Sophisticated Virus Infects Computers in Iran, Mideast (WSJ) WALL STREET JOURNAL) By FARNAZ FASSIHI And PAUL SONNE 05/30/12)
WALL STREET JOURNAL
WALL STREET JOURNAL Articles-Index-Top
Thousands of computers in Iran belonging to government agencies and
private companies have been infected with a highly sophisticated
virus, dubbed Flame, in the latest cyberstrike against the Islamic
Republic, said cybersecurity experts and Iran´s telecommunications
The malware was widely detected across the Middle East in Syria,
Israel and the Palestinian Authority, as well as in other parts of
the world, but Iran has the largest number of infected computers,
At least three times since 2010, Iran has been targeted with
sophisticated computer viruses such as Stuxnet, Duqu and Wiper. These
viruses have disabled centrifuges for enriching uranium, stolen data
from nuclear facilities and erased computers at the oil ministry.
The aim of Flame, said experts at Kaspersky Lab, a Russian
information-technology security firm that reported the virus on
Monday, was espionage, not physical damage or system interruption.
Flame, which Kaspersky said has been in operation since March 2010,
was still active as of Monday morning, Alexander Gostev of Kaspersky
Lab said. But after Kaspersky reported the existence of the virus
publicly, Flame´s operators immediately set about shutting the
servers, an effort to protect the stolen data and hide the source of
the virus. By Tuesday, Flame had become inactive, he said. "They are
trying to hide."
The creation and operation of the Flame virus must have required a
large staff, Mr. Gostev said. He estimated that at least 20
specialists would have been required to create and maintain the
cyberweapon, similar to estimates of how many people invented and
worked on Stuxnet.
Independent security experts said the scope of its complexity and
method of operation suggests Flame was sponsored by a nation-state.
It wouldn´t be economically feasible, they argued, for a private
corporation to run such a large-scale international cyberattack.
Another reason a state is suspected is that the virus is designed to
gather information but has no clear monetizing function.
Iran on Tuesday said it was a victim of cyberwarfare by Israel and
the U.S., the semiofficial Fars news agency reported.
"It´s in the nature of some countries and illegitimate regimes to
spread viruses and harm other countries. We hope these viruses dry
out," Ramin Mehmanparast, Iran´s Foreign Ministry spokesman, said on
Iran´s computer emergency response team, known as Maher, a branch of
the telecommunication ministry, said on Tuesday that it was sharing
research information on the virus for the first time ever on its
website. Maher posted a link to antivirus software developed by its
researchers to remove Flame and offered assistance to any infected
Maher also said Flame was linked to an earlier cyberattack that
erased data. In March, Wiper disrupted internal Internet
communications at Iran´s oil ministry and stole massive amounts of
Flame is the biggest and most high-functioning cyberweapon ever
discovered, various cybersecurity experts said. It is comprised of
multiple files that are 20 times larger than Stuxnet and carry about
100 times more code than a basic virus, experts said.
The most alarming feature, experts said, is that Flame can be highly
versatile, depending on instructions by its controller. The malware
can steal data and social-network conversations, take snapshots of
computer screens, penetrate across networks, turn on a computer´s
microphone to record audio and scan for Bluetooth-active devices.
The cyber espionage activities described by the researchers are
cyberspying techniques employed by the U.S., Israel and a number of
other countries, cybersecurity specialists said. Cybersecurity
researchers said the complexity of Flame´s coding and
comprehensiveness of its spy capabilities could suggest it was the
work of a government.
Experts said they believe Flame reports back the information to a
central command-and-control network that has constantly changed
location. Analysts found servers in Germany, Vietnam, Turkey, Italy
and elsewhere, but haven´t located the main server.
White House National Security Council spokeswoman Caitlin Hayden
declined to comment on Iranian accusations of U.S. involvement.
Analysts suspected Israel and the U.S. to be behind Stuxnet, but the
link hasn´t been confirmed. U.S. officials have declined to comment
on Stuxnet´s origins, but former U.S. officials said they regard it
as a joint effort between the U.S. and Israel. That virus infected
computers in several countries but was written to only sabotage
specific systems in Iran, they said.
Stuxnet´s purpose differed considerably from the apparent aim of
Flame. Stuxnet was designed to damage computerized control systems
running nuclear centrifuges, while Flame appears to have been
designed for high-end targeted espionage. Researchers haven´t found
evidence of any damage to systems caused by Flame.
Israel has neither confirmed nor denied being involved with Stuxnet.
On Tuesday, Deputy Prime Minister Moshe Ya´Alon hinted that the
country may be involved in Flame, saying in an interview with Army
Radio, "Anyone who sees the Iranian threat as a significant threat—
it´s reasonable [to assume] that he will take various steps,
including these, to harm it."
U.S. officials draw a distinction between cyber espionage and
cyberattacks, which have a destructive or manipulative purpose and
could be considered an act of war.
"We have strong beliefs that there are nations behind this malware.
We assume it´s related to the regimes and political situation in the
Middle East," said Vitaly Kamluk, the chief malware expert for
Independent experts have been on the virus´s trail for about a month.
The International Telecommunications Union, the special agency at the
United Nations that coordinates cybersecurity efforts, approached
Kaspersky Lab in late April to investigate a series of incidents tied
to a malware program known as Wiper. In the process of that
investigation, the experts discovered Flame.
Iran´s Supreme Leader Ayatollah Ali Khamenei has called the Internet
a threat to national security and a dangerous double-edged knife that
has benefits as well as risks.
Since 2009, Mr. Khamenei has instructed security forces to train and
form units to battle cyberattacks to curb the influence of social-
In March, Mr. Khamenei issued a decree ordering the creation of the
Supreme Council of Cyberspace, a committee consisting of high-level
military and intelligence officials tasked with supervising cyber
activity and warfare. —Siobhan Gorman contributed to this article.
(Copyright © Dow Jones & Company, Inc.) 05/30/12)
Return to Top
MATERIAL REPRODUCED FOR EDUCATIONAL PURPOSES ONLY