Tuesday, June 05, 2012

  • Tuesday, June 05, 2012
  • Elder of Ziyon
From YNet:
Researchers at the Kaspersky Lab said Tuesday that one of the Flame virus' main objectives was to copy confidential technical drawings pertaining to Iran's secret military and nuclear facilities.

"Flame" hit Iran in late may and has since been hailed as "the most sophisticated cyber-bomb to date."

Tehran said it was able to contain the malware, but had admitted that significant amounts of data have been corrupted.

According to the BBC report, the hackers controlling Flame "used a number of complex fake identities in order to carry out their plans."

Kaspersky's researches said that the fake identities – complete with fake addresses and billing information – were "used to register more than 80 domain names used to distribute the malware."

Researchers were also able to put together statistics on the extent of the Flame strike. The information was gathered via "sinkholing."

Vitaly Kamluk, a senior researcher at Kaspersky, explained that, "Sinkholing is a procedure when we discover a malicious server - whether it is an IP address or domain name - which we can take over with the help of the authorities or the (domain) registrar.

"We can redirect all the requests from the victims from infected machines to our lab server to register all these infections and log them," the BBC quoted him further.

Kamluk added that the attackers had a "high interest in AutoCad drawings, in addition to PDF and text files"; further cementing reports suggesting the Flame was on a complex reconnaissance mission.

"They were looking for the designs of mechanical and electrical equipment," Prof. Alan Woodward, from the University of Surrey, told the BBC.
The thing is, Kaspersky seems to be overstating Flame's sophistication.

The Register, a well-regarded British security publication, says:
Flame may be big in size but it's nothing like the supposedly devastating cyberwarfare mega-weapon early reports of the malware suggested. This new nasty is quite complex by design, yet researchers are still hunting for any truly evil and innovative attack techniques, or similar threats, within the code.

Rather than redefining cyberwar and cyberespionage, as Kasperky researchers initially claimed amid Iranian warnings that the malware was "a close relation to the Stuxnet and Duqu targeted attacks", Flame is bloated and overhyped, according to rival security vendors.

Flame is a precise attack toolkit rather than a general-purpose cyber-weapon, the argument goes. It hasn't spread very far and might well be restricted to systems administrators of Middle East governments.

"While it really doesn't do anything we haven't seen before in other malware attacks — what’s really interesting is that it weaves multiple techniques together and dynamically applies them based on the capabilities of the infected system," Patrik Runald of Websense explains.

"Also, Flame has been operating under the radar for at least two years, which counter-intuitively may partially be attributed to its large size."

...A lot was made of the modular design of Flame but this isn't new either. Chris Wysopal (AKA Weld Pond), a former member of Boston-area hacking collective L0pht and who later founded the application security firm VeraCode, noted with some disdain that the Back Orifice 2000 hacker tool included modular functionality when it came out 12 years ago.

Hungarian security researchers at CrySyS reckon that Flame was "developed by a government or nation state with significant budget and effort", the one point on which there's general agreement.

The experts reckon a military sub-contractor was likely to have carried out the work rather than an intelligence agency. To support this theory, it cites job adverts by Northrop Grumman for a software engineer to work on offensive cyberspace missions. Lots of other defence contractors, including Lockheed Martin and Raytheon, have positions for this type of project, F-Secure adds.
As far as registering Internet domains with fake credentials - that is ridiculously easy to do, hardly an indication of a super spy network. Many domain registrars don't require proof of identity.

No doubt Flame was created by a government, and no doubt it is powerful, but the original description was filled with hype. Its looking for AutoCAD drawings, not to mention its Bluetooth sniffing, indicates it is an espionage tool.

It is not unusual for directed malware, meant only for a small geographic area and only infecting a comparatively tiny number of machines, to not be noticed for years.

Which means that it is entirely possible that there are lots of Flames out there.

EoZTV Podcast

Podcast URL

Subscribe in podnovaSubscribe with FeedlyAdd to netvibes
addtomyyahoo4Subscribe with SubToMe

follow me

search eoz

Loading...

Recent posts from other blogs

comments

Speaking

Follow by Email

Contact

elder -at- elderofziyon dot com

translate

E-Book

For $18 donation








Sample Text

EoZ's Most Popular Posts Ever

Hasbys!

Elder of Ziyon - حـكـيـم صـهـيـون

Elder of Ziyon - حـكـيـم صـهـيـون
This blog may be a labor of love for me, but it takes a lot of effort, time and money. For over 11 years and over 23,000 articles I have been providing accurate, original news that would have remained unnoticed. I've written hundreds of scoops and sometimes my reporting ends up making a real difference. I appreciate any donations you can give to keep this blog going.

Donate!

Monthly subscription:
Payment options

One time donation:

Tweets

Compliments

The Jerusalem Report:"A seemingly indefatigable one-man operation, armed only with a computer, chutzpa and stamina."

Algemeiner: "Fiercely intelligent and erudite"

Omri: "Elder is one of the best established and most respected members of the jblogosphere..."
Atheist Jew:"Elder of Ziyon probably had the greatest impression on me..."
Soccer Dad: "He undertakes the important task of making sure that his readers learn from history."
AbbaGav: "A truly exceptional blog..."
Judeopundit: "[A] venerable blog-pioneer and beloved patriarchal figure...his blog is indispensable."
Oleh Musings: "The most comprehensive Zionist blog I have seen."
Carl in Jerusalem: "...probably the most under-recognized blog in the JBlogsphere as far as I am concerned."
Aussie Dave: "King of the auto-translation."
The Israel Situation:The Elder manages to write so many great, investigative posts that I am often looking to him for important news on the PalArab (his term for Palestinian Arab) side of things."
Tikun Olam: "Either you are carelessly ignorant or a willful liar and distorter of the truth. Either way, it makes you one mean SOB."
Mondoweiss commenter: "For virulent pro-Zionism (and plain straightforward lies of course) there is nothing much to beat it."
Didi Remez: "Leading wingnut"

Interesting Blogs

Categories

Abbas liar Academic fraud administrivia al-Qaeda algeria American Jews Amnesty analysis anti-semitism apartheid arab refugees Arafat archaeology art ASHREI B'tselem bahrain bbc BDS BDSFail Bedouin Beitunia beoz book review breaking the silence Cardozo Chanukah Christians conspiracy theories Cyprus Daphne Anson Davis report DCI-P double standards Egypt Elder gets results ElderToons Electronic Intifada EoZNews eoztv Erekat EU Euro-Mid Observer Fake Civilians 2014 Fatah featured fisking flotilla free gaza freedom of press palestinian style future martyr gaza Gaza Platform George Galloway gideon levy gilad shalit gisha Goldstone Report Good news Grapel Guardian gunness hamas Hamas war crimes hasbara Hasby 2014 Hasby 2016 Hebron helen thomas hezbollah history Hizballah Holocaust denial honor killing HRW Human Rights Humanitarian crisis humor Hypocrisy ICRC Ilan Pappe impossible peace incitement international law intransigence iran Iraq Islamism Israel Loves America Israeli culture Israeli high-tech J Street jabalya jeremy bowen Jerusalem jewish fiction Jewish Voice for Peace jihad jimmy carter John Kerry jokes jonathan cook Jordan Juan Cole Judea-Samaria Kairos Karl Vick ken roth khalid amayreh Khaybar Lebanon leftists Linkdump lumish mahmoud zahar Malaysia max blumenthal McGraw-Hill media bias Methodist Miftah Mohammed Assaf Mondoweiss moonbats music Muslim Brotherhood Nakba Natural gas Nazi NGO NIF norpac NYT Occupation offbeat oxfam PA corruption PalArab lies Palestine Papers pallywood pchr PCUSA Peter Beinart poll Poster Preoccupied Prisoners propaganda Proud to be Zionist purimshpiel Qaradawi Qassam calendar Rafah Ray Hanania real liberals reference Richard Falk rogel alpher roger cohen roger waters Saudi Arabia saudi vice self-death self-death palestinians sex crimes SFSU shechita sheikh tamimi Shujaiyeh SodaStream South Africa Speech stamps Syria Tarabin Temple Mount Terrorism This is Zionism Thomas Friedman Tunisia Turkey UCI UK UN unesco unhrc United Arab Emirates Unity unrwa UNRWA hate unrwa reports UNRWA-USA Vic Rosenthal Washington wikileaks work accident X-washing Yemen zahran zionist attack zoo Zvi

Blog Archive

subscribe via email