UN agency plans major warning on Flame virus risk

Wed May 30, 2012 3:50am IST

Participants sit at the games area of the Campus Party event in Sao Paulo February 7, 2012. REUTERS/Fernando Donasci/Files

Participants sit at the games area of the Campus Party event in Sao Paulo February 7, 2012.

Credit: Reuters/Fernando Donasci/Files

Related Topics

Stocks

   
Priyanka Gandhi Vadra, daughter of Congress party chief Sonia Gandhi, adjusts her flower garlands as she campaigns for her mother during an election meeting at Rae Bareli in Uttar Pradesh April 22, 2014. REUTERS/Pawan Kumar

Election 2014

More than 814 million people — a number larger than the population of Europe — are eligible to vote in the world’s biggest democratic exercise.  Full Coverage 

REUTERS - A United Nations agency charged with helping member nations secure their national infrastructures plans to issue a sharp warning about the risk of the Flame computer virus that was recently discovered in Iran and other parts of the Middle East.

"This is the most serious (cyber) warning we have ever put out," said Marco Obiso, cyber security coordinator for the U.N.'s Geneva-based International Telecommunications Union.

The confidential warning will tell member nations that the Flame virus is a dangerous espionage tool that could potentially be used to attack critical infrastructure, he told Reuters in an interview on Tuesday.

"They should be on alert," he said, adding that he believed Flame was likely built on behalf of a nation state.

The warning is the latest signal that a new era of cyber warfare has begun following the 2010 Stuxnet virus attack that targeted Iran's nuclear program. The United States explicitly stated for the first time last year that it reserved the right to retaliate with force against a cyber attack.

Evidence suggests that the Flame virus may have been built on behalf of the same nation or nations that commissioned the Stuxnet worm that attacked Iran's nuclear program in 2010, according to Kaspersky Lab, the Russian cyber security software maker that took credit for discovering the infections.

"I think it is a much more serious threat than Stuxnet," Obiso said.

He said the ITU would set up a program to collect data, including virus samples, to track Flame's spread around the globe and observe any changes in its composition.

Kaspersky Lab said it found the Flame infection after the ITU asked the Russian company to investigate recent reports from Tehran that a mysterious virus was responsible for massive data losses on some Iranian computer systems.

So far, the Kaspersky team has not turned up the original data-wiping virus that they were seeking and the Iranian government has not provided Kaspersky a sample of that software, Obiso said.

SOME SKEPTICAL

A Pentagon spokesman asked about Flame referred reporters to the Department of Homeland Security.

DHS officials declined to respond to specific questions about the virus, but an agency spokesman issued a brief written statement that said: "DHS was notified of the malware and has been working with our federal partners to determine and analyze its potential impact on the U.S."

Some industry participants appeared skeptical that the threat was as serious as the UN agency and Kaspersky had suggested.

Jeff Moss, a respected hacking expert who sits on the U.S. government's Homeland Security Advisory Council, said that the ITU and Kaspersky were "over-reacting" to the spread of Flame.

"It will take time to dissassemble, but it is not the end of the Net," said Moss, who serves as chief security officer of the Internet Corporation for Assigned Names and Numbers, or ICANN, which manages some of the Internet's key infrastructure.

"We seem to be getting to a point where every time new malware is discovered it's branded 'the worst ever,'" said Marcus Carey, a researcher at with cyber security firm Rapid7.

Organizations involved in cyber security keep some of their communications confidential to keep adversaries from developing strategies to combat their defenses and also to keep other hackers from obtaining details about emerging threats that they could use to build other pieces of malicious software.

(Reporting by Jim Finkle in Boston; Additional reporting by Phil Stewart and Andrea Shalal-Esa in Washington; Editing by Eric Walsh)

FILED UNDER:
Comments (0)
This discussion is now closed. We welcome comments on our articles for a limited period after their publication.

  • Most Popular
  • Most Shared

Apple

REUTERS SHOWCASE

Hacking Threat

Hacking Threat

All at sea: global shipping fleet exposed to hacking threat.  Full Article 

Mt. Gox Update

Mt. Gox Update

Tokyo Court orders bankruptcy trustee to begin Mt. Gox liquidation .  Full Article 

Net Neutrality

Net Neutrality

U.S. regulators to propose new net neutrality rules in May.  Full Article 

Facebook Results

Facebook Results

Facebook Q1 revenue grows 72 percent on rising mobile ads.  Full Article | Related Story 

Huawei Shrugs

Huawei Shrugs

China's Huawei says reports of NSA spying won't impact growth  Full Article 

Betting on Content

Betting on Content

AOL, Microsoft lure advertisers with TV-style shows.  Full Article 

Restructuring Plans

Restructuring Plans

Zynga's Pincus withdraws from operations amid turnaround.  Full Article 

Security Threat

Security Threat

FBI warns healthcare sector vulnerable to cyber attacks.  Full Article 

Online Streaming

Online Streaming

Amazon grabs rights to stream older HBO shows.  Full Article 

Reuters India Mobile

Reuters India Mobile

Get the latest news on the go. Visit Reuters India on your mobile device.  Full Coverage