New cyber threat: 'Flame'
Col Cedric Leighton explains what software this new virus targets and who is at risk
- Duration 9:58
- Date May 30, 2012
Col Cedric Leighton explains what software this new virus targets and who is at risk
Also in this playlist...
This transcript is automatically generated
When our turn to another service for gonna go to the airforce and kernel Cedric -- the former united states air -- -- -- retired.
And here's a former intelligence officer on the Joint Chiefs of Staff he's somebody who we turn to often.
He's an expert -- a lot of things based particularly an expert on cyber intelligence cyber warfare.
That -- Lleyton a welcome back to -- country.
Kiki thanks so much for having me again now I -- we have all read in the newspapers that we haven't read much about this new viruses seems to be affecting and infecting a rainy and computers and the Iranian nuclear weapons program wasn't all that.
Well it's cold flame and that's one of the names that it goes by it it is one of the viruses that actually infects computers now in dates related in some decent ways.
To stock snatched it and just to another virus known -- du Ku.
But what flame actually does is instead of stopping things from moving like stocks that did stocks that was the virus that went after -- centrifuges.
In the uranium nuclear program.
Well what -- does is it watches what's going on and on your computer.
So if you're infected by flame if you happen to be one of the target entities that flame is going after.
It will take a look at things like your keystrokes it may activate your webcam.
It may also activate your Bluetooth connection on your on your computer especially that's.
One of the things that laptops have -- will be tried to go after address books on cell phones that are in the neighborhood.
So that's one of the big things that it does and it's basically spyware.
So it will open and read your mail in -- and find out what you're what you're about what you're doing and who you're connected to it.
How it got -- -- in computers.
Well there's several possibilities one of the ways is through -- thumb drive ray drives are very ubiquitous and of course very convenient so everybody uses them to put you know PowerPoint presentations on the -- something like that.
But in this particular case it could be that.
Or it could be as something that was inserted by you by somebody in -- -- -- direct way where they got into the network.
Through with it not just the putting in -- thumb drive for a disc.
But actually inserted the code by connecting to the could -- computer that they wanted to target.
And then from there it spreads so basically once one computer is infected every computer on that network is susceptible to the same kind of infection.
In this particular case because this virus.
Is so malleable and it it it can move in so many different directions.
You can that you basically targets in the areas that you're going after so once you know that you're interested in.
Let's say Casey's computer and I then it would go to you know somebody else's let's say you're connected to.
You know mr.
brown -- mr.
Brown's computer will also are infected by and that's.
That's the way it generally works what they're really interested in in this particular case is going after certain specific countries.
So Iran has seen the a very large increase in infections as a result of the flame.
That's also called flavor by you know by some other other folks.
And it's what's interesting about it is that they were also used seeing a different type of computer language.
To actually create this particular virus.
It's very similar to the language that's used for the game Angry Birds if you're from oh sure well so it was -- you see an Angry Birds is basically the same computer code that is being used in the flame.
Our satirist this is spreading -- one computer has that not a sudden a hundred computers haven't and then a thousand computers -- -- or any way to stop us.
Well this one's very difficult to stop ukrainians say that they have found a way to stop it I'm not sure I'm glad they also say they have a care parades but anyway well that's true that's.
And unfortunately for the rest of the world -- those things are exaggerated claims could.
But in this particular case -- what today -- what I would say is that most security firms who are honest will tell you that they have no sure fire way of stopping it.
It was found by coincidence.
They were looking for something completely different and the international telecommunications union which is a UN agency.
Was concerned about some anomalies that they've had discovered on the Internet.
And did they commissioned a Russian computer security firm -- discuss -- -- To go after.
This particular anomaly and by coincidence they discovered flame.
As a result of their searches and today it's one of those that -- -- those viruses that can hide very very well and because of that it becomes very very difficult.
To find -- -- chances are you won't even know that your computer's been infected by it.
Are so why is there any way that the Iranians can -- the flame out of their computers.
There are certain ways that they could do -- they could for example wiped their disk drives completely clean and chances -- that that might take care of at least most of the problem.
However because flame -- it more since the it's the morphing virus and what it does is it changes because of certain things that are going on for example.
If you insert the latest security software in your like McAfee -- to a Symantec Bryant peace.
If we go in -- -- actually knows that you're doing that and can actually more for as a result of -- what you've done to -- to enhance your computer security.
And because you've done that the virus lays dormant for a while.
And then once you're done you upgrading your computer virus sweep it comes back to life -- sees what you've done.
Ended then it goes and and it collects information like it did before the security software was inserted into the computer so it's it's very very difficult to detect.
Right now security firms really don't have a way of going after and cleaning your computer.
He without drastic measures and that's.
That's really and in many cases the beauty on one side of the -- on the other of this particular malware.
-- so this is spyware really this is not something that's gonna.
Serve to sabotage the Iranian nuclear program is just gonna spy on everybody in Iran and basically maybe even everybody in the world.
Well potentially could go that far right now the targeted nations are obviously Iran but also other nations in the Middle East for example.
The Palestinian territories on the West Bank there's a large infection.
Period they -- Israel has had some infections of flame Saudi Arabia Syria.
Is the Sudan and oddly enough Hungary.
I -- has seen a spike in infections in of this particular type of virus -- the beginning of the process to detect it is is obviously occurring.
And once the detection peace occurs then you know that software security firms or in.
In place right now working to develop a solution but as of right now they really don't have a concrete solution but could it spread around the world yes it could.
That's why becomes very important to have.
The computer's security upgrades in place that you know you've been using before but also to keep in mind.
That everything is potentially vulnerable in this particular case just because of the fact that this virus -- in a way that is.
Really different from what we've seen in many other cases.
-- -- -- -- Well it's always the 64000 -- claim credit this is not a might have bombing.
And -- -- somewhere where somebody says oh that was us nobody is taking credit service.
No and because the reason you don't see them taking credit for his because it it bears all the hallmarks of -- -- sponsored software development effort.
And what that means is that in essence they have very complicated code that they put in there it's basically good -- 650000.
Lines of code.
That are associated with this particular form of spyware.
And because of that it becomes a very very hard for people to reverse engineer -- -- it becomes a very very difficult area for for folks to get into.
But what it basically is doing is -- -- going in and looking at everything that everybody does and picking and choosing.
Which computers to go after and the other thing is it's not going after office computers -- -- it does do some of that.
But it's really focusing on people's home computers so somebody's taking work home -- -- what involved in the Iranian nuclear program.
They might be a prime target for this particular effort.
Now at one hand we're thrilled because this is the Iranians just the nuclear program it's gonna -- them -- -- -- and other problems.
But on the other hand I got I won't worry that is this the new warfare of the future.
Well it's definitely the new warfare of the future I think what you would you'll see you and new warfare KT is going to be one of those situations where you combine the kinetic.
With a -- Connecticut and sometimes you can even more than two within a cyber attack and that of course is is -- futuristic scenario.
But that could definitely happen and that's a very very dangerous.
Situation although it's difficult to reverse engineer.
Something like flame.
It today is not something that I would say it's impossible in spite of the 650000.
Lines of code.
But to the other part of it is is when you look at where the infections have occurred.
You could probably pin this on.
A very sophisticated.
Government -- that is involved in this and that's why.
-- private hacker collective like anonymous throw all psyched for something like that is probably not responsible for this.
Just because it's such a unique unique development and such a complex development.
It becomes a very very hard hard thing to go after from that standpoint.
Okay well thank you very much for taking a very complicated thing and making even the understand it.
-- your -- and former intelligence officer of the Joint Chiefs of Staff and by the way I didn't say as you probably can't.
We think there's a large probability that the country involved and who may have started the -- viruses -- -- Very high tech country very sophisticated technology the new device.
President vice premier -- president of Israel just yesterday said that well.
You know I won't -- -- out basically so anyway thank you very much for your hands at.