Flame Cyber Attack: Israel Behind Largest Cyber Spy Weapon Ever?

Israeli official says cyber attack could be among "steps" taken against Iran.

ByABC News
May 29, 2012, 10:02 AM

May 29, 2012 — -- A top Israeli official hinted today that his country could be behind the most sophisticated cyber espionage program ever developed, known as Flame, which infiltrated and has spied on computer systems throughout the Middle East, including those in Iran, for the past two years.

"Whoever sees the Iranian threat as a serious threat would be likely to take different steps, including these, in order to hurt them," Israel's vice prime minister Moshe Yaalon told Israel's Army Radio today, referring to the cyber attack. "Israel is blessed to be a nation possessing superior technology. These achievements of ours open up all kinds of possibilities for us."

Flame, also known as sKyWIper, is a veritable "toolkit" of cyber spying programs that is capable of remotely taking screenshots while the computer user works, recording audio conversations through the computer's own microphone, intercepting keyboard inputs and wiping data, among other sophisticated capabilities, according to cyber security experts. The code has been active for two years and has infected dozens of computers throughout the Middle East, mostly in Iran.

Three cyber security firms, both in the U.S. and abroad, that have begun to analyze Flame said the code is unprecedented in complexity and, due to its sheer sophistication, was most likely developed by a hacking team working under the direction of a nation-state.

"We can't pinpoint who is actually behind it but we can narrow the list of potential actors," Vikram Thakur, a manager at Symantec, told ABC News Monday. "It's a project that's been out for years, and flown under the radar. It is extremely well funded."

One of the cyber security companies that has analyzed Flame, the Russia-based Kaspersky Labs, said that the malware was discovered only after sensitive information began suddenly disappearing from computer networks in the Middle East. The wiping program turned out to be just one arm of Flame.

Iran's government cyber security response team acknowledged the breech in an online posting Monday, which described the malware's capabilities and said that its methods and functionality made Iranian experts believe it had a "close relation" to Stuxnet, another highly sophisticated cyber weapon discovered in 2010 that appeared to target and damage an Iranian nuclear enrichment facility. Israel was suspected of being behind that attack and the Israeli government has repeatedly declined to comment on those allegations.

READ: Could Cyber Superweapon Stuxnet Be Turned on U.S.?

Analysis from Kaspersky and the Hungary-based cryptology lab Crysys shows that the code used in Flame is so much bigger and so different from that used in Stuxnet that it is unlikely the two were developed by the same group of hackers, but their reports did not discount the possibility that the same nation could have funded and directed both attacks, considering the common target.

Vitaly Kamluk, chief malware expert at Kaspersky Labs, told ABC News that nuances in the Flame code led researchers to believe it had been written by English-speakers. Kaspersky Labs also noted in its blog post that Flame had been detected on several computer systems in Israel.

So far, researchers in the U.S. and abroad have said Flame appears to only be used for spying purposes, rather than being used to cause physical damage to systems, like Stuxnet. Still, Kaspersky Labs said in a blog post, "such highly flexible malware can be used to deploy specific attack modules" that could target a country's critical infrastructure and there could also be variations of the code that have yet to be discovered.

Further analysis of the complex Flame code by several cyber security firms is ongoing.