Cyber Spy Program Flame Compromises Key Microsoft Security System

PHOTO: A "super bug" compromised a key Microsoft security system.

The cyber espionage super bug Flame compromised a key Microsoft security system, the company has now revealed, prompting Microsoft to issue an emergency patch to its millions of customers because of fears of what one expert called potential "collateral damage" from the U.S. and Israel's cyber war against Iran.

In an alert issued late Sunday, Microsoft told customers that the authors of Flame -- a highly sophisticated surveillance computer virus discovered on networks in the Middle East and Iran -- had figured out how to use Microsoft's own security system to forge digital security certificates, which then allowed the malicious code to spread undetected by anti-virus programs. Digital certificates are in part designed to authenticate interactions online and help protect computer networks from being accessed by unauthorized users.

Microsoft fixed the security breach, but was also forced to add the compromised certificates to its own growing list of "untrusted" certificates.

Microsoft said that since Flame was such a precisely targeted attack, a vast majority of customer systems that use digital certificates -- which includes U.S. government and financial institutions -- were not in danger of being infected, but said it had to take action because the same technique could be used by other "less sophisticated attackers to launch more widespread attacks."

Follow BrianRoss on Twitter

While no country or group has taken responsibility for Flame, cyber security experts who have analyzed the code said it appears to be the latest volley in an advanced cyber campaign targeting Iran and was most likely developed by a wealthy nation-state -- leading many to suspect the involvement of the U.S. or Israeli governments. Five different U.S. government agencies declined to comment to ABC News about those allegations and the Israeli government has reportedly denied any link to the virus.

Former White House counter-terrorism advisor and ABC News consultant Richard Clarke said that the possible future attack that Microsoft warned about is the inevitable collateral damage seeping out from the Iran campaign.

"This may be an example of how U.S. and Israeli cyber war has the blowback effect that threatens the security of American networks," said Clarke, author of "Cyber War."

Clarke initially raised concerns about the hidden risks of cyber war in early 2010 after researchers discovered Stuxnet, an unprecedented offensive cyber weapon that is believed to have physically damaged an Iranian nuclear facility. Stuxnet's complexity stunned and concerned experts including Michael Assante, President of the National Board of Information Security Examiners of the U.S., who told a Congressional committee in 2010 that after it was revealed, Stuxnet could serve as a "blue print" for other groups hoping to replicate part or all of that weapon.

READ: Beware the Cyber War Boomerang?

Follow ABCNewsBlotter on Facebook

  • 1
  • |
  • 2
Join the Discussion
blog comments powered by Disqus
You Might Also Like...
See It, Share It
PHOTO: Gisele Bundchen walks the runway during Sao Paulo Fashion Week Winter 2015 on Nov. 4, 2014 in Sao Paulo.
Studio Fernanda Calfat/Getty Images
PHOTO: Seattle Seahawks fans cheer before Super Bowl XLIX against the New England Patriots on Feb. 1, 2015 in Glendale, Ariz.
Timothy A. Clary/AFP/Getty Images
PHOTO: Gisele Bundchen and Tom Brady attend the Costume Institute Gala at the Metropolitan Museum of Art on May 5, 2014 in New York City.
Andrew H. Walker/Getty Images
PHOTO: From left, Tom Brady in Foxborough, Mass., Jan. 18, 2015 and Russell Wilson in Seattle, Wash., Jan. 18, 2015.
Matt Slocum/AP Photo | Ted S. Warren/AP Photo