Connect to share and comment

The digital world, explained.

Flame virus: How does it work? Where does it come from?

Experts say there is no doubt that the Flame virus, which targeted Iran's energy sector, was developed by a sophisticated government.
Flame virus 05 31 2012 0Enlarge
OPEC President and Kuwaiti Energy Minister Sheikh Ahmad al-Fahd al-Sabah attends the 135th meeting of the Organisation of Petroleum Countries (OPEC) conference, 340km (211 miles) south of the capital Tehran on March 16, 2005 in Isfahan, central Iran. OPEC will add an actual volume of 500,000 barrels per day to the market in April, al-Sabah said March 16. (Stringer/AFP/Getty Images)

"Flame" — an incredibly sophisticated piece of malware — has become the best known computer malware since the Da Vinci virus from the 1995 film Hackers, making headlines as part of a refined, possibly state-sponsored, cyber-weapon used against Iran.

But what exactly is Flame?

Discovered by researchers at Russia-based Kaspersky Lab, a computer security company, the Flame is a worm that steals data and monitors the digital activity and correspondence of its victims. Not unlike the other fictional piece of malware, the Cylon virus of Battlestar Galactica, the Flame creates backdoors to access computers on a network and spreads through shared files or USB flash drives.

The Flame differs from similar pieces of malware like keyloggers in its level of sophistication. While it can log the keystrokes used on a computer it infects, it can also monitor the computer’s display, keep tabs on voice communication, and monitor the day to day workings of its host network. In short, Flame monitors almost everything that is done on the computer it infects.

More from GlobalPost: Is Iran using hackers to attack the foreign press?

But perhaps more interesting than the technobabble behind the inner workings of the virus is the implications its sophistication has concerning its source of origin. When Kaspersky Lab first revealed its existence in computer networks across the Middle East, especially Iran, analysts acknowledged that the brains behind the malware could very well be a state entity, Most fingers pointed toward Israel. 

Kaspersky senior researcher Roel Schouwenberg said the malware must have been developed by a state. 

When asked by CNET why the Flame was so hard to detect, Schouwenberg said that its stealth is indicative or its origins.

"Clearly it's another multimillion-dollar project with government funding, so one of the top priorities has been stealth," he told CNET.

After the Flame was detected in Iranian oil networks, Tehran said it had no doubt where it came from.

"This virus penetrated some fields. One of them was the oil sector. Fortunately, we detected and controlled this single incident," said Gholam Reza Jalali, who heads an Iranian military unit in charge of fighting sabotage, to the Associated Press.

More from GlobalPost: Anonymous hacker boasts moles inside US government 

And just like every nerd’s most beloved sci-fi father figure, Admiral William Adama of Battlestar Galactica, Iranian computer technicians fought the virus by shutting down all networked links to the Islamic Republic’s oil infrastructure.

Tech industry experts are in agreement that the Flame is not likely the creation of an average hacker wielding a modest botnet, but something that took a good deal of people a lot of time, and a lot of money, to develop.

“Flame is no script kiddy project. It is probably not even an organized crime project. All reports from the anti-virus companies analyzing Flame indicate that it was created by a well-funded professional team of developers,” wrote Eric Byres, co-founder of Tofino Industrial Security.

“But the bad news is that this worm clearly indicates that industry, especially the energy industry, is now a key target in a rapidly growing world of sophisticated, government sponsored malware,” he added.

Regardless of Flame’s origins, it is clear that the modern day spy is less equipped with indelible charm and pen bombs than with computer savvy and a robust knowledge of coding languages. Stuxnet is another computer worm discovered in 2010, found predominantly in systems managing Iran’s uranium enrichment infrastructure.

Flame is not the first evidence of a global cyber-spy war. And, just like Flame, Israel and the US have refused to comment on the digitized weapons of cyber espionage.

More from GlobalPost: US steps up online propaganda war against Yemen militants
 

http://www.globalpost.com/dispatches/globalpost-blogs/the-grid/flame-virus-how-does-it-work-iran-israel-cyber-war

.

Featured Slideshow

The 2013 World Press Photo Awards

Culled from more than 100,000 submissions, these photos represent the best in photojournalism from the past year.