JERUSALEM (AP) – A Russian-based internet security firm says a powerful computer virus with unprecedented data-snatching capabilities has attacked machines in Iran and elsewhere in the Middle East.
Iran has not disclosed any damage done by the new spyware virus, dubbed “Flame.” Its origin has not been identified, but Israel’s vice premier fueled speculation that his country, known for its technological innovation and tireless campaign against Iran’s suspect nuclear program, unleashed it.
Russian digital security provider Kaspersky Lab, which identified the virus, said in a release posted on its website late Monday that “the complexity and functionality of the newly discovered malicious program exceed those of all other cyber menaces known to date.”
It said preliminary findings suggest the virus has been active since March 2010, but eluded detection because of its “extreme complexity” and the fact that only selected computers are being targeted. Flame’s primary purpose, it said, “appears to be cyber espionage, by stealing information from infected machines” and sending it to servers across the world.
According to Kaspersky, the virus collected information not only in Iran, but also in Israel and the Palestinian territories, Sudan, Syria, Lebanon, Saudi Arabia and Egypt. Iran, however, was far and away the country most affected, it said.
A unit of the Iranian communications and information technology ministry said only that it has produced an antivirus capable of identifying and removing the new malware. The Flame virus is the fourth known cyber attack on Iranian computer systems.
Comments Tuesday by Israel’s vice premier did little to deflect suspicion about possible Israeli involvement in the latest attack.
“Whoever sees the Iranian threat as a significant threat is likely to take various steps, including these, to hobble it,” Vice Premier Moshe Yaalon told Army Radio. “Israel is blessed with high technology, and we boast tools that open all sorts of opportunities for us.”
Israel, like the West, rejects Tehran’s claims that its nuclear program is designed to produce energy, not bombs. It considers Iran to be the greatest threat to its survival and repeatedly, if obliquely, threatened to attack Iran’s nuclear facilities if Tehran doesn’t abandon its uranium enrichment project, a key element of bomb making.
Because Flame is so complex, was not designed to hack into bank accounts and doesn’t have the hallmarks of amateur hackers, Kaspersky has concluded that the research that went into the code was government-sponsored.
The code offers no information that can tie Flame to any specific country, Kaspersky said in its release, but a company agent in Israel said “you could more or less put your finger on any Western nation.”
There is no indication of what kind of material it stole, but “we know that the computers that were infected were computers with very sensitive information” because the virus can be modified to mine whatever information is sought, added Ilan Froimovici, technical director at Power Communications, Kaspersky’s representative in Israel.
Evidence suggests the same programmers were behind both Flame and Stuxnet, a virus that disrupted controls of some nuclear centrifuges in Iran in 2010, Froimovici said. The centrifuges are devices used in enriching uranium.
The two codes “use the same vulnerabilities in the operating system and the computer infrastructure in order to infect the computer system. We do believe that the same programmers built the two codes,” he said.
Udi Mokady, CEO of Cyber-Ark, an Israeli developer of information security, said he thought four countries, in no particular order, have the technological know-how to develop so sophisticated a cyber offensive: Israel, the U.S., China and Russia.
“It was 20 times more sophisticated than Stuxnet,” with thousands of lines of code that took a large team, ample funding and months, if not years, to develop, he said.
“It’s a live program that communicates back to its master. It asks, where should I go? What should I do now? It’s really almost like a science fiction movie.”
Iran claims Stuxnet and other computer viruses have done no serious harm to Iran’s nuclear or industrial facilities, and sees them as part of a campaign by Israel, the U.S. and their allies, which includes the assassination of Iranian nuclear scientists, to undermine the Iranian nuclear program.
Kaspersky said the cyber espionage worm came to its attention after the United Nations’ International Telecommunication Union asked it for help in finding a piece of malware that was deleting sensitive information across the Middle East. The company stumbled across Flame when searching for that other code, it said.
The discovery of the Flame virus comes just days after talks between Iran and six world powers in Baghdad failed to persuade Tehran to freeze enrichment. A new round of nuclear talks is expected to take place in Moscow next month.
Yaalon, the Israeli vice premier, told Army Radio on Tuesday that the talks in Iraq “yielded no significant achievement” except to let Iran buy time. He appeared to take a swipe at President Barack Obama by saying it might “even be in the interest of some players in the West to play for time.”
Yaalon in the past expressed disappointment that the U.S. has delayed plans to expand sanctions against Iran, suggesting Washington was afraid the penalties would send oil prices soaring and hurt Obama’s re-election chances.
Diaa Hadid contributed to this report from Jerusalem.