by Ilan Gattegn
An unidentified source says the Flame virus moved dozens of encoded Iranian documents to public cloud servers • Guardian reports U.S. is "principal player" in what has been called the most sophisticated cyberattack.
The Obama administration has warned American businesses about the Flame virus. | Photo credit: Ami Shooman  |
As intelligence agencies and software security experts continue to examine the Flame virus that infected computers in Iran and other countries in the Middle East, one source familiar with the matter said the virus had transferred dozens of encoded documents from Iran to public cloud servers in the Netherlands, Switzerland and the U.S. Analysts are now trying to figure out where the information continued on to, and how the virus transferred the information to its handlers.
Meanwhile, according to a weekend report in British newspaper The Guardian, the U.S. was the "principal player" in what has been widely recognized as the most sophisticated cyberattack ever.
The Guardian report followed a New York Times report Friday, in which an anonymous senior administration official said: "President Barack Obama decided to speed up an initiative launched by his predecessor, George W. Bush, code-named Olympic Games, which aimed to use computer viruses to attack Tehran's uranium-enrichment program."
The Times article continued: "Obama took the decision to accelerate the pace of computer sabotage against Tehran in 2010, even after details about one of the cyber weapons developed to attack Iran, the Stuxnet worm, accidentally leaked on to the internet. It had been designed to target Iran's Natanz nuclear plant."
Two days ago, the Obama administration warned American businesses about the Flame virus but also assured them that no infections had been discovered inside the U.S. so far. The Homeland Security Department described Flame as an espionage tool that was sophisticated in design, using encryption and other techniques to help break into computers and move through corporate or private networks. The virus can eavesdrop on data traffic, take screenshots and record audio and keystrokes. The department said Flame's origin was a mystery.
The White House has declined to discuss the virus.
Private security researchers have long suspected that the U.S. and Israeli governments were responsible for the Stuxnet virus. But the New York Times' detailed description of conversations in the Oval Office among Obama, the vice president and the CIA director about the U.S. government's responsibility for Stuxnet is the most direct evidence of this to date. U.S. officials rarely discuss the use of cyber weapons outside classified settings.
The White House said Friday it would not discuss whether the U.S. was responsible for the Stuxnet attacks on Iran.
"I'm not able to comment on any of the specifics or details," White House spokesman Josh Earnest said. "That information is classified for a reason, and it is kept secret. It is intended not to be publicized because publicizing it would pose a threat to our national security."
But one source familiar with the Bush administration's initial work on Stuxnet said it had stalled Iran's nuclear program by about five years.
"It bought us time. First, it was to get across from one administration to the next without having the issue blow up. And then it was to give Obama a little more time to come up with alternatives, through the sanctions, et cetera," said the source.
Russian digital security provider Kaspersky Lab, which first identified the virus, said Flame's complexity and functionality "exceed those of all other cyber menaces known to date." There is no doubt, the company said, that a government sponsored the research that developed it. Yet Flame's author remains unknown because there is no information in the code of the virus that would link it to a particular country.
Other experts said it was not as fearsome as believed.
Much of the code used to build the virus is old and available on the Internet, said Becky Bace, chief strategist at the Center for Forensics, Information Technology and Security at the University of South Alabama. She said Flame could have been developed by a small team of smart people with motivation and financial backing, making it just as likely a criminal enterprise or a group working as surrogates could have been responsible.
"Here's the wake-up call as far as cyber is concerned: You don't have to be a nation-state to have what it would take to put together a threat of this particular level of sophistication," said Bace, who spent 12 years at the National Security Agency working on intrusion detection and network security. "There's no secret sauce here."
Stuxnet was far more complex. Still, Stuxnet could not have worked without detailed intelligence about Iran's nuclear program that was obtained through conventional spycraft, said Mikko Hypponen, chief research officer at F-Secure, a digital security company in Helsinki, Finland. The countries with the motivation and the means to gather that data are the U.S. and Israel, he said.
"This is at the level of complexity that very few organizations in the world would even attempt," said Hypponen, who has studied Stuxnet and Flame. "Basically you have to have moles. Most of what they needed to pull this off was most likely collected with what we would characterize as traditional intelligence work."
A senior defense official involved in Israel's cyber warfare program said last Friday, "Israel is investing heavily in units that deal with cyber warfare both for defense and offense." He would not elaborate. The official spoke on condition of anonymity.
It could take years to know who is responsible. "We are very good as an industry at figuring out what a piece of malware does," said Dave Marcus, director of advanced research and threat intelligence at digital security giant McAfee. "But we are less accurate when it comes to saying what group is responsible for it, or it came from this country or that organization."
Source: http://www.israelhayom.com/site/newsletter_article.php?id=4555
Copyright - Original materials copyright (c) by the authors.
No comments:
Post a Comment