From Ali Akbar Dareini and Brian Murphy, the AP: Computer technicians battling to contain a complex virus last month resorted to the ultimate firewall measures – cutting off Internet links to Iran’s Oil Ministry, rigs and the hub for nearly all the country’s crude exports.
At the time, Iranian officials described it as a data-siphoning blitz on key oil networks.
On Wednesday, they gave it a name: A strike by the powerful "Flame" malware that experts this week have called a new and highly sophisticated program capable of hauling away computer files and even listening in on computer users. Its origins remain a mystery, but international suspicion quickly fell on Israel opening another front in its suspected covert wars with archenemy Tehran.
"This virus penetrated some fields. One of them was the oil sector," said Gholam Reza Jalali, who heads an Iranian military unit in charge of fighting sabotage. "Fortunately, we detected and controlled this single incident."
The Flame virus – a mix of cyberspy and hard-drive burglar – has been detected across the Middle East recently. But Iran’s linkage to the oil network attack in April could mark its first major infiltration and suggests a significant escalation in attempts to disrupt Iran’s key commercial and nuclear sites. Iran is one of the world’s leading oil producers.
Two years ago, a virus called Stuxnet tailored to disrupt Iran’s nuclear centrifuges caused some setbacks within its uranium enrichment labs and infected an estimated 16,000 computers, Iranian officials say. At least two other smaller viruses have been detected in nuclear and industrial centers.
The Flame program, however, is widely considered as a technological leap in break-in programming. Some experts also see the same high level of engineering shared by Stuxnet, which many suspect was the work of Israeli intelligence.
"It is very complex and very sophisticated," said Marco Obiso, cybersecurity coordinator at the U.N.’s International Telecommunication Union in Geneva. "It’s one of the most serious yet. . . ."
On the cyber front, Iran says it has sharply boosted its defenses by creating special computer corps to protect crucial online infrastructure. Iran also claims it seeks to build its own Internet buffered from the global web, but experts have raised serious questions about its feasibility. . . .
Experts describe it as a multitasking mole. It can wipe data off hard drives, but also be a tireless eavesdropper by activating audio systems to listen in on Skype calls or office chatter. It also can also take screenshots, log keystrokes and – in one of its more novel functions- steal data from Bluetooth-enabled mobile phones. . . .
Experts describe it as a multitasking mole. It can wipe data off hard drives, but also be a tireless eavesdropper by activating audio systems to listen in on Skype calls or office chatter. It also can also take screenshots, log keystrokes and – in one of its more novel functions- steal data from Bluetooth-enabled mobile phones. (graphic: Alexander Gostev/securelist.com)