Skip to main content

Symantec: Flame Is Capable of Sabotage, Too

Earlier this week, current and former U.S. and Western national security officials told The Washington Post that the United States and Israel jointly developed Flame, and used it to collect intelligence to help slow Iran's nuclear program. But Iran has claimed the virus also caused data loss on computers in the country's main oil export terminal and Oil Ministry, indicating that Flame was capable of more than just espionage.

Flame was reportedly deployed at least five years ago, but it wasn't made public until last month. Moscow-based Kaspersky Labs was asked by a United Nations agency to look for a virus that Iran said had sabotaged its computers, deleting valuable data. In the process of the investigation, the firm came across the Flame virus, but at the time there was no evidence that it deleted files other than its own when instructed to "cover its tracks."

Now Symantec researcher Vikram Thakur has discovered a component of Flame that allows operators to delete non-Flame files from computers, essentially verifying Iran's complaints. This means it's capable of sabotage as well, causing critical programs to fail or completely disable operating systems by deleting system files. Computers that run critical infrastructure systems, including dams, chemical plants and manufacturing facilities, could be disabled.

"These guys have the capability to delete everything on the computer," Thakur said. "This is not something that is theoretical. It is absolutely there."

So far Symantec's findings still require verification, but companies and security firms are worried about what could happen if Flame ends up in the wrong hands, calling it a highly dangerous tool. Computers are used in various industrial control systems, affecting everything from critical processes at manufacturing plants to the pressure inside water networks. Shutting them down would be bad.

"Many of our utilities have connected their operational management to the Internet to save costs," said Neil Fisher, vice president for global security solutions at Unisys. "Water, gas, electricity certainly constitute the critical national infrastructure. Dysfunction of those ... systems could have uncomfortable consequences for a large number of people."

On Thursday Iran made additional complaints about cyber attacks, reporting that it detected plans made by the United States, Israel and Britain. Apparently the trio plans to launch a massive strike after the breakdown of talks over Tehran's nuclear activities. So far it's not clear if the cyber attack referred to Flame, or a new virus.

Boldizsár Bencsath, an expert on cyber warfare with Hungary's Laboratory of Cryptography and System Security, is quite sure Flame was used to attack Iran back in April -- at least 70-percent sure, that is.

"Of course it can be used for sabotage," he told Reuters. "It may have been used to attack critical infrastructure and it may be used in the future."