Dutch cyber expert Roel Schouwenberg is absolutely certain that a new computer virus, discovered last week by Russian anti-virus company Kaspersky Lab, was created by a government agency. Schouwenberg, who works for Kaspersky, says 'Flame' is the next logical step in the new digital arms race.
Flame is extremely advanced and such a danger that the UN's telecommunication watchdog warned of a serious threat to member states' critical infrastructure. That's the first time that the UN ITU has issued such a warning. The organisation also called for increased international co-operation in the fight against cyber espionage.
Flame, as the malware has been dubbed, has infected computer systems in Iran, Sudan and five countries in the Middle East. The targets include private individuals, government institutions, companies and universities. Flame is a sophisticated tool: it steals data, takes screenshots, registers keyboard strikes, remotely operates webcams and audio recording equipment as well as tapping into mobile phones via Bluetooth equipment.
The largest variant detected so far is 20 MB and used holes in Microsoft software code to infect computers. It is the largest malware ever detected; ordinary computer viruses are usually just a few kilobytes and even the Stuxnet worm was only 500 kb.
Apart from the Bluetooth application, none of these spy techniques are new. Schouwenberg says it is not what Flame does that makes it so special but the way the code is written and how the operation is being run. "This is extremely advanced," he says. Experts believe that it will take several years before they truly understand how the cyber weapon works.
Flame's controllers send an individually tailored package to the system they wish to penetrate. The package contains a number of modules with specific tasks. The controllers can turn the individual modules on and off remotely; experts say it is entirely possible that there are modules lying dormant that they haven't yet discovered. According to Schouwenberg, it's probable that Flame was being run in parallel with Stuxnet. "We suspect that there is also a sabotage module; that shifts the whole operation from cyber espionage into cyber sabotage and that is far more dangerous."
How the spyware was inserted into systems that are supposedly secure is not yet known, but Schouwenberg says, "No code is 100 percent secure. Fortunately universities are focusing more on the dangers that accompany errors in programme code." Despite the now well-known risks, governments and companies pay far too little attention to updating their software and on security.
The 2010 discovery of Stuxnet, a sabotage virus specifically targeting Iran's uranium enrichment programme, shook the computer security world. Schouwenberg says, "The order to develop Stuxnet and Flame appeared to originate from the same entity. The coding contains a number of technical hallmarks that we haven't seen anywhere else."
Although both use coding errors in Windows software for printers and USB sticks, the philosophy behind them appears to be different. And, while Stuxnet infected thousands of computers, Flame has only been detected in 382. However, Flame appears to be older than Stuxnet and was probably launched in 2007. Stuxnet was primarily created as a sabotage weapon while Flame is primarily used to collect data.
According to the New York Times, the United States and Israel were the co-creators of Stuxnet. The espionage programme was allegedly started during George W Bush's presidency and continues under Barack Obama. Extrapolating from the New York Times' theory, one could surmise that Flame was also a US-Isreal creation. And indeed, there is a certain logic behind the conclusion, as various Arab countries, along with Iran and Sudan, were targeted by the operation; all countries heavily monitored by Washington in the war on terrorism.
Schouwenberg refuses to speculate as to Flame's origins; there's still no hard evidence to support any theories. However, he asserts that it's obvious that a government doesn't write the program itself but hires experts to do so.
Stuxnet and Flame make it clear that cyber sabotage and cyber espionage are crucial weapons in modern warfare, a sort of 'cyber industrial complex' worth billions of dollars.
Schouwenberg: "cyber warfare is easier, cheaper, and less risky than traditional warfare. There is one large problem though, people blame the attack on certain governments and then launch reprisals, but they launch their countermeasures without any proof whatsoever."