The head of Kaspersky Lab, Vitaly Kamlyuk explains: "We were aware of the malware that had spread throughout the Middle East, attacked hundreds of computers and wiped their hard drives, making the systems unbootable after that. It was actually after an inquiry from the International Telecommunications Union, which is a part of the United Nations, who actually asked us to start conducting research. When we started looking for this mysterious malware in the Middle East, we discovered this suspicious application that turned out to be even more interesting than the initial target of our search. Flame, does not appear to cause physical damage and yet it been dubbed the most hazardous cyber-attacks in history, and it is actually on the same level as the notoriously known Stuxnet and Duqu attacks, because we suspect that there is a nation state behind the development of this cyber attack, and there are reasons for that. This application doesn't fit into any of the existing groups of developed cyber attack tools. There are currently three groups. There are traditional cyber criminals who are hunting users' data (like log-ins and passwords) to access bank accounts over the Internet and steal money, send spam, or conduct dubious attacks.Flame doesn't fit into the group of traditional cyber criminal malware. Also, it doesn't fit into the activists' malware who are using typically free and open source tools to attack computers on the Internet. And the third known group is nation-states.
The virus is pretty advanced – one of the most sophisticated we've ever seen. Even its size – it's over 20 megabytes if you sum up all the sizes of the modules that are part of the attacking toolkit. It's very big compared to Stuxnet, which was just hundreds of kilobytes of code: it's over 20 megabytes. It's also quite unique in the way it steals information. It's possible to steal different types of information with the help of this spy-ware tool. It can record audio if a microphone is attached to the infected system, it can do screen captures and transmit visual data. It can steal information from the input boxes when they are hidden behind asterisks, password fields; it can get information from there.Also it can scan for locally visible Blue-tooth devices if there is a Blue-tooth adapter attached to the local system". Furthermore he explains that there is no reliable relation between Stuxnet and Flame. "They are completely different. While Stuxnet was a small application developed for a particular target with the specific objective to interact with industrial control systems and break them down, Flame is a universal attacking tool kit used mostly for cyber espionage. Even if the country isn't technologically developed in this area, it doesn't prevent them from cooperating with organizations like ours and with private companies in the security industry that can provide them with valuable pieces of information which can actually result in the discovery of such threats. And when we discover such threats, we permanently add them to antivirus databases, and users from those nations can use freely available trial tools and commercial antivirus software to protect their systems. When the users of Flame are finished analyzing data that has been stolen from one network, they remove the malware and switch to another making it possible the extract only the data they are interested in. Stuxnet and Duqu were bright examples of cyber weapons which could even physically destroy infrastructure, and Flame is a continuation of this story. So this is another development in this roe which continues in addition to Stuxnet and Duqu. The key feature of cyber-war is that nobody knows when cyber warfare operations are going on. Like with Stuxnet and Duqu, it's currently unclear who is behind it. It's very hard to find out who is behind it because when we try to follow the traces, who controls the application – it connects to the command and control centers – it turns out to be... dozens or even more servers spread around different countries around the world. More than 80 or 90 domains are associated with those servers. Most of them are registered with fake identities. So they're pretty well protected and hidden. So it is unclear who is behind that, and we try not to speculate who could be behind such attacks. We try to base it on pure facts like the language we extract from the code. In this case, we only found traces of good English used inside the code."
| video_Flame |
|---|
LATEST MEDIA |
For More Information Regarding Computer Warfare visit: