Skip to main content

Symantec: Flame Is Capable of Sabotage, Too

Earlier this week, current and former U.S. and Western national security officials told The Washington Post that the United States and Israel jointly developed Flame, and used it to collect intelligence to help slow Iran's nuclear program. But Iran has claimed the virus also caused data loss on computers in the country's main oil export terminal and Oil Ministry, indicating that Flame was capable of more than just espionage.

Flame was reportedly deployed at least five years ago, but it wasn't made public until last month. Moscow-based Kaspersky Labs was asked by a United Nations agency to look for a virus that Iran said had sabotaged its computers, deleting valuable data. In the process of the investigation, the firm came across the Flame virus, but at the time there was no evidence that it deleted files other than its own when instructed to "cover its tracks."

Now Symantec researcher Vikram Thakur has discovered a component of Flame that allows operators to delete non-Flame files from computers, essentially verifying Iran's complaints. This means it's capable of sabotage as well, causing critical programs to fail or completely disable operating systems by deleting system files. Computers that run critical infrastructure systems, including dams, chemical plants and manufacturing facilities, could be disabled.

"These guys have the capability to delete everything on the computer," Thakur said. "This is not something that is theoretical. It is absolutely there."

So far Symantec's findings still require verification, but companies and security firms are worried about what could happen if Flame ends up in the wrong hands, calling it a highly dangerous tool. Computers are used in various industrial control systems, affecting everything from critical processes at manufacturing plants to the pressure inside water networks. Shutting them down would be bad.

"Many of our utilities have connected their operational management to the Internet to save costs," said Neil Fisher, vice president for global security solutions at Unisys. "Water, gas, electricity certainly constitute the critical national infrastructure. Dysfunction of those ... systems could have uncomfortable consequences for a large number of people."

On Thursday Iran made additional complaints about cyber attacks, reporting that it detected plans made by the United States, Israel and Britain. Apparently the trio plans to launch a massive strike after the breakdown of talks over Tehran's nuclear activities. So far it's not clear if the cyber attack referred to Flame, or a new virus.

Boldizsár Bencsath, an expert on cyber warfare with Hungary's Laboratory of Cryptography and System Security, is quite sure Flame was used to attack Iran back in April -- at least 70-percent sure, that is.

"Of course it can be used for sabotage," he told Reuters. "It may have been used to attack critical infrastructure and it may be used in the future."

  • kracker
    Symantec. Meh.
    Reply
  • jojesa
    They had Norton antivirus in their systems. ;)
    Reply
  • gerchokas
    Not-so-distant future: "..and the Flame Virus ate my homework ms johnson" :)

    On a more serious note, I think critical systems like those in dams, nuclear plants or others should never be connected to the internet - private firms may want to lower the costs of mantainance but one cant imagine the Big problem we'd face if something went wrong with one or many of them...
    Reply
  • A Bad Day
    "Many of our utilities have connected their operational management to the Internet to save costs,"
    Seriously?
    Reply
  • burmese_dude
    Too bad this virus isn't capale Khamenei and Ahmadinejad flame-on gays. The world could be a better place if both were. Might be more tolerating and accepting of others, peaceful.
    Reply
  • Hax0r778
    A Bad Day"Many of our utilities have connected their operational management to the Internet to save costs,"Seriously?
    Yeah, it's the only thing that makes sense. The utilities need a way to communicate between stations which are miles and miles apart. Their options are to dig trenches and lay thousands of miles of copper / fiber between every one or to just connect to the internet at each site and use an encrypted protocol to communicate. This is far cheaper because the cost of laying the fiber is then shared by everyone using the internet.
    Reply
  • freggo
    Lord knows what surprises may lurk in the Billion+ transistors of today's CPUs and it's microcode.

    Reply
  • eddieroolz
    This is one marvel of computer programming I must say. I just dearly hope that the Anonymous or other malicious groups don't get their hands on it.
    Reply
  • _Cubase_
    Ahhh. The digital age... USA takes on Iran in a Flame war.
    Reply
  • altriss
    what could happen if Flame ends up in the wrong hands
    Without being extremist, I don't think Israel hands are good ones. This state is showing us for years now how extreme they are by bombing schools or hospitals. Wikileaks revealed how they tried everything to slow down the peace process in order to build even more illegal colonies. I don't feel glad they have such kind of tools, from my point of view this government is not better than the Iran's one, just less pointed out by the media.
    Reply