital security firm Kaspersky Lab. Its experts reported on Monday that it had been applied most actively in Iran, but also in Israel and the occupied Palestinian territories, Sudan, Syria, Lebanon, Saudi Arabia and Egypt.

Moshe Yaalon, Israel's Vice Prime Minister and Strategic Affairs Minister, told the country's Army Radio: "Anyone who sees the Iranian threat as a significant threat – it's reasonable [to assume] that he will take various steps, including these, to harm it."

Mr Yaalon, a former military Chief of Staff, added: "Israel was blessed as being a country rich with high-tech. These tools that we take pride in open up all kinds of opportunities for us."

He stopped short of directly claiming responsibility, but Israel has long been in the forefront of opposition to Iran's nuclear programme, currently the subject of difficult negotiations between Tehran and six world powers.

Although many viruses can already steal large amounts of data, few have been as comprehensive as Flame, or steal in so many different ways. The security industry is still in the early stages of examining what exactly Flame can do, but examples already given include hijacking a computer's microphone to record conversations, taking screen shots during chats through instant messenger and even stealing data from devices that are attached to an infected computer through a Bluetooth connection.

The Flame virus is believed to the third and, at least in information gathering, most effective cyber attack on Iranian computer systems in recent years. Tehran admitted the best known of these, Stuxnet, had damaged centrifuges at its uranium enrichment plant in Natanz in 2010.

The internet security industry has been both shocked and impressed by Flame's complexity and how dedicated it is to stealing as much intelligence data from a computer network as possible. Rik Ferguson, director of security research at Trend Micro, told The Independent: "It's a very comprehensive and bespoke piece of malware. It's further evidence that certain states or organisations are using malware to deliver very effective targeted attacks that can only be developed with significant planning and resources."

There are disagreements over how long it has been in existence. Kaspersky say the attacks began around 2010, but analysts at Budapest University's renowned Cryptography and System Security, which has also been analysing the virus since March, say evidence suggests Flame may have been infiltrating computer systems for five years.

Iran has largely played down its vulnerability to cyber attack, which it regards as part of a continued campaign by Israel and the US against its nuclear programme. It also blames those states for targeted assassinations of nuclear scientists. Officials at Iran's communications and technology ministry said yesterday they had produced an antivirus capable of identifying and removing the new malware, although many security analysts question such claims.

Mr Yaalon also yesterday voiced Israeli government scepticism about the ongoing negotiations with Tehran, saying last week's inconclusive talks in Baghdad "yielded no significant achievement" except to let Iran buy time. Talks will resume in Moscow next month.

The talks have so far faltered on Iran's resistance to demands for an end to higher grade 20 per cent uranium enrichment unless the West first eases sanctions which are due to be tightened significantly at the end of June.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies


Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in