In April 2012 Iranian officials started disconnecting their oil terminals from the internet. It was not the first time they had to isolate their machinery. In 2010 Stuxnet malware was uncovered, which brought chaos to their nuclear plants, and disabled and degraded about one thousand uranium enrichment centrifuges. Stuxnet was rightly dubbed the most complex piece of code ever written.
But this time they uncovered something entirely different. Flame malware is said to have infected more than a thousand machines in the Middle East, with a vast majority in Iran. Unlike Stuxnet, the intention was not to corrupt or destroy, but to gather information. Furthermore, the code itself was easily modifiable in real time, with controlled spreading capabilities, and over 80 Command and Control (C&C) servers.
Flame developers had no monetary gains in mind, at least not direct ones, and a reasonable guess would be to pin this to a nation-state operation. The appearance of such malware like Stuxnet, Duqu, and Flame detach cyber warfare from a movie screen and reveal the broad, and frightening, capabilities to use programming for warlike purposes. Let’s dive in to see what makes Flame unique and a severe threat to privacy and cyber security.
Flame is an extremely sophisticated attack tool kit. Its functions exceed the boundaries of viruses, worms, or Trojans. However, it exhibits worm-like behavior when it comes to replication and infection of a local network; Trojan behavior because it opens a backdoor to an infected system, enabling remote access and control; and Spyware in its primary goal to collect information.
https://infiniteunknown.net/2012/06/14/flame-steals-data-even-when-computers-are-not-connected-to-the-internet/ img: Install-Flame.jpg
Unlike most of the malware out there, Flame is extraordinarily big, reaching up to 20MB in size. Most malware developers strife to be undetected for as long as possible, thus creating small, undetectable software. This was not the case with Flame. Even though it remained undetected for at least a few years, it was developed with the capacity to add additional functions per unique situation. Furthermore, LUA programming language, which is frequently used in game development, was also deployed to code high order logic functions.
To narrow it down, Flame is Spyware. Its ultimate goal is to gather private information. Let’s go point by point what Flame can do:
https://www.wired.com/2012/05/flame/ img: Flame-Infection-Methods.jpg
Some more features are in there, but these are the main components that allowed Flame to do its work. Plugin-like features that permitted installation of different modules on request is the reason behind the 20MB size.
First of all, There is a relevant political context to be taken into consideration when talking about Flame or Stuxnet. Both of these attacks targeted the Middle East, specifically Iran. There’s a widespread opinion that Equation group is behind it and that both campaigns were the joint effort of American and Israeli governments. However, I wouldn’t want to go into speculation, but the lack of monetary gain and clear political goals point there’s a nation-state behind it.
https://www.wired.com/2012/05/flame/ img: Flame-Infection-Map_Kaspersky.jpg
Second, Flame reveals the high level of sophistication when it comes to espionage. Having Google or Facebook scraping their user’s data is one thing, but specific targeting, stealth, penetration of sophisticated security systems, — this brings cyber espionage to a whole new level. Furthermore, Flame was able to exploit zero-day vulnerabilities of Microsoft systems, and pretend to be a regular Microsoft update, pointing to security flaws in the major worldwide operating system.
Third, Flame is not gone. Currently, Flame 2.0 is discussed because of considerable similarities to the original code. Furthermore, due to a high modification level, it might’ve been that the modules have been transformed in such a way, and stronger encryption has been applied, for it to be an original piece of code in different packaging. So far, Flame remains the most sophisticated cyber espionage tool ever made.
<a href="https://medium.com/media/3c851dac986ab6dbb2d1aaa91205a8eb/href">https://medium.com/media/3c851dac986ab6dbb2d1aaa91205a8eb/href</a>