My new special feature on the Flame cyber-weapon was published by The Electronic Intifada last night. I take an in-depth look at who may have been behind the computer worm that snooped on thousands of computers from the West Bank to Iran. I bring to light evidence that Israel’s teasing intimations it created Flame may be more about propaganda and regaining its lost “deterrence” capabilities against Arabs. Here’s a brief extract:
World-renowned security and cryptography expert Bruce Schneier told The Electronic Intifada that Flame was “much more sophisticated than the typical worm.” Over email, he commented that while it “seems definitely the work of a large, well-funded, well-coordinated team” there was also “some hype” about it on the technical level.
Flame is able to take screenshots, switch on the microphone and record audio conversations, snooping on Skype calls, for example. Screenshots are triggered when sensitive information is likely to be revealed: such as when instant messaging software is running. It can intercept keystrokes, search for passwords and steal files.
Flame zeroes in on certain files: images, photos with geographic data, presentations, project files and PDFs. Later, more detailed analysis by Kapersky revealed that Flame’s controllers seem especially interested in stealing digital blueprints: “the attackers seem to have a high interest in AutoCAD drawings,” the report said (“The Roof Is on Fire: Tackling Flame’s C&C Servers,” 4 June 2012).
I will be following-up on this story, looking at the possibility that Flame could be used for more aggressive purposes than spying, so watch my EI blog for that later in the week.
UPDATE: the follow-up story on my blog is here.