Thousands of computers in Iran belonging to government agencies and private companies have been infected with a highly sophisticated virus, dubbed Flame, in the latest cyberstrike against the Islamic Republic, said cybersecurity experts and Iran's telecommunications ministry.
The malware was widely detected across the Middle East in Syria, Israel and the Palestinian Authority, as well as in other parts of the world, but Iran has the largest number of infected computers, experts said.
At least three times since 2010, Iran has been targeted with sophisticated computer viruses such as Stuxnet, Duqu and Wiper. These viruses have disabled centrifuges for enriching uranium, stolen data from nuclear facilities and erased computers at the oil ministry.
The aim of Flame, said experts at Kaspersky Lab, a Russian information-technology security firm that reported the virus on Monday, was espionage, not physical damage or system interruption.
Flame, which Kaspersky said has been in operation since March 2010, was still active as of Monday morning, Alexander Gostev of Kaspersky Lab said. But after Kaspersky reported the existence of the virus publicly, Flame's operators immediately set about shutting the servers, an effort to protect the stolen data and hide the source of the virus. By Tuesday, Flame had become inactive, he said. "They are trying to hide."
The creation and operation of the Flame virus must have required a large staff, Mr. Gostev said. He estimated that at least 20 specialists would have been required to create and maintain the cyberweapon, similar to estimates of how many people invented and worked on Stuxnet.
Independent security experts said the scope of its complexity and method of operation suggests Flame was sponsored by a nation-state. It wouldn't be economically feasible, they argued, for a private corporation to run such a large-scale international cyberattack. Another reason a state is suspected is that the virus is designed to gather information but has no clear monetizing function.
Iran on Tuesday said it was a victim of cyberwarfare by Israel and the U.S., the semiofficial Fars news agency reported.
"It's in the nature of some countries and illegitimate regimes to spread viruses and harm other countries. We hope these viruses dry out," Ramin Mehmanparast, Iran's Foreign Ministry spokesman, said on Tuesday.
Iran's computer emergency response team, known as Maher, a branch of the telecommunication ministry, said on Tuesday that it was sharing research information on the virus for the first time ever on its website. Maher posted a link to antivirus software developed by its researchers to remove Flame and offered assistance to any infected organization.
Maher also said Flame was linked to an earlier cyberattack that erased data. In March, Wiper disrupted internal Internet communications at Iran's oil ministry and stole massive amounts of data.
Flame is the biggest and most high-functioning cyberweapon ever discovered, various cybersecurity experts said. It is comprised of multiple files that are 20 times larger than Stuxnet and carry about 100 times more code than a basic virus, experts said.
The most alarming feature, experts said, is that Flame can be highly versatile, depending on instructions by its controller. The malware can steal data and social-network conversations, take snapshots of computer screens, penetrate across networks, turn on a computer's microphone to record audio and scan for Bluetooth-active devices.
The cyber espionage activities described by the researchers are cyberspying techniques employed by the U.S., Israel and a number of other countries, cybersecurity specialists said. Cybersecurity researchers said the complexity of Flame's coding and comprehensiveness of its spy capabilities could suggest it was the work of a government.
Experts said they believe Flame reports back the information to a central command-and-control network that has constantly changed location. Analysts found servers in Germany, Vietnam, Turkey, Italy and elsewhere, but haven't located the main server.
White House National Security Council spokeswoman Caitlin Hayden declined to comment on Iranian accusations of U.S. involvement.
Analysts suspected Israel and the U.S. to be behind Stuxnet, but the link hasn't been confirmed. U.S. officials have declined to comment on Stuxnet's origins, but former U.S. officials said they regard it as a joint effort between the U.S. and Israel. That virus infected computers in several countries but was written to only sabotage specific systems in Iran, they said.
Stuxnet's purpose differed considerably from the apparent aim of Flame. Stuxnet was designed to damage computerized control systems running nuclear centrifuges, while Flame appears to have been designed for high-end targeted espionage. Researchers haven't found evidence of any damage to systems caused by Flame.
Israel has neither confirmed nor denied being involved with Stuxnet.
On Tuesday, Deputy Prime Minister Moshe Ya'Alon hinted that the country may be involved in Flame, saying in an interview with Army Radio, "Anyone who sees the Iranian threat as a significant threat—it's reasonable [to assume] that he will take various steps, including these, to harm it."
U.S. officials draw a distinction between cyber espionage and cyberattacks, which have a destructive or manipulative purpose and could be considered an act of war.
"We have strong beliefs that there are nations behind this malware. We assume it's related to the regimes and political situation in the Middle East," said Vitaly Kamluk, the chief malware expert for Kaspersky Lab.
Independent experts have been on the virus's trail for about a month. The International Telecommunications Union, the special agency at the United Nations that coordinates cybersecurity efforts, approached Kaspersky Lab in late April to investigate a series of incidents tied to a malware program known as Wiper. In the process of that investigation, the experts discovered Flame.
Iran's Supreme Leader Ayatollah Ali Khamenei has called the Internet a threat to national security and a dangerous double-edged knife that has benefits as well as risks.
Since 2009, Mr. Khamenei has instructed security forces to train and form units to battle cyberattacks to curb the influence of social-media websites.
In March, Mr. Khamenei issued a decree ordering the creation of the Supreme Council of Cyberspace, a committee consisting of high-level military and intelligence officials tasked with supervising cyber activity and warfare.
Wednesday, May 30, 2012
CYBERSECURITY - Cyber Wars' Latest
"Sophisticated Virus Infects Computers in Iran, Mideast" by FARNAZ FASSIHI And PAUL SONNE, Wall Street Journal 5/29/2012
Monday, May 28, 2012
WINDOWS - Backups Revisited
I am re-posting this subject because of several queries via Usenet.
Having a good backup utility is the absolutely best way for restoring your system. And by "good" I mean an image backup utility, NOT a file backup.
An image backup utility takes a "snap shot" of sectors on your hard drive (not just files) which means you have your boot sector and everything else. The most efficient will image only used sectors, not the entire drive (used and blank).
I use "O&O DiskImage Pro" (compatible with all versions of Windows)
It has saved my WinXP SP3 desktop 2 times in the years I've use it.
I also use it to load a new hard drive (I needed a bigger one), connected the new drive (IDE HD0) jumpered just like the old one, booted to the DiskImage CD, recovered my backup to the new blank drive (DiskImage asked if I wanted it bootable, yes of course) booted to the drive with absolutely no problems. Already had a partition tool (link follows, Windows Disk Management cannot do this without loosing data) installed and use it to expand the used space to include the entire (now bigger) drive.
EaseUS Partition Master Professional Edition
Purchase of "O&O DiskImage Pro" includes a Boot ISO image you can write to a CD/DVD. Boot to the CD and it runs the ENTIRE DiskImage utility (Backup AND Recovery). I use this method to create backups to an external USB hard drive.
The Windows installed DiskImage (and you must install in on your system) allows you to mount your image backups as another drive, thereby you can recover individual files.
"O&O DiskImage Pro" is worth every dime ($30 for 1 copy, $50 for 3), from a very satisfied user not affiliated with O&O.
CAUTION: You should NEVER create backups WITHOUT running a virus scan FIRST!
Having a good backup utility is the absolutely best way for restoring your system. And by "good" I mean an image backup utility, NOT a file backup.
An image backup utility takes a "snap shot" of sectors on your hard drive (not just files) which means you have your boot sector and everything else. The most efficient will image only used sectors, not the entire drive (used and blank).
I use "O&O DiskImage Pro" (compatible with all versions of Windows)
It has saved my WinXP SP3 desktop 2 times in the years I've use it.
I also use it to load a new hard drive (I needed a bigger one), connected the new drive (IDE HD0) jumpered just like the old one, booted to the DiskImage CD, recovered my backup to the new blank drive (DiskImage asked if I wanted it bootable, yes of course) booted to the drive with absolutely no problems. Already had a partition tool (link follows, Windows Disk Management cannot do this without loosing data) installed and use it to expand the used space to include the entire (now bigger) drive.
EaseUS Partition Master Professional Edition
Purchase of "O&O DiskImage Pro" includes a Boot ISO image you can write to a CD/DVD. Boot to the CD and it runs the ENTIRE DiskImage utility (Backup AND Recovery). I use this method to create backups to an external USB hard drive.
The Windows installed DiskImage (and you must install in on your system) allows you to mount your image backups as another drive, thereby you can recover individual files.
"O&O DiskImage Pro" is worth every dime ($30 for 1 copy, $50 for 3), from a very satisfied user not affiliated with O&O.
CAUTION: You should NEVER create backups WITHOUT running a virus scan FIRST!
Saturday, May 12, 2012
HARDWARE - My Home Computer Systems
OK, time for more bragging about my computers.
DESKTOP:
(click for better view)
LAPTOP:
(click for better view)
CPU: 2x Intel(R) Pentium(R) Dual CPU T3400 @ 2.16GHz
Memory: 2021MB (278MB used)
Operating System: Linux Mint 10 Julia
Kernel: Linux 2.6.35-32-generic (i686)
Compiled: #67-Ubuntu SMP Mon Mar 5 19:35:26 UTC 2012
C Library: GNU C Library version 2.12.1 (stable)
Default C Compiler: GNU C Compiler version 4.4.5 (Ubuntu/Linaro 4.4.4-14ubuntu5.1)
Display Resolution: 1280x800 pixels
OpenGL Renderer: Mesa DRI Mobile Intel® GM45 Express Chipset GEM 20100330
DEVELOPMENT: x86/MMX/SSE2
X11 Vendor: The X.Org Foundation
DESKTOP:
- Manufacturer: MICRO-STAR INTERNATIONAL CO., LTD
- Model: MS-7222
- North Bridge: VIA P4M800 Pro/P4M800 CE/VN800/CN700 Revision 00
- South Bridge: VIA VT8237 Revision 00
- CPU Name: Intel(R) Pentium(R) 4CPU 3.00GHz Hyper-Threading
- CPU Socket: Socket 775 LGA
- Max CPU Speed: 1500 MHz
- Maximum Memory Capacity: 1024 MBytes
- Maximum Memory Module Size: 32 MBytes
- Memory Slots: 2 (= 2gb memory)
- Memory Type: DDR2
- Disk C: 55 GB Available, 80 GB Total, 55 GB Free (Internal IDE HD0)
- Disk D: 166 GB Available, 217 GB Total, 166 GB Free (Internal IDE HD0)
- Disk E: 2718 MB Available, 19077 MB Total, 2718 MB Free (Internal IDE HD1)
- Disk F: 4 GB Available, 18 GB Total, 4 GB Free (Internal IDE HD1)
- Disk H: 51 GB Available, 149 GB Total, 51 GB Free (External Firewire)
- Disk J: 321 GB Available, 485 GB Total, 321 GB Free (External Firewire partition)
- Disk K: 398 GB Available, 445 GB Total, 398 GB Free (External Firewire partition)
- Video Card: nVidia Corporation GeForce 7900 GS 512mb AGP
- HP DVD Writer 1035r (Internal IDE)
- Memorex Recorder 1394/USB20 Drive IEEE 1394 SBP2 Device (External Firewire)
LAPTOP:
Subscribe to:
Posts (Atom)
