Huffpost UK Tech uk
Michael Rundle Headshot

Flame: Massive Cyber Superweapon Can Take 'Any Information It Wants' Says Symantec

Posted: Updated:
CYBER WAR
Alamy

The sudden discovery of the massive, malicious and highly targeted cyber weapon 'Flame' is like "nothing we've ever seen", security firm Symantec has told the Huffington Post.

Orla Cox, senior manager at Symantec Security Response, told the Huffington Post that the level of professionalism involved in the massive attack is unprecedented.

"I think it would hard to say that anyone other than a nation state would be behind it," Cox said. "You're looking at a well organised well funded group."

Symantec discovered Flame with the help of Crisis, a lab in Hungary and the University of Bucharest. Another group of researchers, Kaspersky, discovered the attack independently, but made the announcement at the same time.

The closest equivalent would have been Stuxnet, the American and Israeli virus which attacked and disabled elements of the Iranian nuclear programme, Cox said - but that was aimed at one specific target.

Flame is aimed at... all of them.

"What the threat allows a potential attacker to do is basically take any information it wants from a compromised machine," Cox said.

"Usually they're quite small, quite basic and looking for a particular type of information. In this case you're looking at something that can basically take everything at once."

Moreover the weapon can be modified over time, and is modular so that an attack can decide later to add new 'features' and gather new types of information.

"A computer that had this one - everything that's on that machine the attacker would have access to."

The attack is also strange in that not just governments but individuals - possibly including schools, academics and businesses have been targeted.

"Whoever is behind it certainly did their homework," Cox said. "They found individuals of value and went after them."

Countries with developed infrastructure - including the UK - are thought to be most vulnerable to the weapon which has reportedly hit more than 600 specific targets. Others known to have been affected include Sudan, Syria, Lebanon and Saudi Arabia.

The attack took a long time to put together, by lots of full-time agents, she said.

But there is nothing to identify exactly who is behind it, she said - adding that discovering the identity of the attack isn't their primary function.

"We'll continue to look at it to try and put the pieces together," she said. For Symantec the next step is to identify the motivation and the security risks.

Despite its size and sophistication the attack was hidden for almost two years before being detected because it was written to resemble a standard piece of software Cox said. It is also unusual in that only a few hundred highly targeted infections have been found - again indicating that a very professional outfit is behind it.

"At first glance it looks to be a standard piece of software," she said. "Normally malware is very small, very poorly written, usually within a few seconds we can identify something that is malicious or not."

Indeed a company like Symantec may end up in tricky territory if a government close to home is behind the attack - given they are a commercial enterprise dedicated to stopping them for its clients.

Cox said the company will work to understand the threat and added identifying who is behind it is not their focus.

"Sometimes along that it can make it easier to identify the individuals who are behind that, but it's obviously not our number one focus," she said.

"Also we'll make sure to work with different services if they need our assistance in it or law enforcement - we'd always offer our assistance."