This article is from the source 'bbc' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.
You can find the current article at its original source at http://www.bbc.co.uk/news/technology-18238326#sa-ns_mchannel=rss&ns_source=PublicRSS20-sa
The article has changed 4 times. There is an RSS feed of changes available.
| Version 0 | Version 1 |
|---|---|
| Flame: Massive cyber-attack discovered, researchers say | Flame: Massive cyber-attack discovered, researchers say |
| (40 minutes later) | |
| By Dave Lee Technology reporter, BBC News | By Dave Lee Technology reporter, BBC News |
| A complex targeted cyber-attack that collected private data from countries such as Israel and Iran has been uncovered, researchers have said. | A complex targeted cyber-attack that collected private data from countries such as Israel and Iran has been uncovered, researchers have said. |
| Russian security firm Kaspersky Labs told the BBC they believed the malware, known as Flame, had been operating since August 2010. | Russian security firm Kaspersky Labs told the BBC they believed the malware, known as Flame, had been operating since August 2010. |
| The company said it believed the attack was state-sponsored, but could not be sure of its exact origins. | The company said it believed the attack was state-sponsored, but could not be sure of its exact origins. |
| They described Flame as "one of the most complex threats ever discovered". | They described Flame as "one of the most complex threats ever discovered". |
| In the past, targeted malware - such as Stuxnet - has targeted nuclear infrastructure in Iran. | |
| Others like Duqu have sought to infiltrate networks in order to steal data. | Others like Duqu have sought to infiltrate networks in order to steal data. |
| This new threat appears not to cause physical damage, but to collect huge amounts of sensitive information, said Kaspersky's chief malware expert Vitaly Kamluk. | This new threat appears not to cause physical damage, but to collect huge amounts of sensitive information, said Kaspersky's chief malware expert Vitaly Kamluk. |
| "Once a system is infected, Flame begins a complex set of operations, including sniffing the network traffic, taking screenshots, recording audio conversations, intercepting the keyboard, and so on," he said. | "Once a system is infected, Flame begins a complex set of operations, including sniffing the network traffic, taking screenshots, recording audio conversations, intercepting the keyboard, and so on," he said. |
| More than 600 specific targets were hit, Mr Kamluk said, ranging from individuals, businesses, academic institutions and government systems. | More than 600 specific targets were hit, Mr Kamluk said, ranging from individuals, businesses, academic institutions and government systems. |
| Iran's National Computer Emergency Response Team posted a security alert stating that it believed Flame was responsible for "recent incidents of mass data loss" in the country. | |
| Iran and Israel | Iran and Israel |
| Mr Kamluk said the size and sophistication of Flame suggested it was not the work of independent cybercriminals, and more likely to be government-backed. | Mr Kamluk said the size and sophistication of Flame suggested it was not the work of independent cybercriminals, and more likely to be government-backed. |
| He explained: "Currently there are three known classes of players who develop malware and spyware: hacktivists, cybercriminals and nation states. | He explained: "Currently there are three known classes of players who develop malware and spyware: hacktivists, cybercriminals and nation states. |
| "Flame is not designed to steal money from bank accounts. It is also different from rather simple hack tools and malware used by the hacktivists. So by excluding cybercriminals and hacktivists, we come to conclusion that it most likely belongs to the third group." | "Flame is not designed to steal money from bank accounts. It is also different from rather simple hack tools and malware used by the hacktivists. So by excluding cybercriminals and hacktivists, we come to conclusion that it most likely belongs to the third group." |
| Among the countries affected by the attack are Iran, Israel, Sudan, Syria, Lebanon, Saudi Arabia and Egypt. | Among the countries affected by the attack are Iran, Israel, Sudan, Syria, Lebanon, Saudi Arabia and Egypt. |
| "The geography of the targets and also the complexity of the threat leaves no doubt about it being a nation-state that sponsored the research that went into it," Mr Kamluk said. | "The geography of the targets and also the complexity of the threat leaves no doubt about it being a nation-state that sponsored the research that went into it," Mr Kamluk said. |
| The malware is capable of recording audio via a microphone, before compressing it and sending it back to the attacker. | The malware is capable of recording audio via a microphone, before compressing it and sending it back to the attacker. |
| It is also able to take screenshots of on-screen activity, automatically detecting when "interesting" programs - such as email or instant messaging - were open. | It is also able to take screenshots of on-screen activity, automatically detecting when "interesting" programs - such as email or instant messaging - were open. |
| 'Industrial vacuum cleaner' | 'Industrial vacuum cleaner' |
| Kaspersky's first recorded instance of Flame is in August 2010, although it said it is highly likely to have been operating earlier. | Kaspersky's first recorded instance of Flame is in August 2010, although it said it is highly likely to have been operating earlier. |
| Prof Alan Woodward, from the Department of Computing at the University of Surrey said the attack is very significant. | Prof Alan Woodward, from the Department of Computing at the University of Surrey said the attack is very significant. |
| "This is basically an industrial vacuum cleaner for sensitive information," he told the BBC. | "This is basically an industrial vacuum cleaner for sensitive information," he told the BBC. |
| He explained that unlike Stuxnet, which was designed with one specific task in mind, Flame was much more sophisticated. | He explained that unlike Stuxnet, which was designed with one specific task in mind, Flame was much more sophisticated. |
| "Whereas Stuxnet just had one purpose in life, Flame is a toolkit, so they can go after just about everything they can get their hands on." | "Whereas Stuxnet just had one purpose in life, Flame is a toolkit, so they can go after just about everything they can get their hands on." |
| Once the initial Flame malware has infected a machine, additional modules can be added to perform specific tasks - almost in the same manner as adding apps to a smartphone. | Once the initial Flame malware has infected a machine, additional modules can be added to perform specific tasks - almost in the same manner as adding apps to a smartphone. |