حمله ویروسی جاسوسی به شبکه اینترنت ایران

Share Button

وال استریت ژورنال
سه شنبه ۲۹ می
بنا به اظهار مقامات امنیت سایبری و ارتباطا ت ایران، ویروسی خیلی پیچیده کامپیوتر های ایران را در معرض حمله خود قرار داده است
هزاران کامپیوتر دولتی و خصوصی به این ویروس خیلی پیچیده که نام فلیم (زبانه های آتش) بخود گرفته طی آخرین جنگ سایبری علیه جمهوری اسلامی، در معرض آلودگی قرار گرفته اند.
این ویروس به بخش وسیعی از خاورمیانه از جمله فلسطین، سوریه، اسرائیل و ایران سرایت نموده ولی هیچ کشوری باندازه ایران مورد آسیب قرار نگرفته است.
ایران از سال ۲۰۱۰ در معرض هجوم این ویروس بوده است. هدف «فلیم» که از ۲۰۱۰ عمل میکرده است، جاسوسی بوده است و نه خسارات زنی و اختلال.

… پایان چکیده مطلب

ح ت
……………..

وال استریت ژورنال
۲۹ می

MIDDLE EAST NEWSMay 29, 2012, 3:51 p.m. ET
Sophisticated Virus Hits Iranian Computers
Thousands of computers in Iran belonging to government agencies and private companies have been infected with a highly sophisticated virus, dubbed Flame, in the latest cyberwarfare against the Islamic Republic, said cybersecurity experts and Iran’s telecommunications ministry.

The malware was widely detected across the Middle East in Syria, Israel and the Palestinian Authority, as well as in other parts of the world, but Iran has the highest rate of infection, experts said.

Iran has been targeted with sophisticated computer viruses since 2010 such as Stuxnet, Duqu and Wiper. These viruses have disabled centrifuges for enriching uranium, stolen data from nuclear facilities and erased computers at the oil ministry.

The aim of Flame, which has been in operation since 2010, was espionage, not physical damage or system interruption, said experts at Kaspersky Lab, a Russian information-technology security firm that reported the virus on Monday.

Independent security experts said the scope of its complexity and method of operation suggests Flame was sponsored by a nation-state. It wouldn’t be economically feasible, they argued, for a private corporation to run such a large-scale international cyberattack.

Iran on Tuesday said it was a victim of cyberwarfare by Israel and the U.S., the semiofficial Fars news agency reported.

“It’s in the nature of some countries and illegitimate regimes to spread viruses and harm other countries. We hope these viruses dry out,” Ramin Mehmanparast, Iran’s Foreign Ministry spokesman, said on Tuesday.

Iran’s computer emergency response team, known as Maher, a branch of the telecommunication ministry, said on Tuesday that it was sharing research information on the virus for the first time ever on its website. Maher posted a link to antivirus software developed by its researchers to remove Flame and offered assistance to any infected organization.

Maher also said Flame was linked to a March cyberattack that erased data and disrupted internal Internet communications at Iran’s oil ministry.

Flame is the biggest and most high-functioning cyberweapon ever discovered, various cybersecurity experts said. It is 20 times larger than Stuxnet and carries 100 times more code than a virus that steals personal information, experts said.

The most alarming feature, experts said, is that Flame can be highly versatile, depending on instructions by its controller. The malware can steal data and social-network conversations, take snapshots of computer screens, penetrate across networks, turn on a computer’s microphone to record audio and scan for Bluetooth-active devices.

The cyber espionage activities described by the researchers are cyberspying techniques employed by the U.S. and a number of other countries, cybersecurity specialists said. Cybersecurity researchers said the complexity of Flame’s coding and comprehensiveness of its spy capabilities could suggest it was the work of a government.

Experts said they believe Flame reports back the information to a central command-and-control network that has constantly changed location. Analysts found servers in Germany, Vietnam, Turkey, Italy and elsewhere, but haven’t located the main server.

White House National Security Council spokeswoman Caitlin Hayden declined to comment on Iranian accusations of U.S. involvement.

Analysts suspected Israel and the U.S. to be behind Stuxnet, but the link hasn’t been confirmed. U.S. officials have declined to comment on Stuxnet’s origins, but former U.S. officials said they regard it as a joint effort between the U.S. and Israel. That virus infected computers in several countries but was written to only sabotage specific systems in Iran, they said.

Stuxnet’s purpose differed considerably from the apparent aim of Flame. Stuxnet was designed to damage computerized control systems running nuclear centrifuges, while Flame appears to have been designed for high-end targeted espionage. Researchers haven’t found evidence of any damage to systems caused by Flame.

U.S. officials draw a distinction between cyber espionage and cyberattacks, which have a destructive or manipulative purpose and could be considered an act of war.

“We have strong beliefs that there are nations behind this malware. We assume it’s related to the regimes and political situation in the Middle East,” said Vitaly Kamluk, the chief malware expert for Kaspersky Lab.

Independent experts have been on the virus’s trail for about a month. The International Telecommunications Union, the special agency at the United Nations that coordinates cybersecurity efforts, approached Kaspersky Lab in late April to investigate a series of incidents tied to a malware program known as Wiper. In the process of that investigation, the experts discovered Flame.

Iran’s Supreme Leader Ayatollah Ali Khamenei has called the Internet a threat to national security and a dangerous double-edged knife that has benefits as well as risks.

Since 2009, Mr. Khamenei has instructed security forces to train and form units to battle cyberattacks to curb the influence of social-media websites.

In March, Mr. Khamenei issued a decree ordering the creation of the Supreme Council of Cyberspace, a committee consisting of high-level military and intelligence officials tasked with supervising cyber activity and warfare.
……………………………………………….

در همین زمینه از نیویورک تایمز
۲۹ می سه شنبه

Iran Confirms Attack by New Data Virus
By THOMAS ERDBRINK
Published: May 29, 2012 7
TEHRAN — The computers of high-ranking Iranian officials appear to have been penetrated by a data mining virus called Flame, in what may be the most destructive cyber attack on Iran since the notorious Stuxnet virus, an Iranian cyber defense organization confirmed on Tuesday.

Kaspersky Lab, via Agence France-Presse — Getty Images
The computer virus known as Flame as shown by the Russian computer security firm Kaspersky Lab.
In a message posted on its Web site, Iran’s Computer Emergency Response Team Coordination Centre warned that the virus is potentially more harmful than the 2010 Stuxnet virus, which destroyed several centrifuges used for Iran’s nuclear enrichment program. In contrast to Stuxnet, the newly identified virus is designed not to do damage but to secretly collect information from a wide variety of sources.

Flame, which experts say could be as many as five years old, was discovered by Iranian cyber experts. In a statement about Flame on its Web site, Kaspersky Lab, a Russian producer of antivirus software, said that “the complexity and functionality of the newly discovered malicious program exceed those of all other cyber menaces known to date.”

The virus bears special encryption hallmarks that an Iranian cyber defense official said bear strong similarities to previous Israeli malware. “Its encryption has a special pattern which you only see coming from Israel,” said Kamran Napelian, an official with Iran’s Computer Emergency Response Team. “Unfortunately, they are very powerful in the field of I.T.”

While Israel never comments officially on such matters, its involvement was hinted at by top officials there. “Anyone who sees the Iranian threat as a significant threat — it’s reasonable that he will take various steps, including these, to harm it,” said the vice prime minister and strategic affairs minister, Moshe Yaalon, in a widely quoted interview with Israeli Army Radio on Tuesday.

In a speech Tuesday night, Prime Minister Benjamin Netanyahu did not mention Flame specifically, but he did include cyber as one of five key threats Israel faces, saying, “We are investing a great deal of money in that, human capital and financial capital. I expect these investments to yield a great deal in the coming years.”

Mr. Napelian said that Flame seems designed to mine data from personal computers and is distributed through USB sticks rather than the Internet, meaning that a USB has to be inserted manually into at least one computer in a network.

“This virus copies what you enter on your keyboard, it monitors what you see on your computer screen,” Mr. Napelian said in a telephone interview. That includes collecting passwords, recording sounds if the computer is connected to a microphone, scanning disks for specific files and monitoring Skype.

“Those controlling the virus can direct it from a distance,” Mr. Napelian said. “Flame is no ordinary product. This was designed to monitor selected computers.”

Mr. Napelian said he was not authorized to disclose how much damage Flame had caused, but guessed the virus had been active for the past six months and was responsible for a “massive” data loss. Iran says it has developed anti-virus software to combat Flame, something that international anti-virus companies have yet to do, since they have just become aware of its existence.

“One of the most alarming facts is that the Flame cyber-attack campaign is currently in its active phase, and its operator is consistently surveilling infected systems, collecting information and targeting new systems to accomplish its unknown goals,” Alexander Gostev, chief security expert at Kaspersky Lab said on the company’s Web site.

In his speech Tuesday, at the annual conference of Israel National Security Studies, Mr. Netanyahu made his first public comments about the talks last week in Baghdad on Iran’s nuclear program, expressing disappointment that the Western powers were not demanding more of Tehran.

“Not only should the sanctions be intensified, the demands should be intensified,” Mr. Netanyahu said. “I say sadly that this is not what’s being required of Iran today. In the previous round they were asked to stop the 3.5 percent enrichment and that’s not what’s happening now.”

He added: “They have continued to enrich, undisturbed. In other words, they are moving ahead, constantly, with their nuclear program to build a nuclear bomb.”

 

No Comments