Kaspersky: Flame and Similar Malware Pose Worldwide Risk
The CEO of Kaspersky Lab, which discovered the Flame malware that reportedly targeted Iran and hit other Middle East countries, is speaking out against what he sees as a growing cyber-terrorism trend, and urged countries worldwide to work to prevent it.
Eugene Kaspersky over the past couple of weeks has been vocal in his warnings against governments developing malware targeted at foes and releasing it onto the Internet. Too many countries are seeing what can be done against their enemies by putting sophisticated malware into the wild, and it could come back to harm them.
"Flame is extremely complicated, but I think many countries can do the same or very similar, even countries that don't have enough of the expertise at the moment, Kaspersky said June 6 during a cyber-security conference in Tel Aviv, according to Reuters. They can employ engineers or kidnap them, or employ 'hacktivists. These ideas are spreading too fast. That cyber-boomerang may get back to you."
Researchers at Kasperskys antivirus company first released their analysis of Flame May 28, saying it was the most sophisticated malware thats been found and that details of the virus indicated it was related to the Stuxnet worm that was used in 2010 to damage Irans Natanz nuclear facilities.
Its widely believed that the United States, Israel or both worked on the Stuxnet malware with the aim of crippling Irans nuclear program. The two countries claim Iran is building up its nuclear capabilities in hopes of developing weapons; Iran officials have said the program is aimed at peaceful civilian purposes.
Researchers from Kaspersky and elsewhere are continuing to learn more about Flame, which is a massive piece of sophisticated malware that apparently was targeted specifically at computers used in Iran and other countries in the Middle East and North Africa. It essentially is not intended to damage the computers it infects, but instead to steal information from them. Many security experts agree with Kaspersky about the long-range threat the malware poses. However, others have said they see the threat as overblown and limited.
During his talk in Israel, Kaspersky reportedly listed the United States, Israel, England, China and Russiaand possibly India, Japan and Romaniaas countries with the capabilities to develop malware such as Flame. However, he didnt accuse any particular country as being the one that unleashed Flame.
Still, in Israel and elsewhere, Kaspersky argued that getting into such cyber-attacks was dangerous, and urged countries to come together to fight against that type of warfare, similar to what has been in the past in such areas as biological and nuclear warfare.
"It's not cyber-war; it's cyber-terrorism and I'm afraid it's just the beginning of the game, he said in Israel. I'm afraid it will be the end of the world as we know it. ¦ I'm scared, believe me."
Kaspersky also warned that while researchers may now know about Flame and Stuxnet, other undiscovered cyber-weapons are out there infecting computers.
At a CeBit conference in Australia in May, Kaspersky sounded a similar alarm, saying that cyber-weapons are the most dangerous innovation of this century, according to The New York Times.
Such malware used by countries like the United States and Israel to slow Irans nuclear program could also be used by others to attack everything from power grids to financial systems anywhere in the world, he said. Kasperskys worry is that the use of such malware will continue to grow as more countries and other groups find it thousands times cheaper to create such cyber-weapons compared with conventional ones.
Without some sort of international agreement to stem the use of such online weapons, the numbers of state-sponsored malwareand the threat to all countries raised by itwill continue to grow, he said.