Kajian : Flame Virus – Senjata Cyber War
3 Juni 2012 Tinggalkan komentar
KOMPAS.com Senin, 4 Juni 2012 — Israel menolak tuduhan bahwa merekalah yang berada di balik serangancyber dari virus mata-mata, Flame. Para ahli keamanan teknologi informasi pun mengatakan, masih terlalu dini menyebut siapa dalang di balik Flame.
Area penyebaran program jahat Flame melingkupi negara-negara tertentu di Timur Tengah, paling banyak di Iran. Flame menyerang berbagai sektor industri di Iran, tetapi yang paling serius adalah industri minyak.
Tudingan kepada Israel datang ketika pejabat pertahanan teknologi informasi Iran menyebut, Flame memiliki ciri yang mirip dengan program jahat yang pernah dilepas oleh Israel.
Ditambah lagi pernyataan yang dilontarkan oleh Wakil Perdana Menteri sekaligus Menteri Urusan Strategis Israel, Moshe Yaalon, yang tidak mengakui, tetapi juga tak membantah dugaan itu. ”Israel diberkati dengan teknologi tinggi dan kami bangga dengan teknologi yang membuka semua kemungkinan bagi kami,” ujar Yaalon dalam wawancara dengan radio tentara Israel.
“Saya membayangkan bahwa semua orang melihat ancaman nuklir Iran sebagai salah satu hal serius. Tidak hanya Israel, tetapi seluruh dunia Barat, yang dipimpin oleh Amerika Serikat, kemungkinan akan mengambil langkah-langkah, termasuk ini (virus), untuk merugikan proyek nuklir Iran,” tambah Yaalon.
Juru bicara Pemerintah Israel kemudian meluruskan apa yang dikatakan Yaalon. “Dalam wawancara itu, tidak ada bagian bahwa menteri mengatakan atau menyiratkan bahwa Israel bertanggung jawab atas virus tersebut,” ungkap juru bicara tersebut kepada BBC.
Spekulasi lain menghubungkan Flame dengan Amerika Serikat (AS). Seorang sumber anonim dari kalangan pejabat AS mengatakan kepada NBC News bahwa Negeri Paman Sam berada di balik serangan itu.
Perusahaan keamanan internet Kaspersky Labs, yang telah diminta meneliti Flame, mengatakan bahwa butuh waktu berbulan-bulan atau malah bertahun-tahun untuk membuktikan asal-muasal Flame.
Persatuan Bangsa-Bangsa (PBB) telah menyatakan bahwa Flame merupakan program jahat paling seius saat ini, yang digunakan untuk alat spionase dan sabotase perang cyberantarnegara.
Namun, beberapa pihak menilai peringatan yang diberikan PBB itu berlebihan. “Kita selalu melihat bahwa, setiap kali ditemukan program jahat baru, itu selalu dicap sebagai yang paling serius,” ucap peneliti keamanan Amerika Serikat, Marcus Carey.
Penjelasan Bagaimana Flame Virus Bekerja
Bagaimana Flame Virus Bekerja
Researchers Find Clues in Malware
NewYork Times . May 30, 2012
SAN FRANCISCO — Security experts have only begun examining the thousands of lines of code that make up Flame, an extensive, data-mining computer virus that has been designed to steal information from computers across the Middle East, but already digital clues point to its creators and capabilities.
Researchers at Kaspersky Lab, which first reported the virus Monday, believe Flame was written by a different group of programmers from those who had created other malware directed at computers in the Middle East, particularly those in Iran. But Flame appears to be part of the state-sponsored campaign that spied on and eventually set back Iran’s nuclear program in 2010, when a digital attack destroyed roughly a fifth of Iran’s nuclear centrifuges.
“We believe Flame was written by a different team of programmers but commissioned by the same larger entity,” Roel Schouwenberg, a security researcher at Kaspersky Labs, said in an interview Wednesday. But he would not say which governments he was speaking of.
Flame, these researchers say, shares several notable features with two other major programs that targeted Iran in recent years. The first virus, Duqu, was a reconnaissance tool that researchers say was used to copy blueprints of Iran’s nuclear program. The second, Stuxnet, was designed to attack industrial control systems and specifically calibrated to spin Iranian centrifuges out of control.
Because Stuxnet and Duqu were written on the same platform and share many of the same fingerprints in their source code, researchers believe both were developed by the same group of programmers. Those developers have never been identified, but researchers have cited intriguing bits of digital evidence that point to a joint American-Israeli effort to undermine Iran’s efforts to build a nuclear bomb.
For example, researchers at Kaspersky Lab tracked the working hours of Duqu’s operators and found they coincided with Jerusalem local time. They also noted that Duqu’s programmers were not active between sundown on Fridays and sundown on Saturdays, a time that coincides with the Sabbath when observant Jews typically refrain from secular work.
Intelligence and military experts have said that Stuxnet was first tested at Dimona, an Israeli complex widely believed to be the headquarters of Israel’s atomic weapons program.
According to researchers at Kaspersky Lab, which is based in Moscow, Flame may have preceded or been designed at the same time as Duqu and Stuxnet. Security researchers at Webroot, an antivirus maker, first encountered a sample of Flame malware in December 2007. Researchers believe Duqu may have been created in August 2007. The first variant of Stuxnet did not appear on computers until June 2009.
Like Duqu, Flame is a reconnaissance tool. It can grab images of users’ computer screens, record e-mails and instant-messaging chats, turn on microphones remotely, and monitor keystrokes and network traffic. Even if an infected device is not connected to the Internet, Flame is capable of spreading to other devices by looking for Bluetooth-enabled devices nearby or Internet-connected devices in a local network, according to researchers at Kaspersky Lab.
Flame also shares a quirkier trait with Duqu: an affection for American movie characters. Flame’s command for communicating with Bluetooth-enabled devices is “Beetlejuice.” An e-mail that infected an unnamed company with Duqu last year was sent by a “Mr. Jason B.” — which researchers believe is a reference to Jason Bourne of the Robert Ludlum spy tales.
It will take more time for computer security researchers around the world to discover more. Flame contains 20 times more code than Stuxnet and is much more widespread than Duqu. Researchers at Kaspersky Lab said they have detected Flame on hundreds of computers and predict that the total number of infections could be more than a thousand.
Unlike Duqu and Stuxnet, security researchers say, Flame is remarkable in that it has been able to evade discovery for five years — which was impressive given its size. Most malware is a couple hundred kilobytes in size. Flame is 20 megabytes. “It was hiding in plain sight,” said Mr. Schouwenberg. “It was designed in such a way that it was nearly impossible to track down.”
Researchers noted that Flame spreads through more conservative means. Researchers say that while Stuxnet had the ability to replicate autonomously, Flame can spread from machine to machine only when prompted by the attacker.
Iran confirmed Tuesday that computers belonging to several high-ranking officials appear to have been penetrated by Flame.
Researchers are still trying to figure out whether the virus has Stuxnet-like sabotage capabilities.
Already, some evidence suggests Flame may be capable of wiping out a computer’s hard drive. Researchers at Symantec, an American security firm that has also studied the virus, said Flame references a specific file previously associated with a separate virus, called Wiper, which Iranian officials said had erased data on hard drives inside its oil ministry last month. Researchers are trying to learn whether Wiper was not a virus but one of Flame’s command modules.
“This is the third such virus we’ve seen in the past three years,” Vikram Thakur, a Symantec researcher, said in an interview Tuesday. “It’s larger than all of them. The question we should be asking now is: How many more such campaigns are going on that we don’t know about?”