Cyber Spy Program Flame Compromises Key Microsoft Security System

Cyber espionage program forces tech behemoth to issue alert.

June 4, 2012, 1:06 PM

June 4, 2012 — -- The cyber espionage super bug Flame compromised a key Microsoft security system, the company has now revealed, prompting Microsoft to issue an emergency patch to its millions of customers because of fears of what one expert called potential "collateral damage" from the U.S. and Israel's cyber war against Iran.

In an alert issued late Sunday, Microsoft told customers that the authors of Flame -- a highly sophisticated surveillance computer virus discovered on networks in the Middle East and Iran -- had figured out how to use Microsoft's own security system to forge digital security certificates, which then allowed the malicious code to spread undetected by anti-virus programs. Digital certificates are in part designed to authenticate interactions online and help protect computer networks from being accessed by unauthorized users.

Microsoft fixed the security breach, but was also forced to add the compromised certificates to its own growing list of "untrusted" certificates.

Microsoft said that since Flame was such a precisely targeted attack, a vast majority of customer systems that use digital certificates -- which includes U.S. government and financial institutions -- were not in danger of being infected, but said it had to take action because the same technique could be used by other "less sophisticated attackers to launch more widespread attacks."

While no country or group has taken responsibility for Flame, cyber security experts who have analyzed the code said it appears to be the latest volley in an advanced cyber campaign targeting Iran and was most likely developed by a wealthy nation-state -- leading many to suspect the involvement of the U.S. or Israeli governments. Five different U.S. government agencies declined to comment to ABC News about those allegations and the Israeli government has reportedly denied any link to the virus.

Former White House counter-terrorism advisor and ABC News consultant Richard Clarke said that the possible future attack that Microsoft warned about is the inevitable collateral damage seeping out from the Iran campaign.

"This may be an example of how U.S. and Israeli cyber war has the blowback effect that threatens the security of American networks," said Clarke, author of "Cyber War."

Clarke initially raised concerns about the hidden risks of cyber war in early 2010 after researchers discovered Stuxnet, an unprecedented offensive cyber weapon that is believed to have physically damaged an Iranian nuclear facility. Stuxnet's complexity stunned and concerned experts including Michael Assante, President of the National Board of Information Security Examiners of the U.S., who told a Congressional committee in 2010 that after it was revealed, Stuxnet could serve as a "blue print" for other groups hoping to replicate part or all of that weapon.

READ: Beware the Cyber War Boomerang?

A Congressional report compiled in 2010 warned, "It is widely believed that terrorist organizations do not currently posses the capability or have [not] made the necessary arrangements with technically savvy organizations to develop a Stuxnet-type worm. However... Stuxnet's design revelations may make it easier for terrorist organizations to develop such capabilities in the future."

Last week The New York Times reported that Stuxnet was a product of America's long-term cyber campaign against Iran and President Obama was personally concerned about the damage Stuxnet could do after it accidentally seeped online and started replicating around the world.

Researchers at the Russia-based cyber security firm Kaspersky Labs who were among the first to analyze Flame said similarities to Stuxnet in technique and targeting have led them to believe that the two were developed by the same entity as parallel projects.

The same day Microsoft revealed their security breach, the Israeli military made an unusual public announcement, saying they have "been engaged in cyber activity consistently and relentlessly, gathering intelligence and defending its own cyber space."

"Additionally if necessary the cyber space will be used to execute attacks and intelligence operations," Sunday's announcement said.

Representatives at Microsoft declined to comment for this report.

CLICK HERE to read the Microsoft alert.

Click here to return to The Blotter homepage.

ABC News Live

ABC News Live

24/7 coverage of breaking news and live events