Super-stealthy ‘Flame' computer virus spies on Iran -
Published Thursday, May 31, 2012 at 1:00 am / Updated at 6:46 am
Super-stealthy ‘Flame' computer virus spies on Iran

Whenever a high-ranking Iranian politician has sent or received an email in the past two years, a computer virus nicknamed Flame has most likely copied that email and secretly shipped it to an outside computer network.

When a user of an infected Iranian computer typed a password, Flame stole it. When the user opened a sensitive document or instant-messaged a friend or video-chatted with a colleague, Flame nabbed that, too.

Flame, which reportedly has infected hundreds of computers across Iran and the Middle East, is probably the most sophisticated computer virus ever detected, say the experts who discovered it this week.

Flame's sheer size and the information it seeks — it's taking data, not money — probably makes it the handiwork of a government or group of governments, say the experts at Kaspersky, the respected Russian lab that identified the virus.

And Flame may well be the latest weapon in a series of cyberskirmishes that have exploded in size and sophistication in recent years, say local and national computer security experts interviewed by The World-Herald.

In this largely hidden fight, the Chinese and Russian governments are believed to have used computer worms and viruses to steal American government secrets, as well as staggering amounts of proprietary information from U.S. companies.

And the United States and Israel are suspected of collaborating on an earlier computer worm known as Stuxnet, which famously crippled the Iranian nuclear program in 2010.

Flame, by contrast, appears to be spying, not seeking to destroy Iranian computer systems.

“It actually looks a lot like traditional espionage, but how it gets done has changed,” said Robin Gandhi, a University of Nebraska at Omaha computer security expert and professor affiliated with the Peter Kiewit Institute. “This isn't your typical virus. ... The whole point of (Flame) is to be sneaky and stealthy and gather data as you go about your business, never noticing.”

The Iranian government has noticed.

Iranian leaders confirmed that Flame had infected computers inside the country — including those of high-ranking officials and those affiliated with the Iranian oil industry — after the Kaspersky lab first posted evidence of the virus Tuesday. It's unclear how long Flame has been stealing information from selected targets in Iran and the Middle East; Kaspersky experts think it's been active at least two years, while other experts say that's a conservative estimate.

Iran also wasted little time assigning blame — Iranian leaders blasted Israel for being behind the cyberattack. Israeli officials haven't directly confirmed or denied the allegation.

“Anyone who sees the Iranian threat as a significant threat ... it's reasonable that he will take various steps, including these, to harm it,” Moshe Yaalon, Israeli's vice prime minister, said on Israeli government radio.

Computer experts caution that it's far too soon to attribute the cyberattack to any one group or country. It took nearly a year, for example, before research and intelligence leaks pointed to Israel and the United States as the chief suspects in the Stuxnet attack.

In that 2010 attack, the Stuxnet worm burrowed into the computers that control Iran's nuclear centrifuges and made them spin wildly. Experts think that nearly a fifth of the centrifuges spun themselves to pieces, destruction that probably slowed Iran's effort to enrich uranium and potentially build a bomb.

Experts say the Flame worm is fascinating, but for different reasons.

A lot of what Flame does has been done before — malware is readily available that steals emails, takes screen captures and even activates a computer's microphone so it can record audio, said Dr. Herbert Lin, the chief scientist on the Computer Science and Telecommunications Board of the National Academies.

But Flame is exponentially larger than other computer worms. It has the ability to change on the fly, making it harder for targets to defend their computer systems against the ever-morphing virus. And it evidently managed to run undetected for at least two years, an eternity in the computer security world.

“The complexity and functionality of the newly discovered malicious program exceed those of all other cyber menaces known to date,” Kaspersky said in a release announcing the existence of Flame.

What also surprises computer experts is that the public would be at all shocked by Flame's existence.

After all, the computer security company McAfee has estimated that the United States loses $1 trillion annually in intellectual property and other proprietary information taken by either foreign spies or unaffiliated hackers.

Tech stalwarts such as Google and giant defense contractors such as Lockheed Martin and Booz Allen Hamilton have lost staggering amounts of data to hackers, said Gen. Keith Alexander, head of the National Security Agency, in a speech in Omaha last year.

And U.S. military leaders, including those at the Cyber Command overseen by Bellevue-based U.S. Strategic Command, have publicly expressed a desire to improve the military's cyberattack capability.

“We can't just defend,” Alexander said bluntly in his Omaha speech last year, delivered as part of a cybersymposium organized by StratCom.

The U.S. government is backing up this talk with money, funneling millions more into government programs and university research focused on cyberoffense. Foreign governments are doing likewise.

“It would be entirely surprising to me if other governments didn't have their cyberhooks into the United States, trying to understand everything they could about our inner workings,” said Lin, the chief computer scientist at the National Academies. “We've been issuing reports on the risk to the nation for 20 years. ... We've been saying this stuff forever.”

Contact the writer:


Contact the writer: Matthew Hansen    |   402-444-1064    |  

Matthew Hansen is a metro columnist who writes roughly three columns a week focusing on all things Omaha.

Lori Jenkins, charged as accessory in 4 murders, waives speedy trial
Iowa State servers hacked, nearly 30,000 SSNs at risk
New public employee pay data: Douglas, Lancaster, Sarpy Counties, plus utilities
2nd District House race: After 8 terms, Lee Terry knows how D.C. works — and doesn't
Bellevue man is killed at Minnesota dance hall after South Sudanese basketball tourney
Spring corn planting still sputters in Nebraska, Iowa, other key states
Nebraska banking and finance director to retire
19-year-old killed in one-vehicle crash at 72nd & Shirley
Gov. Heineman vetoes bill to ease restrictions on nurse practitioners
U.S. Senate race: State Auditor Mike Foley defends Shane Osborn against ad campaign
Public defender to represent Nikko Jenkins in sentencing
Mid-America Center on track for lower operating loss
Bluffs City Council approves dozens of new numbered street lights
National Law Enforcement Memorial Week set for May
Ted Cruz backs Pete Ricketts' campaign for governor
Omahan charged with 5th-offense DUI after street race causes rollover
2 blocks of Grover Street closed
Safety board report blames pilot error in 2013 crash that killed UNO student, passenger
Omaha man accused in shooting ordered held on $75,000 bail
2 men charged with conspiracy to distribute meth held on $1 million bail each
Waitress who served alcohol to teen before fatal crash gets jail time, probation
La Vista plans meeting on sales tax proposal, 84th Street redevelopment
6-mile stretch of Highway 75 is the road not taken
Database: How much did Medicare pay your doctor?
Millard school board bans e-cigarettes from all district properties, events
< >
Breaking Brad: Into the claw machine! Florida kid follows Lincoln kid's lead
In Fort Lauderdale, Fla., a child climbed inside a claw machine. Hey, Florida kid: Nobody likes a copycat.
Breaking Brad: Even Chuck Hassebrook's throwing mud!
The Nebraska campaigns have turned so ugly, Democrat Chuck Hassebrook lobbed unfounded accusations at an imaginary opponent.
Breaking Brad: Kraft wiener recall is business opportunity for TD Ameritrade Park
Instead of returning the wieners, TD Ameritrade Park is calling them "cheese dogs" and charging double.
Breaking Brad: Photos with the Easter Bunny are so 2010
In a sign of the times, most kids ran out of patience waiting for a photo with the Easter Bunny at the mall, just snapped a selfie and went home.
Kelly: 70 years after a deadly D-Day rehearsal, Omahan, WWII vet will return to Europe
A World War II veteran from Omaha will return this week to Europe to commemorate a tragedy in the run-up to D-Day.
Deadline Deal thumbnail
Steam-A-Way Carpet Cleaning
$50 for 3 rooms and a Hallway up to 600 square feet
Buy Now
< >
Omaha World-Herald Contests
Enter for a chance to win great prizes.
OWH Store: Buy photos, books and articles
Buy photos, books and articles
Travel Snaps Photo
Going on Vacation? Take the Omaha World-Herald with you and you could the next Travel Snaps winner.
Click here to donate to Goodfellows
The 2011 Goodfellows fund drive provided holiday meals to nearly 5,000 families and their children, and raised more than $500,000 to help families in crisis year round.
Want to get World-Herald stories sent directly to your home or work computer? Sign up for's News Alerts and you will receive e-mails with the day's top stories.
Can't find what you need? Click here for site map »