Flame Looks Well-Suited for State-Sponsored Espionage

By Wayne Rash  |  Posted 2012-05-30 Print this article Print

Working with the assumption that Flame is really intended for cyber-espionage, which is what appears to be the case, then how worried should we be? The answer is, not very worried. Flame does not appear to have spread beyond the Middle East, and it doesn€™t do any actual damage. The infection is easily found if you know what to look for, and Iranian authorities reported that they have created a tool for removing it in the few days since they found out about it.

The reality of Flame is that unless you€™re in one of the affected countries, this isn€™t much of a threat and certainly doesn€™t deserve all the hype surrounding it. However, it does show that someone, somewhere, has developed an effective cyber-espionage system and that they have the infrastructure to use it. In other words, worrying specifically about Flame is counter-productive. You should worry about what whoever created Flame is doing now totally undetected.

And, of course, that brings us back to the question of Flame€™s origin. If Flame was created, as many have suggested, by a national cyber-espionage team of some sort, then the people who should worry are the people on that nation€™s list of enemies. Since the target appears to be Iran in this case, then Iran needs to worry about being attacked by some country that doesn€™t like them, which is basically everybody.

But that also means that only places that have some commerce with Iran also need to worry about being infected; this might explain why only Middle Eastern countries seem to have been affected. However, that does bring up the question of why so many computers in Israel were affected, unless Israel is somehow connecting with Iran€™s computers in some way.

But suppose the origin of Flame is really some sort of criminal syndicate? Despite Carr€™s suggestions, I€™m not sure that makes sense. Unless the hypothetical criminal syndicate thought Iran might have information worth stealing (nuclear secrets?) and had a ready buyer (the United States?), it€™s hard to see why they€™d bother. But it€™s easy to see why other countries would bother.

After all, the United Nations has been trying to penetrate Iran€™s nuclear secrets for years. Just because the ITU is an agency that€™s part of the UN doesn€™t mean that body wasn€™t involved. But so could any number of other governmental entities, including the United States. Could the United States possibly be sponsoring a cyber-espionage effort aimed at Iran? I don€™t know, but if I were the Director of National Intelligence, I€™d do it in a heartbeat.

Wayne Rash Wayne Rash is a Senior Analyst for eWEEK Labs and runs the magazine's Washington Bureau. Prior to joining eWEEK as a Senior Writer on wireless technology, he was a Senior Contributing Editor and previously a Senior Analyst in the InfoWorld Test Center. He was also a reviewer for Federal Computer Week and Information Security Magazine. Previously, he ran the reviews and events departments at CMP's InternetWeek.

He is a retired naval officer, a former principal at American Management Systems and a long-time columnist for Byte Magazine. He is a regular contributor to Plane & Pilot Magazine and The Washington Post.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel