'Flame' Malware Designed For Spying, Not 'Cyber War'

The latest entrant in the arsenal of advanced cyber packages deployed by governments or corporations for use against their adversaries is a piece of malicious software dubbed "Flame." The malware contains a wide variety of espionage tools, including a feature that activates the internal microphone in personal computers and enables the user to monitor a target's conversation. In terms of sophistication, Flame has been compared to the Stuxnet worm, which can physically destroy industrial equipment. But experts say Flame is not a cyber weapon and its emergence as another espionage tool is not without precedent.

Copyright © 2012 NPR. For personal, noncommercial use only. See Terms of Use. For other uses, prior permission required.

MELISSA BLOCK, HOST:

This is ALL THINGS CONSIDERED from NPR News. I'm Melissa Block.

ROBERT SIEGEL, HOST:

And I'm Robert Siegel.

Security firms have identified a huge, sophisticated computer virus. It allows governments to steal data from their adversaries. It's called Flame. And the virus has apparently been around for as long as five years without being detected. Cyber researchers say they've only just begun to study it.

NPR's Tom Gjelten tells us more about Flame.

TOM GJELTEN, BYLINE: Governments and companies are constantly being told their secret data are at risk of being stolen, but sometimes it only sinks in when there's new evidence of a really successful example of computer theft. This virus called Flame is the latest case. Like other malicious software, the Flame program allows its users to penetrate an adversary's network and suck up everything it can find - everything.

JEFFREY CARR: You know, it's not just a normal vacuum. It's a super vacuum.

GJELTEN: Cyber researcher Jeffrey Carr says Flame is a very large program that probably took years to engineer. The package includes a wide variety of attack tools, giving its user an extraordinary capability to gather all manner of intelligence.

CARR: It's able to collect every type of data that a company might have. And that includes listening in on conference calls, using a recording feature, and then compressing that and exfiltrating it out of the network. It's pretty remarkable in terms of the tool sets that it contains.

GJELTEN: The Flame virus was first reported by a Russian cyber researcher, Eugene Kaspersky, whose security lab classified it as a cyber weapon and said it was one of the most complex threats ever discovered. But other cybersecurity researchers today scoffed at that assessment, including Jeffrey Carr, who wrote a book called "Inside Cyber Warfare."

CARR: This is clearly a tool used to steal data. Stealing data is known as espionage. It's not warfare.

GJELTEN: The Kaspersky lab is comparing the Flame virus to Stuxnet, the computer worm used to physically disable centrifuges key to Iran's nuclear program. Stuxnet was clearly a weapon.

James Lewis at the Center for Strategic and International Studies says Flame belongs instead alongside the many other software programs designed by governments to help them steal commercial and security secrets from their adversaries.

JAMES LEWIS: We keep stumbling across these programs and we act surprised. You know, this is the third or fourth of these big major collection programs that we've bumped into. Golly, what a shock. No, this is going on every day.

GJELTEN: Many of these big computer theft programs have been traced to the Chinese. But Dave Aitel, a cyber researcher who specializes in the study of software such as this, notes a somewhat unusual pattern to infections from the Flame virus.

DAVE AITEL: A lot of these were actually in the Palestinian Territories, which is second only to Iran in terms of where the infections have been. And I think that's a very interesting indicator of who was doing it, in a sense of who would actually be interested in information from the Palestinian Territories. Obviously this is something that was tied into a larger plan of doing strategic espionage against real groups who were considered a threat.

GJELTEN: Fingers today, not surprisingly, were already pointing at Israel and the U.S. as likely perpetrators of the Flame virus, even though some Flame infections were in Israel. No comment from either government.

Other researchers noted that the Kaspersky firm is close to the Russian government. Russia is pushing for an international cyber peace treaty, and depicting the Flame virus as a dangerous new cyber weapon could help that campaign.

Dave Aitel, the cyber researcher, says the significance of the Flame discovery may simply be that it shows that governments and companies can't seem to stop cyber intrusions.

AITEL: When they say Flame has been around for five years, that's a long time for any piece of software to be widely deployed without causing problems and eventually getting caught.

GJELTEN: And it probably means there are many other computer viruses out there, as yet undetected.

Tom Gjelten, NPR News, Washington.

Copyright © 2012 NPR. All rights reserved. No quotes from the materials contained herein may be used in any media without attribution to NPR. This transcript is provided for personal, noncommercial use only, pursuant to our Terms of Use. Any other use requires NPR's prior permission. Visit our permissions page for further information.

NPR transcripts are created on a rush deadline by a contractor for NPR, and accuracy and availability may vary. This text may not be in its final form and may be updated or revised in the future. Please be aware that the authoritative record of NPR's programming is the audio.

Comments

 

Please keep your community civil. All comments must follow the NPR.org Community rules and terms of use, and will be moderated prior to posting. NPR reserves the right to use the comments we receive, in whole or in part, and to use the commenter's name and location, in any medium. See also the Terms of Use, Privacy Policy and Community FAQ.