[silk] Flame is Lame

[Udhay Shankar N]

On 12/06/12 12-Jun-2012;6:04 PM, Biju Chacko wrote:

> http://www.f-secure.com/weblog/archives/00002383.html

More on this, for those not following along:

http://www.wired.com/threatlevel/2012/06/us-and-israel-behind-flame/

Report: US and Israel Behind Flame Espionage Tool

    By Kim Zetter
    June 19, 2012 |

The United States and Israel are responsible for developing the
sophisticated espionage rootkit known as Flame, according to anonymous
Western sources quoted in a news report.

The malware was designed to provide intelligence about Iranbs computer
networks and spy on Iranian officials through their computers as part of
an ongoing cyberwarfare campaign, according to the Washington Post.

The program was a joint effort of the National Security Agency, the CIA
and Israelbs military, which also produced the Stuxnet worm that is
believed to have sabotaged centrifuges used for Iranbs uranium
enrichment program in 2009 and 2010.

bThis is about preparing the battlefield for another type of covert
action,b a former high-ranking US intelligence official told the Post.
bCyber collection against the Iranian program is way further down the
road than this.b

Flame was discovered last month by Russia-based antivirus firm Kaspersky
Lab, following reports in Iran that malware aimed at computers belonging
to that countrybs oil industry had wiped data from the computers. In
trying to investigate that issue, Kaspersky came across components of
the Flame malware, which the researcher believed was not directly
connected to the malware that wiped the Iranian computers clean but
which they believed was created by the same nation states behind Stuxnet.

Kaspersky disclosed last week that Flame in fact contained some of the
same code as Stuxnet, directly tying the two pieces of malware together.

According to the Post Flame was designed to infiltrate highly secure
networks in order to siphon intelligence from them, including
information that would help the attackers map a target network. Flame,
as previously reported, can activate a computerbs internal microphone to
record conversations conducted via Skype or in the vicinity of the
computer. It also contains modules that log keyboard strokes, take
screen shots of whatbs occurring on a machine, extract geolocation data
from images and turn an infected computer into a Bluetooth beacon to
siphon information from Bluetooth-enabled phones that are near the computer.

Flame exploited a vulnerability in Microsoftbs terminal service system
to allow the attackers to obtain a fraudulent Microsoft digital
certificate to sign their code, so that it could masquerade as
legitimate Microsoft code and be installed on a target machine via the
Microsoft software update function.

Flame was developed at least five years ago as part of a classified
program code-named Olympic Games, the same program that produced Stuxnet.

bIt is far more difficult to penetrate a network, learn about it, reside
on it forever and extract information from it without being detected
than it is to go in and stomp around inside the network causing damage,b
said Michael V. Hayden, a former NSA director and CIA director who left
office in 2009, told the Post.

Itbs still unclear whether the malware used to attack computers in
Iranbs oil ministry is the same malware now known as Flame. According to
the Post, the attack on the oil ministry computers was directed by
Israel alone, a matter which apparently caught US officials off guard,
according to anonymous sources who spoke with the newspaper.
Kim Zetter

Kim Zetter is a senior reporter at Wired covering cybercrime, privacy,
security and civil liberties.


-- 
((Udhay Shankar N)) ((udhay @ pobox.com)) ((www.digeratus.com))



----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE