JERUSALEM (AP) - A Russian-based internet security firm says a powerful computer virus with unprecedented data-snatching capabilities has attacked machines in Iran and elsewhere in the Middle East.
Iran has not disclosed any damage done by the new spyware virus, dubbed “Flame.” Its origin has not been identified, but Israel’s vice premier fueled speculation that his country, known for its technological innovation and tireless campaign against Iran’s suspect nuclear program, unleashed it.
Russian digital security provider Kaspersky Lab, which identified the virus, said in a release posted on its website late Monday that “the complexity and functionality of the newly discovered malicious program exceed those of all other cyber menaces known to date.”
It said preliminary findings suggest the virus has been active since March 2010, but eluded detection because of its “extreme complexity” and the fact that only selected computers are being targeted. Flame’s primary purpose, it said, “appears to be cyber espionage, by stealing information from infected machines” and sending it to servers across the world.
According to Kaspersky, the virus collected information not only in Iran, but also in Israel and the Palestinian territories, Sudan, Syria, Lebanon, Saudi Arabia and Egypt. Iran, however, was far and away the country most affected, it said.
A unit of the Iranian communications and information technology ministry said only that it has produced an antivirus capable of identifying and removing the new malware. The Flame virus is the fourth known cyber attack on Iranian computer systems.
Comments Tuesday by Israel’s vice premier did little to deflect suspicion about possible Israeli involvement in the latest attack.
“Whoever sees the Iranian threat as a significant threat is likely to take various steps, including these, to hobble it,” Vice Premier Moshe Yaalon told Army Radio. “Israel is blessed with high technology, and we boast tools that open all sorts of opportunities for us.”
Israel, like the West, rejects Tehran’s claims that its nuclear program is designed to produce energy, not bombs. It considers Iran to be the greatest threat to its survival and repeatedly, if obliquely, threatened to attack Iran’s nuclear facilities if Tehran doesn’t abandon its uranium enrichment project, a key element of bomb making.
Because Flame is so complex, was not designed to hack into bank accounts and doesn’t have the hallmarks of amateur hackers, Kaspersky has concluded that the research that went into the code was government-sponsored.
The code offers no information that can tie Flame to any specific country, Kaspersky said in its release, but a company agent in Israel said “you could more or less put your finger on any Western nation.”
There is no indication of what kind of material it stole, but “we know that the computers that were infected were computers with very sensitive information” because the virus can be modified to mine whatever information is sought, added Ilan Froimovici, technical director at Power Communications, Kaspersky’s representative in Israel.
Evidence suggests the same programmers were behind both Flame and Stuxnet, a virus that disrupted controls of some nuclear centrifuges in Iran in 2010, Froimovici said. The centrifuges are devices used in enriching uranium.
The two codes “use the same vulnerabilities in the operating system and the computer infrastructure in order to infect the computer system. We do believe that the same programmers built the two codes,” he said.
Udi Mokady, CEO of Cyber-Ark, an Israeli developer of information security, said he thought four countries, in no particular order, have the technological know-how to develop so sophisticated a cyber offensive: Israel, the U.S., China and Russia.