
The day after its discovery, there are few doubts that the infamous malware dubbed Flame (or sKyWIper) has been developed by a government with significant budget and effort. The complexity of the malware suggests that it has been used for a huge cyber-espionage campaign and, easily predictable, Israel is listed as the main culprit, even if in good company if it is true, as argued by some bloggers, that the malware was created by a strict cooperation coproduction between CIA and Mossad.
Israeli vice Premier Moshe Ya’alon has contributed to fuel the Flame: speaking in an interview with Army Radio, Ya’alon has hinted that Jerusalem could be behind the cyber attack, saying “Israel is blessed to be a nation possessing superior technology. These achievements of ours open up all kinds of possibilities for us.” In light of this statement, it does not appear a simple coincidence the fact that the main victims of the cyber weapon, as reported by Kaspersky Lab, are nations who may not be just considered in good neighborhood relations with Israel.
Consequently it is not that surprise the fact that the same interview has been readily reported by the Iranian News Agency Fars (which has interpreted it as a sign of liability and has hence blamed Israel for waging cyber war in Iran) as well as it is not that surprise the tone of several comments to an article posted on the Haaretz newspaper’s Web site (“Nice One Israel, Proud of You!!!!”).
Of course it is too soon to jump to conclusion,in any case, whether Israel (and U.S.) is behind Flame or not, I could not help but wonder how it is possible that a malware has been able to go undetected for at least 5 years. Are endpoint protection technologies really dead, leaving us at the mercy of a (cyber)world ruled by APTs?
If you want to have an idea of how fragile our data is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 and 2012 (regularly updated) at hackmageddon.com. And follow the author of this article @paulsparrows on Twitter for the latest updates.
Related Articles
- “Flame” malware infiltrating Middle East computers: the most complex Cyber Weapon, ever! (theaviationist.com)
It’s not that end point security is dead, its that vulnerabilities exist that have not been disclosed to the security research community. There are companies that exist to find vulnerabilities, exploit them, and sell them to government agencies, as well as those agencies working on their own behalf.
If this is true, Flame makes Stuxnet look like a high school project. If I were Iranian govt or high ranking official, I would be very worried. If this thing has been lurking for 5 YEARS, who knows what has been targeted and downloaded. How about financial info, Iran being one of the most corrupt countries, would I be a little worried about what could be found about certain transactions and where and how much money has been hidden? What about ministries, surveys about Iranian population, voting results,etc..? What info on computers from all those mullahs? Sure there isn’t anything compromising on those? What about military, war game results, strategies, inventories, effectiveness of air force or army/navy,etc…?
This shows that not only nuclear info was targeted but much more, this level of sophistication and duration means all whole lot of people and interests other than nukes could have been targeted.
Makes one wonder if Iran is as much in charge and control of its own destiny as they think they are…..
Finally, about the whole RQ170 episode. I really believe that the main reason it went down is because of mechanical failure. I never really bought the whole Iran (with help of Russia/China) brought it down, never believed that as some suggested that it could be a plant. Seemed far fetched at the time to say the least.
Now, IMO the whole plant episode doesn’t seem as crazy as I thought. Could USA have decided that some info on some new Russian/Chinese ECM needed to be investigated? Why not use a plain vanilla styrofoam copy of RQ170, send over Iran and once Iran captured it, downloaded all info onto computers, retrieve all intel on new Russian ECM and at the same time gain access on new computers Iran used? Maybe the computers Iran used were really the target? Maybe they really were well separated from regular Iran network and that was one way to access them? US knew Iran would more than be happy to parade RQ170 around, maybe drop there guard and this gave USA a chance to penetrate different computers it couldn’t get its hands own? For what, how does Iran really know what RQ170 REALLY looks like inside?
Bad news for Iran if maybe Russian or Chinese specialist took a look at the insides of RQ170 and started laughing….
Seem to be a bit of back tracking going on here http://www.bbc.co.uk/news/technology-18277555