"Flame" one of the most complex threats ever discovered

A complex targeted cyber-attack that collected private data from countries such as Israel and Iran has been uncovered, researchers have said.

Russian security firm Kaspersky Labs told the BBC they believed the malware, known as Flame, had been operating since August 2010.

The company said it believed the attack was state-sponsored, but could not be sure of its exact origins.

They described Flame as “one of the most complex threats ever discovered”.

Research into the attack was carried out in conjunction with the UN’s International Telecommunication Union.

They had been investigating another malware threat, known as Wiper, which was reportedly deleting data on machines in western Asia.

In the past, targeted malware – such as Stuxnet – has targeted nuclear infrastructure in Iran.

Others like Duqu have sought to infiltrate networks in order to steal data.

This new threat appears not to cause physical damage, but to collect huge amounts of sensitive information, said Kaspersky’s chief malware expert Vitaly Kamluk.

“Once a system is infected, Flame begins a complex set of operations, including sniffing the network traffic, taking screenshots, recording audio conversations, intercepting the keyboard, and so on,” he said.

More than 600 specific targets were hit, Mr Kamluk said, ranging from individuals, businesses, academic institutions and government systems.

Iran’s National Computer Emergency Response Team posted a security alert stating that it believed Flame was responsible for “recent incidents of mass data loss” in the country.

The malware code itself is 20MB in size – making it some 20 times larger than the Stuxnet virus. The researchers said it could take several years to analyse.

Iran and Israel

Mr Kamluk said the size and sophistication of Flame suggested it was not the work of independent cybercriminals, and more likely to be government-backed.

He explained: “Currently there are three known classes of players who develop malware and spyware: hacktivists, cybercriminals and nation states.

“Flame is not designed to steal money from bank accounts. It is also different from rather simple hack tools and malware used by the hacktivists. So by excluding cybercriminals and hacktivists, we come to conclusion that it most likely belongs to the third group.”

Among the countries affected by the attack are Iran, Israel, Sudan, Syria, Lebanon, Saudi Arabia and Egypt.

“The geography of the targets and also the complexity of the threat leaves no doubt about it being a nation-state that sponsored the research that went into it,” Mr Kamluk said.

The malware is capable of recording audio via a microphone, before compressing it and sending it back to the attacker.

It is also able to take screenshots of on-screen activity, automatically detecting when “interesting” programs – such as email or instant messaging – were open.

‘Industrial vacuum cleaner’

Kaspersky’s first recorded instance of Flame is in August 2010, although it said it is highly likely to have been operating earlier.

Prof Alan Woodward, from the Department of Computing at the University of Surrey said the attack is very significant.

“This is basically an industrial vacuum cleaner for sensitive information,” he told the BBC.

He explained that unlike Stuxnet, which was designed with one specific task in mind, Flame was much more sophisticated.

“Whereas Stuxnet just had one purpose in life, Flame is a toolkit, so they can go after just about everything they can get their hands on.”

Once the initial Flame malware has infected a machine, additional modules can be added to perform specific tasks – almost in the same manner as adding apps to a smartphone.


By Dave Lee


Best paper since 1996 to 2010

 Best papers 2010:

All the papers awarded are available here

More information about:

CIA World Factbook 2010 data visualization

Before starting 2011, it still time to publish this great data visualization tools, based on CIA world factbook 2010 data:


Riak ending 2010 with 86 production installs

According to latest twit from Antony Falco: http://twitter.com/antonyfalco

“We will end 2010 with at least 86 production Riak installs and 34 clients. Started year w/ 2. #nosql isn’t about to happen, it already did.”

Riak’s customer list is available here: http://www.basho.com/customers.html

6% of EU firms hit by data loss in 2010

Only six per cent of companies in the EU have been subjected to data loss as a result of malicious attacks, according to a new survey.

Out-Law.com, a division of law firm Pinsent Masons, revealed data from Eurostat which discovered that half of companies are using strong password systems or protect hardware with data encryption and other means.

Eurostat, which acts as the statistical office of the European Commission, also noted that data loss was twice as likely to be lost through technical failures as it was through a malicious attack.

Additionally, five per cent of companies were hit by problems after a malicious virus or unauthorised access to systems, while only one per cent suffered data loss due to intrusion, pharming or phishing attacks.

Furthermore, Slovakia was identified as having the highest incidence of malicious infections with 20 per cent being hit. The UK was among the safest with just two per cent.

Despite worries of major data loss, LG Electronics discovered in a recent survey that over half of both men and women only rely on their existing hard drive for storage.



“May 2011 be a safer year then, take care”

Top Ten Data Disaster stories 2010

2010 Top Ten List of Data Disasters Compiled by Kroll Ontrack

10. A square peg in a round hole – When a computer novice’s laptop battery died, he reached behind his desk, grabbed what he thought was the laptop charger and shoved the power cable into his laptop. Unfortunately, it was a power cord for a different device, and he fried his machine.

9. Double data recovery – A customer required the restoration of several archived tapes, and the Kroll Ontrack Tape Services team promptly restored the data and returned it on six external HDDs. The customer’s company tried to make a backup of the data on six more HDDs and stored these HDDs in a fireproof safe. They started to use the data they needed from the backup HDDs, but unfortunately, somebody had accidentally overwritten some of the data. “Not to worry!” they thought. “We can simply use the Kroll Ontrack HDDs!” However, when these HDDs were connected, they discovered that rather than copying the data, they had actually moved the data, and there was nothing on the HDDs. Thankfully, Kroll Ontrack still had the original tapes and recovered all of the data for a second time.

8. Keeping a family member’s memory alive – A woman visiting her father to assist with his medical treatments became the victim of a thief, who entered the hospital room where the visitor had her belongings and stole a laptop that once belonged to the woman’s daughter. Sadly, the woman visitor had recently lost her daughter to a battle with cancer. News of the crime hit the airwaves immediately, which led to a speedy arrest and the recovery of the stolen laptop. However, the hard disk had been wiped. Kroll Ontrack contacted the family to assist and was able to recover 90 percent of the family’s only photos of their deceased daughter.

7. Meat the experts – A hard drive recently arrived at the Ontrack Data Recovery lab from a butcher shop, packed in Styrofoam, with the remnants of a delicious cured ham. After a thorough degreasing of the case, the hard drive was sent to the cleanroom with suspected mechanical failure. Luckily, all the data was recovered, partly due to the fact that the client had fully observed Ontrack Data Recovery expert advice to preserve the drive in its found state and adequately protect the drive in transit.

6. Up in the air – A frequent traveller was enjoying an espresso while waiting for a plane home. He put his laptop case on the floor at the espresso bar and forgot to collect it. The airport police were notified of the unattended luggage, and while the traveller was on his plane, the laptop was detonated to ensure it was not a security threat.

5. Buckle up– A business woman, late for work, placed her briefcase on her car roof while she secured her coffee in her cup holder and her child in his car seat. Anxious to get on the road, the woman buckled up and quickly backed out of her garage, sending her briefcase, with laptop in tow, soaring off the roof just in time for the front wheels to crush it.

4. Laptop litter box – A woman left her Mac charging on the floor of her house for a few hours. She returned to discover a liquid on the keyboard and a sheepish kitten playing in the corner. Upon further investigation, the laptop had been soiled in cat urine!

3. Advocate for Africa – A man quit his job to fulfill his lifelong dream of traveling to Africa to photograph the poverty. After spending several months taking pictures, he moved back home to develop and sell the photos to businesses, bringing focus to the need for human aid in Africa. An unfortunate apartment fire erupted, but luckily the fireman managed to grab the computer before it was charred. While rushing down the fire ladder, the computer was dropped. After two devastating accidents, Ontrack Data Recovery engineers were able to recover 100 percent of the pictures.

2. The ants go marching in – A flood in Europe resulted in a computer being submerged in river and rain water for more than two days. The flood water was not the drive’s only problem. When the drive arrived at the Ontrack Data Recovery cleanroom, an ant, who tried to escape drowning in the flood, was found hanging from the head of the drive. Rigorous cleanroom techniques resulted in a recovery of most of the drive’s data; however, the ant could not be saved.

1. Laptops are not waterproof – Relaxing on a beach, a gentleman brought his laptop on his holiday to stay caught up on e-mails. When the midday temperatures started to soar, he decided to go for a swim. A little bit wary of leaving his laptop unattended, he popped it into a plastic bag so it would not get wet and went for a dip – laptop and all. The bag did not prove as durable as he hoped, and the laptop got soaked and he lost his data.


For the complete Top Ten Data Disasters list and to see videos of the top five disasters, please visit http://www.ontrackdatarecovery.com/data-disaster-2010.