Israel Seen Fanning Flame of New SpywareTop Government Official Hints Israel is Behind Complex Malware
Israel is being blamed - or, perhaps, taking credit - for the creation of Flame, the sophisticated cyber-espionage malware that has targeted organizations in the Middle East, especially its mortal enemy, the government of Iran (see Massive, Advanced Cyberthreat Uncovered).
See Also: Gartner Magic Quadrant for APM
"Anyone who sees the Iranian threat as a significant threat - it's reasonable [to assume] that he will take various steps, including these, to harm it," Israel Vice Prime Minister and Strategic Affairs Minister Moshe Ya'alon tells Israel Army Radio, according to a report by the newspaper Haaretz.
"Israel was blessed as being a country rich with high-tech; these tools that we take pride in open up all kinds of opportunities for us," Ya'alon says.
On May 31, a spokesman for Ya'alon, when asked to clarify the minister's comments, told the BBC: "There was no part of the interview where the minister has said anything to imply that Israel was responsible for the virus."
Still, it's not just Ya'alon's words but other facts that suggest Israel may be behind Flame.
First off, Flame could be the most complex, sophisticated malware ever created. When fully deployed, Flame is nearly 20 megabytes in size. Few entities have the wherewithal to create such a monster program. "Flame can easily be described as one of the most complex threats ever discovered," says Alex Gostev, who as chief security expert at Kaspersky Lab has analyzed Flame. "It's big and incredibly sophisticated. It pretty much redefines the notion of cyberwar and cyber-espionage."
Gostev points out that three known classes of players develop malware and spyware: cybercriminals, hacktivists and nation states. "Flame is not designed to steal money from bank accounts; it is also different from rather simple hack tools and malware used by the hacktivists.," he writes in his blog. "So by excluding cybercriminals and hacktivists, we come to conclusion that it most likely belongs to the third group. In addition, the geography of the targets (certain states are in the Middle East) and also the complexity of the threat leaves no doubt about it being a nation state that sponsored the research that went into it."
According to Gostev, the attacker(s) targeted institutions in Middle Eastern nations, particularly Iran. Israel has been aggressively campaigning for other nations to prevent Iran from producing weapons-grade uranium, and the 2010 Stuxnet cyberattack that disabled nuclear centrifuges at Iran's Natanz nuclear enrichment lab was seen by many to have been instigated by Israel, conceivably with the support of the United States. Israel has threatened to attack Iranian nuclear facilities with military weapons if Iran develops a nuclear weapon. Don't discount America's participation in the creation of Flame.
Spyware Targets Mideast
Source: Kaspersky Lab
Also, in identifying the Mideast nation that Flame targeted, Gostev included Israel/Palestine, combining the two homelands as one. If Israel is behind Flame, the targets in so-called Israel/Palestine would likely be in the occupied territories and/or Gaza, which is under Palestinian control.
Unlike Stuxnet and its kin malware Duqu, Flame hasn't yet been used to cause direct damage (or no evidence of damage has surfaced); instead it's designed to steal information in a variety of formats, including audio. "Of course," Gostev says, "like we have seen in the past, such highly flexible malware can be used to deploy specific attack modules, which can target SCADA (supervisory control and data acquisition) devices, ICS (incident command systems), critical infrastructure and so on."
Two years ago, many cybersecurity experts contended that cyberwar could only exist as a component of kinetic warfare. But Flame, Stuxnet and Duqu make it harder to buy the argument. In fact, other nations likely are creating their own cyberweaponry.
"We have to assume that every country is trying to do exactly the same thing: create cyberweapons," Roger Thompson, chief emerging threats researcher for ICSA Labs, an independent division of Verizon Business, writes. "If they weren't doing it prior to the disclosure of Stuxnet/Duqu, they began right after, and [Flame] is now vigorously fanning the flames."