Cyber Spy Program Flame Compromises Key Microsoft Security System
Cyber espionage program forces tech behemoth to issue alert.
June 4, 2012 — -- The cyber espionage super bug Flame compromised a key Microsoft security system, the company has now revealed, prompting Microsoft to issue an emergency patch to its millions of customers because of fears of what one expert called potential "collateral damage" from the U.S. and Israel's cyber war against Iran.
In an alert issued late Sunday, Microsoft told customers that the authors of Flame -- a highly sophisticated surveillance computer virus discovered on networks in the Middle East and Iran -- had figured out how to use Microsoft's own security system to forge digital security certificates, which then allowed the malicious code to spread undetected by anti-virus programs. Digital certificates are in part designed to authenticate interactions online and help protect computer networks from being accessed by unauthorized users.
Microsoft fixed the security breach, but was also forced to add the compromised certificates to its own growing list of "untrusted" certificates.
Microsoft said that since Flame was such a precisely targeted attack, a vast majority of customer systems that use digital certificates -- which includes U.S. government and financial institutions -- were not in danger of being infected, but said it had to take action because the same technique could be used by other "less sophisticated attackers to launch more widespread attacks."
While no country or group has taken responsibility for Flame, cyber security experts who have analyzed the code said it appears to be the latest volley in an advanced cyber campaign targeting Iran and was most likely developed by a wealthy nation-state -- leading many to suspect the involvement of the U.S. or Israeli governments. Five different U.S. government agencies declined to comment to ABC News about those allegations and the Israeli government has reportedly denied any link to the virus.
Former White House counter-terrorism advisor and ABC News consultant Richard Clarke said that the possible future attack that Microsoft warned about is the inevitable collateral damage seeping out from the Iran campaign.
"This may be an example of how U.S. and Israeli cyber war has the blowback effect that threatens the security of American networks," said Clarke, author of "Cyber War."
Clarke initially raised concerns about the hidden risks of cyber war in early 2010 after researchers discovered Stuxnet, an unprecedented offensive cyber weapon that is believed to have physically damaged an Iranian nuclear facility. Stuxnet's complexity stunned and concerned experts including Michael Assante, President of the National Board of Information Security Examiners of the U.S., who told a Congressional committee in 2010 that after it was revealed, Stuxnet could serve as a "blue print" for other groups hoping to replicate part or all of that weapon.