Symantec: Flame can sabotage computer files
Flame is not only capable of espionage but the virus can also sabotage computer systems and likely was used to attack Iran in April, according to Symantec.
Iran had previously blamed Flame for causing data loss on computers in the country’s main oil export terminal and oil ministry. But prior to Symantec’s discovery, cyber experts had only unearthed evidence that proved Flame could spy on conversations on the computers it infects and steal data.
Symantec researcher Vikram Thakur said that the company has now identified a component of Flame that allows operators to delete files from computers, which means it can cause critical programs to fail or completely disable operating systems.
“These guys have the capability to delete everything on the computer,” Thakur said. “This is not something that is theoretical. It is absolutely there.”
These guys have the capability to delete everything on the computer
Researchers have been racing to better understand Flame’s capabilities ever since Moscow-based Kaspersky Lab uncovered it last month after the security firm was asked by a United Nations agency to look for a virus that Iran said had sabotaged its computers, deleting valuable data.
Last week, researchers at Kaspersky Lab linked some of the software code in Flame to the Stuxnet cyber weapon, which was widely believed to have been used by the United States and Israel to attack Iran’s nuclear program. Symantec later also said Stuxnet and Flame shared some code.
Iran complained about the threat of cyber attacks again this week, saying it had detected plans by the United States, Israel and Britain to launch a “massive” strike after the breakdown of talks over Tehran’s nuclear activities. It was not clear if the cyber attack referred to Flame, or a new virus.
Symantec declined to comment on who the firm believes is behind Flame.
Infrastructure at risk
If Symantec’s conclusions are validated, that means Flame could be used as a weapon to attack computers that run critical infrastructure systems, including dams, chemical plants and manufacturing facilities, security specialists said.
Sean McGurk, a former Department of Homeland Security official who helped direct the US effort to protect critical infrastructure from cyber attacks, said that Flame was not the first piece of malicious software designed to sabotage systems by deleting data.
What makes it unique, he said, is that the data-wiping module works alongside a suite of other programs including the espionage tools that have previously been identified. “It could render computing devices useless,” said McGurk.
That presents a threat for industrial control systems, affecting everything from critical processes at manufacturing plants to the pressure inside water networks. “Cyber elements can have catastrophic impacts,” he said.
Neil Fisher, vice president for global security solutions at Unisys, said Symantec’s findings – if verified – mean that Flame could be “highly dangerous.”
“Many of our utilities have connected their operational management to the internet to save costs,” he said. “Water, gas, electricity certainly constitute the critical national infrastructure,” he added. “Dysfunction of those … systems could have uncomfortable consequences for a large number of people.”