Linux Mint Forums

[ASmith]

‘Flame’ Virus explained: How it works and who’s behind it [1]

Flame may be the most powerful computer virus in history, and a nation-state is most likely to blame for unleashing it on the World Wide Web.Kaspersky's chief malware expert Vitaly Kamlyuk shared with RT the ins and outs of Stuxnet on steroids. [1]

Each of these State created Virus's target the Windows Operating System and very specific security exploits in that OS which again points to the same Virus team that created Stuxnet, Duqu previously.

Powerful "Flame" cyber weapon found in Iran and is now spreading globally hijacking and compromising scores of applications and focusing on the exact same areas exploited by Stuxnet and Duqu strongly pointing to the same exact Israeli/USA virus programmers created the Flame Virus. [3]

What I find very telling about this 3rd. State Created Virus aimed at Iran is that ONLY the Russian cyber security firm of Kaspersky Lab openly blew the whistle on this latest global danger. I have no doubt the USA anti-virus firms knew about the Flame Virus but were under the NSA machine-gun to not disclose anything relevant about it.

It appears Kaspersky Lab has been able to decompile portions of the Flame Virus and have commented on it's enormous size and scope of operations which Kaspersky Lab is still determining and testing. Sadly, there certainly appears to be a very active censorship on USA based anti-virus firms in reporting on the State created virus's produced to specifically target Iran's computers but without fail have globally infected individual and business computers causing problems, damage and costing untold millions to disinfect and try to repair.

Kaspersky Lab is also researching a vicious Virus which also appears to be State created and targeted at Iran which deliberately erases information on the target computers.

Israeli Deputy Prime Minister Moshe Ya'alon has strongly hinted that Israel was involved in creating the computer virus Flame -- a new Stuxnet-like espionage malware -- to sabotage Iran’s nuclear plans. [2]

What is truly disappointing is the impression of Israel's officials entirely ignoring International Laws, Treatys, Ethics and Morals involved in unleashing computer virus's on global citizens revealed by this snippit from the same Israeli Deputy Prime Minister:

Speaking in an interview with Israel’s Army Radio on Tuesday, Ya'alon expressed support for the creation of the virus and similar tools, saying it "opens up all kinds of possibilities.” [2]

While many USA,Global business's have contracts with anti-virus firms to cleanse their servers and their workstations from virus's and worms which were infected by the Flame Virus, Stuxnet and Duqu ALL directly appear to come from the same source with many pointing their fingers directly at the Israeli Government and USA as the virus programmers.

Was flame virus that invaded Iran's computer networks made in USA by the National Security Agency? [4]

As the United Nations and Iran warn that the newly discovered flame computer virus may be the most potent weapon of its kind, U.S. computer security experts tell NBC News that the virus bears the hallmarks of a U.S. cyber espionage operation, specifically that of the super-secret National Security Agency. [4]

The article referenced in [4] alleges the depraved, enormous Flame Virus is 'intended to gather intelligence not destroy equipment or data as was the case with Stuxnet (and Duqu) Virus's.

The only anti-virus firm (Russian led Kaspersky Labs) actually commenting on the workings of the Flame Virus are certainly not spewing this very large Virus is not destroying data. Data destruction allegedly by this virus was the very reason the UN dept. tipped off that Moscow firm to investigate it. It could take months before that security firm discovers and briefs the public on more of the inner workings of the Flame Virus.

Still quite a few USA Business's and of course individuals DO NOT have a contract with a anti-virus firm forcing those business's and individuals to pay to have the Flame Virus, Stuxnet and Duqu cleaned off of their servers and systems and attempt to repair the security related damage those virus's and trojans created out of their own pockets.

I suggest all global business's and individuals forming the latter category of having to individually pay to cleanse and repair their computers from the Flame Virus, Stuxnet and Duqu virus/worm infections to enter a global class action lawsuit against Israel and against the United States Government with punitive damages so high they'll not chose to infect global business and individual computers again.

In regards to infecting USA/Western Computers, yes it is alleged that Israel/USA designed and infected Iran's computer sites with Stuxnet then Duqu and now the Flame Virus however that infection quickly spread globally infecting scores of US Business computers and servers also. USA anti-virus firms appear to be under the NSA machine-guns to not disclose the exact numbers (thousands) nor the amount of reported monetary damage (millions) to the public nor to investigative reporters.

References:

[1] ‘Flame’ Virus explained: How it works and who’s behind it http://www.rt.com/news/flame-virus-cyber-war-536/
[2] Israel hints it created Flame Virus/Worm malware http://presstv.com/detail/2012/05/30/243741/israel-hints-it-made-malware-flame/
[3] Powerful "Flame" cyber weapon found in Iran and is now spreading globally http://is.gd/Zt81Sh
[4] Was flame virus that invaded Iran's computer networks made in USA? http://openchannel.msnbc.msn.com/_news/2012/05/29/11945479-was-flame-virus-that-invaded-irans-computer-networks-made-in-usa?lite

[ASmith]

Iran makes first copy of Antivirus software to protect against the Flame Virus [1]

Iran becomes the first nation to have and pledge to release the anti-Flame virus software to the general public so that global citizens and business's around the world that are now infected by the alleged USA/Israeli created Flame Virus can also clean their computers and servers from this vicious virus which poses an enormous security risk.

Moscow's Kaspersky Lab's Computer security firm outlines the enormous size of the Flame Virus (20 MEGABYTES), some of it's multi-level nefarious actions 'Keystroke Recording, Skype Session Recording, Password Recording, Turning on system microphones and recording background sound, turning on Bluetooth Devices and hijacking them, remote control over infected workstation or server, data deletion. AND it appears information from inside Iran also indicates the Flame Virus is designed to harm those working around Oil terminal values and stations. [3],[4],[5]

What I find ironic and very telling is the near non-information from multiple USA based anti-virus firms regarding the utterly depraved Flame Virus AND Western based media is widely publishing the Flame Virus is non-destructive in nature although as outlined above it plainly is destructive AND Moscow's Kaspersky Lab's with it's 146 country associates are still working 24/7 to discover the entire scope of activities and destruction which the Flame Virus was designed to do to global Windows based computers and Windows based servers. Yes the main intended victims are those using the Win-X OS however Linux and Mint Users can still be terribly exploited and abused thru the Bluetooth component written into the Flame Virus outlined below and referenced.

NSA has recently created a new USA Business connected cyber-protection federal department under the guise of shielding and protecting USA Business's from something far less than the Flame Virus and yet many experts directly point to Israel and USA's NSA as creating and unleashing the Flame Virus on the Middle East which has now spread around the world apparently infecting users computers in America and USA Business Servers also.

The virus bears special encryption hallmarks that an Iranian cyber-defence official said have strong similarities to previous Israeli malware.

“Its encryption has a special pattern which you only see coming from Israel,” said Kamran Napelian, an official with Iran’s Computer Emergency Response Team. [4]

“One of the most alarming facts is that the ‘Flame’ cyber-attack campaign is currently in its active phase, and its operator is consistently surveiling infected systems, collecting information and targeting new systems to accomplish its unknown goals,” Alexander Gostev, chief security expert at Kaspersky Lab, said on the company’s Web site. [4]

While the USA/Israeli Government employees are alleged by experts to have created and unleashed the Flame Virus, the victims are all Windows OS users including individual Win-X PC's as well as Win-X Servers. AND non Windows OS users whose cell phone or bluetooth device is hijacked by the Flame Virus because that device was in the operational range of your bluetooth activated device. [4][5]

It appears Moscows Kaspersky Lab's Computer security firm, Iran's cyber security department and others have decompiled and decrypted the massive Flame Virus files. In the hands of unethical, immoral individuals that decompiled, decrypted code could simply be changed to who the receiver was for all of the uploaded stolen information, instead of NSA, Mossad data servers it could be XYZ hackers, crackers or anonymous, inc. servers although I seriously doubt most Anonymous members would stoop to the infernal depths the Flame Virus appears to have been built for. One component of the Flame Virus allows remote control of the infected computers,crackers decompiling, decrypting the Flame Virus will discover the entry into those still existing infected computers and hijack them also if they haven't started already.

Flame evaded detection for two years as it was successfully able to morph itself by attempting to detect what antivirus software was running. From there, it would hide itself in files that the antivirus software would not expect to be holding malicious code.

That is the biggest problem here, say experts. Traditional antivirus techniques failed, and Flame is successfully exploiting these holes. [5]

In closing the Flame Virus was targeted at Middle East Oil terminals and Oil ports during the time of already skyrocketing Oil prices and a double dip global recessionary period. Such appears to indicate the creators of the Flame Virus do not care one iota about the serious economic impacts the Flame Virus created and will continue to create in the total costs you pay at the fuel pumps as well as affect business decisions to be unable to employ more new hires because of the financial toll on their business's directly from the Flame Virus.

Iran’s Computer Emergency Response Team Coordination Center announced that it has created the first copy of antivirus software that protects against the newly identified Flame virus. The software will soon be made available for the general public to download, via the center’s website. [1]

References:

[1] Iran makes first copy of antivirus software to protect against Flame http://is.gd/IEw0zZ

[2] Iran Says It's Produced Antivirus to Newly Detected Flame http://www.businessweek.com/news/2012-05-30/iran-says-its-produced-antivirus-to-newly-detected-flame

[3] Kaspersky Lab and ITU Research Reveals New Advanced Cyber Threat http://www.kaspersky.com/about/news/virus/2012/Kaspersky_Lab_and_ITU_Research_Reveals_New_Advanced_Cyber_Threat

[4] Iran admits ‘Flame’ virus caused substantial damage http://www.thehindu.com/news/international/article3472881.ece

[5] Is Israel behind the 'Flame' worm? http://betanews.com/2012/05/29/is-israel-behind-the-flame-worm/

[/dev/urandom]

I have read that Flame is made by the ITU in order to enable the government to blame the Iran.

[ASmith]

I have read that Flame is made by the ITU in order to enable the government to blame the Iran.

While there is a high possibility that the International Telecommunications Union is infested with CIA,NSA, Mossad and other Western Intelligence agents the enormous backlash and push back against the alleged creation and unleashing by USA/Israel of the Flame Virus is bound to seriously backfire back on those aforementioned nations. [1]

Nations citizens and computer users I have spoken with are seriously fed up with the possible criminal actions by USA/Israel allegedly unleashing Stuxnet, Duqu and now the Flame Virus which directly impacts business's, computer users and global nations economy's as their business data is destroyed or compromised, their citizens privacy is invaded and their computers are infected with a multi-layered computer virus. Some of course mistakenly feel those destructive virus programs only effect Iranian infra-structure however they have globally spread and the economic impacts even in India are significant.

It's only a matter of time at most before computer crackers individually obtain the decompiled, dencrypted Flame Virus code and begin using the remote control feature, change the location of the captured passwords upload server IP and could also likely commit serious violent crimes (home, business robbery's, assaults, home invasions, assaults) after activating the Flame Virus remote microphone feature allowing criminals to detect if someone is home or a business is not being guarded or if a business has a money shipment that afternoon.

While the Flame Virus has been more actively followed for several weeks, the previous links indicate it could have been created 2 years ago and remained passively detecting system anti-virus software and remaining in encrypted, morphed state until recently. Although it has been detected across the Middle East and Africa in active modes, the Flame Virus has undoubtedly spread globally including across USA during the past 2 years.

Iranian computer engineers have determined and stated the Flame Virus was deliberately placed on USB flashdrives which were inserted into various vulnerable sites in Iran. However, it appears the Flame Virus or a as of yet unidentified additional Virus specifically targeted Iran's Oil terminals and Oil ports. My thoughts are that the US Military fully aware of the creation or existence of the Flame Virus had immediately banned all USB flash-drives across the entire US Military war theatre.

The USA Military has a on again off again relationship regarding banning active duty military using USB drives in the Middle East and Afghanistan. It is very possible until the US Military had a sweep for the Flame Virus themselves, they didn't want that virus being loaded onto their computers.

Mikko Hypponen CRO at F-Secure summarized it nicely: “The worst part of Flame? It has been spreading for years. 

Stuxnet, Duqu and Flame are all examples of cases where we — the antivirus industry — have failed. All of these cases were spreading undetected for extended periods of time.”

How did they do it? Flame drops binaries with the .OCX extension, as they are often not scanned by AV. If it finds McAfee on the system it uses the .TMP extension because McAfee also scans .OCX by default. Worse, according to one Twitter statement, Kaspersky knew about Flamer within a month and didn't even add signature to their AV till few days ago. If true, this is another black eye for the AV industry. [7]

Opinion:

Another entirely different view on the above quote is that ONLY Kaspersky Labs was outside of the direct extortion by the USA NSA of Anti-Virus software firms. The other firms imo KNEW (signed secrecy contracts) about the Flame Virus but were prohibited by the NSA to disclose it while allegedly their own clients were infected and their privacy compromised. Until the Flame Virus was decompiled, dencrypted and exposed by Kaspersky Labs, it was only recently when remote operators on infected Win-X computers, servers ordered the code to de-morph and go active which had prevented AV labs from determining the entire range and scope of how destructive the 20 megabyte Flame Virus would become.

References:

[1] ITU: There Are Now Over 1 Billion Users Of Social Media Worldwide, Most On Mobile http://techcrunch.com/2012/05/14/itu-there-are-now-over-1-billion-users-of-social-media-worldwide-most-on-mobile/

[2] Thumb-Drives Banned from SIPRNET Under Threat of Court-Martial http://www.dailytech.com/CDs+DVDs+ThumbDrives+Banned+from+SIPRNET+Under+Threat+of+CourtMartial/article20371.htm

[3] U.S. Military Bans Those Little USB Thumb Drive Things http://wonkette.com/432226/u-s-military-bans-those-little-usb-thumb-drive-things

[4] Virus (Via USB Drive) Hits US Military in Afghanistan http://www.kickenhardware.net/archive/index.php/t-15483.html?s=c810cdcad914b2cf38c668c68673d85b

[5] U.S. military prohibits military use of USB memory and CD and other anti-phishing http://www.9abc.net/index.php/archives/482

[6] Hackers, Troops Rejoice: Pentagon Lifts Thumb-Drive Ban http://www.wired.com/dangerroom/2010/02/hackers-troops-rejoice-pentagon-lifts-thumb-drive-ban/

[7] How the Flame Virus evaded Antivirus? http://tech4b.blogspot.com/2012/05/how-flame-evaded-antivirus.html

[ASmith]

Bitdefender Labs provides free windows Flame Virus removal tool (32bit and 64bit OS) as well as further startling insights into the Flame Virus modules and coding. [1]

Bitdefender labs relate the LUA scripted code portion in the Flame Virus was encrypted using a letter substitution coded encryption. USA Media Outlets meanwhile appear to have mounted a PsyOPs towards numerous experts pointing directly to USA/Israel as the creators of the Flame Virus by falsely suggesting it was mere 'gamers' who coded the over 6,000 line enormous 20 megabyte Flame Virus consisting of 20 modules one of which definitely appears to be the Stuxnet Virus module which no 'gamer' would be using.

However, that PsyOPs entirely depends on the reader to not be told nor aware that portion of the Flame Virus code needed to be easily encrypted (letter substitution) to hide the Flame Virus package from anti-virus software for a lengthy period of time which the LUA scripted code was perfect to use in that approach other modules were written in assembly code and even so the entire size is an enormous 20 Megabytes in total size with 20 different Virus Modules.

The Flame Virus even had a remotely triggered 'Suicide' option to delete all traces of the Flame Virus (72+ Files) and field reports relate significant data files were erased when a remote agency triggered the 'Suicide' option seeming to indicate the remote operation module in the Flame Virus was designed so the remote OP could target specific data or files to erase. The 'Suicide' option appears entirely designed to evade any forensic checks or tests for virus files.

Another really important revelation was the Flame Virus used SSL encryption to upload the stolen passwords, keystrokes, screen images, Skype sessions and any remote Bluetooth enabled device it could hack into AFTER using a unknown encryption algorithm (allegedly ID'd as being used exclusively by the Israeli Mosssad and Israeli Intelligence agents) to encrypt that stolen data in that unknown encryption algorithm, then via SSL encryption (AES-256) upload that to at first any of these USA domain servers: quick-net.info, smart-access.net, traffic-spot.biz and traffic-spot.com

Such entirely appears to dispel the USA Media spewed PsyOP suggesting the Flame Virus was designed by kiddie Gamers. Much less taking into account one of the 20 payload Flame Virus Modules hijacks any Bluetooth capable device within range of the infected workstation,PC or Win-X Server. Gamers indeed. atmpsvcn.ocx in the Flame Virus is identified as part of the Stuxnet Virus module code. Not only is the Flame Virus written in LUA largely necessary as mentioned above (encrypted) but other modules are written in pure assembly code for maximum speed and power. AND the stolen data was allegedly then encrypted with a encryption algorithm which allegedly only the Mossad and Israeli Intelligence agents use prior to being sent via a SSL link to various database websites.

Brief Opinion regarding the Bluetooth hijacking module/worm:
It appears the USA/Israeli Government has deployed Bluetooth invasive readers utilising the same module found in the Flame Virus which acts to pull in as much personal information from the remote Bluetooth device as it can while the victim is in range of that illegally privacy invasive attack. Natural locations for USA/Israeli Bluetooth preditation would likely include Library's, Museums, Metro-Stations and of course Airports. All of which visitors generally stay for many minutes allowing the hijacking to extract the maximum amounts of stolen data.

All of the above US domained servers mentioned in the Flame Virus have been taken down however it appears one individual has recently purchased the domain on two of them. It appears entirely likely the actively infected Win-X PC's,Workstations and Win-X Servers would still be sending encrypted data streams to those aforementioned domains. The LUA encryption permits the Flame Virus creators to quickly switch to entirely new upload servers,domains.

Further Detailed Analysis W32/Flame-A Virus [3]

W32/Flame-A can spread over the network and on removable storage devices.

Components of W32/Flame-A have been observed to use the following filenames:

%SYSTEM%\advnetcfg.ocx
%SYSTEM%\boot32drv.sys
%SYSTEM%\ccalc32.sys
%SYSTEM%\msglu32.ocx
%SYSTEM%\nteps32.ocx
%SYSTEM%\mssecmgr.ocx
%SYSTEM%\soapr32.ocx [3]

I have definitely seen Flame Virus log files on one of my Win-X boxes last year 2011 or even the year before (2010) which were not ID'd but flagged as suspicious by one of scores of AntiMaleware and Anti-virus software I had to run on all of my Win-X boxes. The maleware (likely the Flame Virus) was uploading huge amounts of data, burning up well over 50% CPU cycle and placing a significant delay in normal operations. That OS and Box containing it has since been entirely re-installed which appears to have erased the problem and illegal theft of information. USA/Israeli media-outlets are now running the PsyOp of reporting there are 'zero incidents of the Flame Virus' inside USA. As noted above I have already seen the Flame Virus active in USA last year (2011) and perhaps even in 2010 logging all kinds of stolen data and uploading that to the USA/Israeli designated databases for nefarious agencys to pour over and pick thru.



It is in my opinion totally ILLEGAL, IMMORAL, UNETHICAL and depraved to force me, YOU and others to burn up their bandwidth uploading information a Gov. steals off your computers and digital devices costing you bandwidth and ISP access in the process. Arizona US Senator John McCain reportedly publicly threw a fit when he learned President Obama revealed USA/Israeli State agency's were directly involved in the creation and dispersal of the Stuxnet, Duqu and Flame Virus cyber weapons which have spread globally. Apparently the impression is that US Senator McCain doesn't want the American citizens and global citizens to be aware the virus/worm that had serious consequences on your computer or your business server was made and released by the USA/Israeli Governments, opening up global class action lawsuits for damages.[11]



Flame Virus, the world's most complex computer virus, possessing a range of complex espionage capabilities, including the ability to secretly record conversations, has been exposed [4].

The above photo is seriously outdated in regards to global infections by the Flame Virus which has lurked on Win-X systems 2 years or longer in encrypted mode until the Flame Virus modules figured out that Win-X PC,WorkStation or Server's anti-virus software, deployed evasion and then was either locally or remotely activated. In short, the above photo is only a snap shot of known all 20 Virus Modules are 'active' Flame Virus infections which in no fashion accurately portray the immense numbers actually infected. With just one remote operation Flame Virus module active (there are at least 20 different Flame Virus/trojan modules) any infected Win-X computer is a serious privacy and security risk.

Modes of infection appear to be multiple: USB autoload active, Active X (OCX) local network infection or visitors to that website, Win-X executable file, Bluetooth enabled device within range of infected Win-X PC, Workstation or Servers. Exploits thus far is the often used MicroSoft use of Active X (OCX) files and web components, Windows USB autoload/run feature and the Windows Zero day exploit.

More Flame Virus/Trojan modules have yet to be disassembled, decompiled, decrypted and completely inspected. I have no doubts they'll further point to USA/Israel Gov. as the evil sponsors and creators as well as provide a treasure trove of destructive gifts to future crackers, hackers and folks bent on causing chaos, destruction, theft and mayhem.

(Reuters) - A United Nations agency charged with helping member nations secure their national infrastructures plans to issue a sharp warning about the risk of the Flame computer virus that was recently discovered in Iran and other parts of the Middle East.

"This is the most serious (cyber) warning we have ever put out," said Marco Obiso, cyber security coordinator for the U.N.'s Geneva-based International Telecommunications Union.

The confidential warning will tell member nations that the Flame virus is a dangerous espionage tool that could potentially be used to attack critical infrastructure, he told Reuters in an interview on Tuesday.

"They should be on alert," he said, adding that he believed Flame was likely built on behalf of a nation state. [6]

References:

[1] Cyber Espionage Reaches New Levels with Flamer http://labs.bitdefender.com/2012/05/cyber-espionage-reaches-new-levels-with-flamer/

[2] Nutty USA PsyOP trying to deflect rightous anger,hatrid and direct blame: Was Flame virus written by cyberwarriors or gamers? http://redtape.msnbc.msn.com/_news/2012/05/30/11962850-was-flame-virus-written-by-cyberwarriors-or-gamers?lite

[3] Further Detailed Analysis - W32/Flame-A Virus from Sophos Threat Center http://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/W32~Flame-A/detailed-analysis.aspx

[4] Flame: world's most complex computer virus exposed http://www.telegraph.co.uk/news/worldnews/middleeast/iran/9295938/Flame-worlds-most-complex-computer-virus-exposed.html

[5] Internet Archive Wayback Machine http://wayback.archive.org/web/*/smart-access.net

[6] UN agency plans major warning on Flame virus risk http://www.reuters.com/article/2012/05/29/net-us-cyberwar-flame-idUSBRE84R0E420120529

[7] Internet Archive on smart-access.net shows a steep decline in use at 2005 http://is.gd/Y3fEts

[8] Domain Ownership Lookup http://www.domaintools.com/

[9] Russia backed by China, India calls for Internet Revolution,pushing UN to takeover the Internet for Universal Freedoms http://is.gd/eqlwhj

[10] Plan X: USA Pentagon's blueprint for full-fledged cyberwar to wage War on Global Humanity via the Internet. http://is.gd/cq8l8R

[11] U.S. senator slams White House over Iran cyber leaks http://english.alarabiya.net/articles/2012/06/02/218153.html

[/dev/urandom]

"This is the most serious (cyber) warning we have ever put out," said Marco Obiso, cyber security coordinator for the U.N.'s Geneva-based International Telecommunications Union.

Similar wording is used by the U.S. when they want to invade a new country.

[ASmith]

Obama ordered sped up wave of cyberattacks against Iran [1]

From his first months in office, President Obama secretly ordered increasingly sophisticated attacks on the computer systems that run Iran’s main nuclear enrichment facilities, significantly expanding America’s first sustained use of cyberweapons, according to participants in the program. [1]

The New York Times article relates that former USA Vice President Dick Cheney pressured President Bush jr. to militarily attack Iran. Bush jr. refused, viewing that as likely blowing up into a huge regional war possibly going directly into WW3 against Russia, China. President Obama again under pressure from Israel and Israel's Lobby AIPAC sought to order the cyber attacks as a 'lesser of two evils'.

On paper, given the enormous deaths and losses that would take place in a military attack on Iran leading into a Regional and Global War, I would agree. However choosing the lesser of two evils doesn't in any fashion change the nature of evil actions much less the blow back form unleashing these Virus's on the global computer community. There also appears to be a hidden nefarious agenda which impacts all computer users.

The cyber attack operation allegedly was code-named 'Olympic Games' by then President Bush jr. in what can only be seen as a obscene swipe at Russian President Putin after the attempted USA/Israeli failed Georgian false flag operation which resulted in wholesale slaughter of South Ossetian civilians during the Chinese Summer Olympic Games meant to embarrass Russian President Putin only to end up exposing USA/Israeli military advisers and their stockpiles of weapons inside the Georgia nation who ran for their lives when Russian troops and heavy armor briefly moved into Georgia.

The New York Times article appears to publicly make statements by USA President Obama and provide further evidence that USA and Israel collaborated in planning, creating and then implementing the Stuxnet Virus which later gave rise to the Duqu Virus and now the Flame Virus targeting Iran.

The Siemen's electronic control module appears to have been a primary target of the Stuxnet Virus. The same electronic control module is used by Ten's of THOUSANDS of commercial industrial business's globally which presumably were infected and impacted also. It seems that Siemen's stock was adversely impacted however the vast scope of job loss, injury's and economic hits while it could be very large has been noticeably missing in all western media reports.

The NYT article also relates Obama administration realised that the Stuxnet Virus had spread globally which appears to be enough imo for Germany's Siemens Electronic Global Corporation and Global Business's and individual Win-X PC users to enter into a global lawsuit against USA and Israel for massive claims and punitive damages in world courts.



With researchers now finding the Stuxnet Virus module among the 20 virus modules in the huge Flame Virus package and the identical nation being targeted (Iran) it appears to pass 'beyond reasonable doubt' that USA and Israel were also involved in creating and releasing the Flame Virus.

My effort in exposing this to the Linux Mint community is to point out the ongoing efforts by such State actions harm a great many innocent people including impacting business's, global economys and hurting their incomes.

Thru what appears to be a public admission by President Obama's administration, the White House is selling a lesser of two evil choices that faced them (all out military war vs cyberwar on Iran) however the hidden agenda appears to be globally putting out these State sponsored virus modules THEN coercing USA/Western Business's to sign-up for NSA,CIA,FBI,UK,EU cyber governmental agency's assistance to protect them IF those same business's provide backdoor access, private and privileged information (warrentless invasive) to those agencys in order to receive their government assistance.

Plan X: The USA Pentagon's blueprint for full-fledged cyberwar [3]

In recent months, the federal government’s attempts to tighten its noose around America’s Internet have been arguably unrelenting. The Stop Online Piracy Act and its sister legislation, the Protect IP Act, stood a serious chance of regulating file-sharing on the Web before public outcry against the proposals pushed Congressman to change their stance. Only weeks later, however, the Cyber Intelligence Sharing and Protection Act (CISPA) was drafted and, if signed into law, will let the country’s elected leaders leer at the personal and otherwise private actions on every American’s computer. Now with Plan X, the US Department of Defense wants to make sure that when spying on their own citizen’s computer habits gets boring that they will be able to investigate the systems of non-citizens abroad and decimate them at the drop of a hat if a threat seems apparent. [3]

The USA Department of Homeland Security? is also the vanguard of pushing small and medium-sized business's to accept USA Government cyber security 'resources'. Which gives the impression that large domestic USA and foreign located business's have already had their private session with DHS on behind the scenes access. [4][5][6][7]

References:

[1] Obama Ordered Sped Up Wave of Cyberattacks Against Iran http://www.nytimes.com/2012/06/01/world/middleeast/obama-ordered-wave-of-cyberattacks-against-iran.html?_r=1

[2] Obama ordered Stuxnet cyber attack on Iran http://presstv.com/detail/2012/06/01/244159/obama-ordered-stuxnet-attack-on-iran/

[3] Plan X: Pentagon's blueprint for full-fledged cyberwar http://rt.com/usa/news/planx-us-cyber-pentagon-704/

[4] DHS Cybersecurity is Everyone's Business http://www.dhs.gov/files/programs/cybersecurity-is-everyones-business.shtm

[5] Cybersecurity and Industrial Espionage: Assessing Your Global Risks and Threats http://business.usa.gov/events/cybersecurity-and-industrial-espionage-assessing-your-global-risks-and-threats

[6] National Security Council, Cybersecurity, The White House: http://www.whitehouse.gov/cybersecurity

[7] Senior U.S. Government Cyber Official Joins RSA to Lead Federal Business http://www.rsa.com/press_release.aspx?id=11642

[8] Facing Cyberattack, Iranian Officials Disconnect Some Oil Terminals From Internet http://www.nytimes.com/2012/04/24/world/middleeast/iranian-oil-sites-go-offline-amid-cyberattack.html?_r=1&ref=middleeast

Reader Bonus:

[9] Budapest Security File on Skywiper aka Flame Virus http://www.crysys.hu/skywiper/skywiper.pdf

[ASmith]

The head of Iran's cyber police says the perpetrators behind the recent cyber attack on the Iranian Oil Ministry have been traced to the US. [1]



Legal action must be taken against US over cyber attacks [2]

According to Western sources, the destructive Stuxnet virus was created by the US and Israel and had infiltrated Iran's cyber network in 2010 with the cooperation of Germany’s Siemens company. Iranian officials said they had managed to prevent it from successfully completing its mission. In 2011, it was also reported that the US had created the data-thieving Duqu virus to steal intelligence from Iran’s vital industrial and oil and gas energy infrastructure.

It seems that in addition to defending itself against this undeclared cyber war which targets its national interests, Iran must launch such initiatives as filing a lawsuit with international legal authorities on the US cyberwar against Iran. Of course, due to the nature of the “cyberwar,” international laws on this phenomenon are not clear-cut yet. However, since this is the United States’ first experience in foreign cyberwar, as admitted by the New York Times, it can also be Iran's first experience in using legal defense against the US “cyber-aggression.” Some Iranian officials have already proposed this, but the issue was not seriously followed by the Iranian Foreign Ministry.

All available evidence attest to the US and Israel’s “cyber-aggression” against legitimate right of the Iranian nation to peaceful technologies in all areas, including production of nuclear energy. Therefore, there is no justification for not pursuing such a lawsuit with international bodies at a time that bullying powers imagine that they can give legitimacy to any act of aggression under the cover of peace-seeking.[2]

Perhaps a global class-action lawsuit by citizens and business's that Stuxnet, Duqu or the Flame Virus had effected, infected or compromised can begin using the New York Times articles and other White House administration releases which appear to squarely place the creation of these multi-million dollar to create virus's with the USA and Israeli Governments. I would think the punitive damage (specific legal award meant to monetarily punish the offender) award would be enormous and way beyond the actual damages total claims. A failure by citizens and nations to enter civil and class-action lawsuits against USA and Israel over the creation and global release of Stuxnet, Duqu and the Flame Virus could easily be seen as simply inviting a serial criminal to create and release additional deadly computer virus's and worms which have enormous negative blowback on the global computer community and business's that depend on their servers being virus/worm free and functioning properly.

References:

[1] Cyber attack on the Iranian Oil Ministry have been traced to USA http://presstv.com/detail/2012/06/09/245388/cyber-attack-on-iran-traced-to-us/

[2] Legal action must be taken against US over cyber attacks http://presstv.com/detail/2012/06/03/244472/legal-action-needed-against-cyberattacks/

[/dev/urandom]

Told you so.

[ASmith]

Experts?: Flame spy virus (allegedly) gets order to vanish [1]

U.S. computer security researchers said Sunday that the Flame computer virus that targeted computers in Iran and elsewhere for years has gotten orders to vanish, leaving no trace.

Anti-virus company Symantec said in a blog post that late last week, some Flame "command-and-control servers sent an updated command to several compromised computers." [Many readers felt that was purely a NSA PsyOP propaganda release intended to minimise global condemnation and litigation against the USA/Israeli Governments]

"This command was designed to completely remove (Flame) from the compromised computers."

Flame malicious software (malware) appears to have been "in the wild" for two years or longer and prime targets so far have been energy facilities in the Middle East.

The discovery of Flame immediately sparked speculation that it had been created by U.S. and Israeli security services to steal information about Iran's nuclear program.

Flame was designed to suck information from computer networks and relay what it learned back to those controlling the virus. It can record keystrokes, capture screen images, and eavesdrop using microphones built into computers. [1]

Opinion:

Suddenly the USA Anti-virus company Symantec is some alleged expert and insider on exposing the USA/Israeli NSA/MOSSAD Flame Virus? Not hardly, it was the MOSCOW based Kaspersky Lab that blew the whistle NOT any US based anti-virus firms which I previously noted was very suspicious and entirely pointing to NSA silencing USA Anti-Virus companys informational releases on the Flame Virus.

As previously posted, researchers following Moscow based Kaspersky Lab's lead on the Flame Virus found a coded suicide switch in the Flame Virus coding and published that information which Symantec is simply now spewing likely on behalf of the USA/Israeli Governments trying to minimise legal exposure and international global sanctions for releasing Stuxnet, Duqu and now the Flame Virus.

Sooner than later,technicians in USA Anti-Virus companys privy to the NSA threats will publish their personal accounts on the Flame Virus saga complete with the insider threats and extortion being placed on the firms they worked for in the United States.

In the referenced and recommended to read article [1], is the repeated reference that Bush jr. began the series of cyber-attacks on Iran (allegedly Stuxnet, Duqu) followed by now USA President Obama with the Flame Virus that Bush jr. codenamed the operation 'Olympic Games'. Readers might remember the Chinese Summer Olympic games were ongoing when Bush jr. signalled USA/Israeli advisors to OK the Georgian artillery troops they were working with to open fire on South Ossettia's civilian neighbourhood slaughtering scores of Ossettia civilians in a rather class-less attempt to embarrass Russian President Putin attending the Olympic Games who called for a heavy response resulting in USA/Israeli advisers running for their lives from Russian troops, tanks, and Iskander theatre ballistic missiles.

The 'Olympic Games' had generally been a global period of staged and planned peace with the exception some 30 yrs previously when some Israeli Olympic athletes were kidnapped and killed in a shoot out. Many expect another falseflag operation by USA/Israel during the upcoming July UK Summer Olympic games. Hopefully such will not happen and with the wide exposure of the culprits behind the Flame Virus, such malignant tools by world's governments will be shelved although it is very likely the 20+ modules of the multi-million dollar to create the USA/Israeli government Flame Virus will be decompiled by criminals and subtle changes made, then released into the wild again and again. The Israeli Mossad encryption output from the original Flame Virus uploading modules will likely be decrypted and changed along of course with the server IP's the Flame Virus's stolen data is uploaded to.

Of particular interest to many in the criminal and non-criminal digital world is the Flame Virus's blue-tooth hijack module which reportedly steals all kinds of personal information from any blue-tooth devices in that modules range of operation (phone numbers, contacts, texts, GPS, emails etc.). The Bluetooth Hijacker is very likely to already be in full operation in the USA/UK and EU-Zone nations at various locations.

Library's, Airport Terminals, Supermalls, Bus and Train Metro Terminals all would be logical locations for a small near invisible WIFI scanner running the Bluetooth hijacker and uploading what it steals to USA/Israel government global databases as people tend to spend longer than 5 minutes in a given location where the Bluetooth hijacker WIFI range would be effective.

Foreign 3rd. party developers should put together a Bluetooth hijack alert complete with a faux database of user false information the hijack routine steals thinking that's the real deal. Such a handy likely well received application should show where their stolen data is being sent (IP).

Reference:

[1] Flame spy virus gets order to vanish http://presstv.com/usdetail/245553.html