Posts Tagged Stuxnet
WASHINGTON: The Flame computer virus which has been raging in the Middle East has strong links to Stuxnet, a malware program widely believed to have been developed by the United States or Israel, a security firm said Monday.
Kaspersky, the Russian computer security firm credited with discovering Flame last month, said its research shows the two programs share certain portions of code, suggesting some ties between two separate groups of programmers.
Kaspersky researcher Alexander Gostev said in a blog post that a first examination made it appear the two programs were unrelated.
“But it turns out we were wrong,” he wrote. “Our research unearthed some previously unknown facts that completely transform the current view of how Stuxnet was created and its link with Flame.”
Gostev said Flame, even though it was discovered just recently, appears to predate Stuxnet, which was created in 2009.
“By the time Stuxnet was created (in January-June 2009), the Flame platform was already in existence (we currently date its creation to no later than summer 2008) and already had modular structure,” he said.
“The Stuxnet code of 2009 used a module built on the Flame platform, probably created specifically to operate as part of Stuxnet.”
This, he said, points to the existence of “two independent developer teams… (each) developing its own platform since 2007-2008 at the latest.”
Kaspersky, one of the world’s biggest producers of anti-virus software, said the Flame virus was “about 20 times larger than Stuxnet,” the worm which was discovered in June 2010 and used against the Iranian nuclear program.
High concentrations of computers compromised by Flame were also found in Lebanon, the West Bank and Hungary. Additional infections have been reported in Austria, Russia, Hong Kong and the United Arab Emirates.
Compromised computers included many being used from home connections, according to security researchers who were looking into whether reports of infections in some places resulted from workers using laptops while traveling.
Stuxnet was designed to attack computer control systems made by German industrial giant Siemens and commonly used to manage water supplies, oil rigs, power plants and other critical infrastructure.
Most Stuxnet infections have been discovered in Iran, giving rise to speculation it was intended to sabotage nuclear facilities there. The worm was crafted to recognize the system it was to attack.
Some reports say US and Israeli intelligence services collaborated to develop the computer worm to sabotage Iran’s efforts to make a nuclear bomb.
Johannes Ullrich, a researcher at the Washington-based SANS Technology Institute, said the relationship between the two viruses remains unclear.
“Flame did initially appear very different, and I still think it wasn’t written by the same group or individual that wrote Stuxnet,” Ullrich told AFP.
“However, this doesn’t mean that the two groups didn’t coordinate or share code with each other. I do think this may have been the case with Stuxnet and Flame… the code could have been written by two different contractors who worked for the same government and as a result had access to each other’s resources.”
TALLINN: Quick advances in cyber war technologies could soon lead to a new generation of so-called “intelligent cyber weapons” which top global IT defence experts warn could be virtually unstoppable.
“Rapid developments in cyber (technology) might lead to intelligent cyber weapons that are hard to control and it’s practically impossible to use formal methods of verifying the safety of intelligent cyber weapons by their users,” Enn Tyugu, IT expert at Tallinn’s NATO Cyber Defence Centre said at its fourth annual conference Thursday.
He also warned that programmes developed to counter attacks by malwares like Stuxnet can act independently and could possibly themselves spark conflicts.
“They are quite autonomous, and can operate independently in an unfriendly environment and might at some point become very difficult to control… that can lead to cyber conflict initiated by these agents themselves,” Tyugu said.
“Stuxnet and Flame have shown the side of cyber of which the average user does not think of but which will bring a lot of challenges to all experts who deal with critical infrastructure protection issues – IT experts, lawyers, policy makers,” Ilmar Tamm, Head of the NATO Cyber Defence Centre told reporters on Thursday.
“The number of cyber conflicts keeps rising and it is important to understand who the actors in these events are, how to classify these events and participants, and how to interpret all that,” Tamm said, noting Western leaders have been slow to become aware of even existing cyber threats.
Experts at the conference noted that both China and Russia have significantly upgraded their cyber-defence capabilities in recent years by creating new IT units.
“But the most powerful weapon today in cyber space is still the propaganda, the chance to use the Internet to spread your message,” Kenneth Geers, US cyber defence expert told some 400 top IT gurus attending the meeting Thursday.
Keir Giles, head of Oxford University’s Conflict Studies Research Centre, noted that some Russian leaders seemed to “sincerely believe that the recent opposition rallies after the presidential elections in Russia were initiated by the US in cyberspace.”
BOSTON: Security experts have discovered a new data-stealing virus dubbed Flame they say has lurked inside thousands of computers across the Middle East for as long as five years as part of a sophisticated cyber warfare campaign.
It is the most complex piece of malicious software discovered to date, said Kaspersky Lab security senior researcher Roel Schouwenberg, whose company discovered the virus. The results of the Lab’s work were made available on Monday.
Schouwenberg said he did not know who built Flame. If the Lab’s analysis is correct, Flame could be the third major cyber weapon uncovered after the Stuxnet virus that attacked Iran’s nuclear program in 2010, and its data-stealing cousin Duqu, named after the Star Wars villain.
The discovery by one of the world’s largest makers of anti-virus software will likely fuel speculation that nations have already secretly deployed other cyber weapons.
“If Flame went on undiscovered for five years, the only logical conclusion is that there are other operations ongoing that we don’t know about,” Schouwenberg said in an interview.
The Moscow-based company is controlled by Russian malware researcher Eugene Kaspersky, and gained notoriety in cyber weapons research after solving several mysteries surrounding Stuxnet and Duqu.
Researchers at Kaspersky said they were only starting to understand how Flame works because it is so complex. The full significance will not be known until other cyber security firms obtain samples of Flame.
The Lab’s research shows the largest number of infected machines are in Iran, followed by the Israel/Palestine region, then Sudan and Syria.
The virus contains about 20 times as much code as Stuxnet, which attacked an Iranian uranium enrichment facility, causing centrifuges to fail. It has about 100 times as much code as a typical virus designed to steal financial information, Schouwenberg said.
Flame can gather data files, remotely change settings on computers, turn on PC microphones to record conversations, take screen shots and log instant messaging chats.
He said there was evidence to suggest the code was commissioned by the same nation or nations that were behind Stuxnet and Duqu, which were built on a common platform.
Both Flame and Stuxnet appear to infect machines by exploiting the same flaw in the Windows operating system and employ a similar way of spreading.
That means the teams that built Stuxnet and Duqu might have had access to the same technology as the team that built Flame, he said.
Schouwenberg said he believed the attack was highly targeted, aimed mainly at businesses and academic institutions.
He estimated that no more than 5,000 personal computers around the world have been infected, including a handful in North America.
Kaspersky Lab discovered Flame while investigating reports that a virus dubbed Wiper was attacking computers in Iran.
The International Telecommunications Union, a UN agency that promotes research and cooperation on telecommunications technology, asked Kaspersky Lab to investigate those reports.
Schouwenberg said that his team discovered Flame, but failed to turn up anything that resembled Wiper.