Kajian : Flame Virus – Senjata Cyber War

KOMPAS.com Senin, 4 Juni 2012 — Israel menolak tuduhan bahwa merekalah yang berada di balik serangancyber dari virus mata-mata, Flame. Para ahli keamanan teknologi informasi pun mengatakan, masih terlalu dini menyebut siapa dalang di balik Flame.
Area penyebaran program jahat Flame melingkupi negara-negara tertentu di Timur Tengah, paling banyak di Iran. Flame menyerang berbagai sektor industri di Iran, tetapi yang paling serius adalah industri minyak.

Tudingan kepada Israel datang ketika pejabat pertahanan teknologi informasi Iran menyebut, Flame memiliki ciri yang mirip dengan program jahat yang pernah dilepas oleh Israel.

Ditambah lagi pernyataan yang dilontarkan oleh Wakil Perdana Menteri sekaligus Menteri Urusan Strategis Israel, Moshe Yaalon, yang tidak mengakui, tetapi juga tak membantah dugaan itu. ”Israel diberkati dengan teknologi tinggi dan kami bangga dengan teknologi yang membuka semua kemungkinan bagi kami,” ujar Yaalon dalam wawancara dengan radio tentara Israel.

“Saya membayangkan bahwa semua orang melihat ancaman nuklir Iran sebagai salah satu hal serius. Tidak hanya Israel, tetapi seluruh dunia Barat, yang dipimpin oleh Amerika Serikat, kemungkinan akan mengambil langkah-langkah, termasuk ini (virus), untuk merugikan proyek nuklir Iran,” tambah Yaalon.

Juru bicara Pemerintah Israel kemudian meluruskan apa yang dikatakan Yaalon. “Dalam wawancara itu, tidak ada bagian bahwa menteri mengatakan atau menyiratkan bahwa Israel bertanggung jawab atas virus tersebut,” ungkap juru bicara tersebut kepada BBC.

Spekulasi lain menghubungkan Flame dengan Amerika Serikat (AS). Seorang sumber anonim dari kalangan pejabat AS mengatakan kepada NBC News bahwa Negeri Paman Sam berada di balik serangan itu.

Perusahaan keamanan internet Kaspersky Labs, yang telah diminta meneliti Flame, mengatakan bahwa butuh waktu berbulan-bulan atau malah bertahun-tahun untuk membuktikan asal-muasal Flame.

Persatuan Bangsa-Bangsa (PBB) telah menyatakan bahwa Flame merupakan program jahat paling seius saat ini, yang digunakan untuk alat spionase dan sabotase perang cyberantarnegara.

Namun, beberapa pihak menilai peringatan yang diberikan PBB itu berlebihan. “Kita selalu melihat bahwa, setiap kali ditemukan program jahat baru, itu selalu dicap sebagai yang paling serius,” ucap peneliti keamanan Amerika Serikat, Marcus Carey.

Sumber : http://tekno.kompas.com/read/2012/06/04/07121356/Israel.Bantah.Sebarkan.Virus.Matamata.Flame

Penjelasan Bagaimana Flame Virus Bekerja

Bagaimana Flame Virus Bekerja

Researchers Find Clues in Malware

NewYork Times . May 30, 2012

SAN FRANCISCO — Security experts have only begun examining the thousands of lines of code that make up Flame, an extensive, data-mining computer virus that has been designed to steal information from computers across the Middle East, but already digital clues point to its creators and capabilities.

Researchers at Kaspersky Lab, which first reported the virus Monday, believe Flame was written by a different group of programmers from those who had created other malware directed at computers in the Middle East, particularly those in Iran. But Flame appears to be part of the state-sponsored campaign that spied on and eventually set back Iran’s nuclear program in 2010, when a digital attack destroyed roughly a fifth of Iran’s nuclear centrifuges.

“We believe Flame was written by a different team of programmers but commissioned by the same larger entity,” Roel Schouwenberg, a security researcher at Kaspersky Labs, said in an interview Wednesday. But he would not say which governments he was speaking of.

Flame, these researchers say, shares several notable features with two other major programs that targeted Iran in recent years. The first virus, Duqu, was a reconnaissance tool that researchers say was used to copy blueprints of Iran’s nuclear program. The second, Stuxnet, was designed to attack industrial control systems and specifically calibrated to spin Iranian centrifuges out of control.

Because Stuxnet and Duqu were written on the same platform and share many of the same fingerprints in their source code, researchers believe both were developed by the same group of programmers. Those developers have never been identified, but researchers have cited intriguing bits of digital evidence that point to a joint American-Israeli effort to undermine Iran’s efforts to build a nuclear bomb.

For example, researchers at Kaspersky Lab tracked the working hours of Duqu’s operators and found they coincided with Jerusalem local time. They also noted that Duqu’s programmers were not active between sundown on Fridays and sundown on Saturdays, a time that coincides with the Sabbath when observant Jews typically refrain from secular work.

Intelligence and military experts have said that Stuxnet was first tested at Dimona, an Israeli complex widely believed to be the headquarters of Israel’s atomic weapons program.

According to researchers at Kaspersky Lab, which is based in Moscow, Flame may have preceded or been designed at the same time as Duqu and Stuxnet. Security researchers at Webroot, an antivirus maker, first encountered a sample of Flame malware in December 2007. Researchers believe Duqu may have been created in August 2007. The first variant of Stuxnet did not appear on computers until June 2009.

Like Duqu, Flame is a reconnaissance tool. It can grab images of users’ computer screens, record e-mails and instant-messaging chats, turn on microphones remotely, and monitor keystrokes and network traffic. Even if an infected device is not connected to the Internet, Flame is capable of spreading to other devices by looking for Bluetooth-enabled devices nearby or Internet-connected devices in a local network, according to researchers at Kaspersky Lab.

Flame also shares a quirkier trait with Duqu: an affection for American movie characters. Flame’s command for communicating with Bluetooth-enabled devices is “Beetlejuice.” An e-mail that infected an unnamed company with Duqu last year was sent by a “Mr. Jason B.” — which researchers believe is a reference to Jason Bourne of the Robert Ludlum spy tales.

It will take more time for computer security researchers around the world to discover more. Flame contains 20 times more code than Stuxnet and is much more widespread than Duqu. Researchers at Kaspersky Lab said they have detected Flame on hundreds of computers and predict that the total number of infections could be more than a thousand.

Unlike Duqu and Stuxnet, security researchers say, Flame is remarkable in that it has been able to evade discovery for five years — which was impressive given its size. Most malware is a couple hundred kilobytes in size. Flame is 20 megabytes. “It was hiding in plain sight,” said Mr. Schouwenberg. “It was designed in such a way that it was nearly impossible to track down.”

Researchers noted that Flame spreads through more conservative means. Researchers say that while Stuxnet had the ability to replicate autonomously, Flame can spread from machine to machine only when prompted by the attacker.

Iran confirmed Tuesday that computers belonging to several high-ranking officials appear to have been penetrated by Flame.

Researchers are still trying to figure out whether the virus has Stuxnet-like sabotage capabilities.

Already, some evidence suggests Flame may be capable of wiping out a computer’s hard drive. Researchers at Symantec, an American security firm that has also studied the virus, said Flame references a specific file previously associated with a separate virus, called Wiper, which Iranian officials said had erased data on hard drives inside its oil ministry last month. Researchers are trying to learn whether Wiper was not a virus but one of Flame’s command modules.

“This is the third such virus we’ve seen in the past three years,” Vikram Thakur, a Symantec researcher, said in an interview Tuesday. “It’s larger than all of them. The question we should be asking now is: How many more such campaigns are going on that we don’t know about?”

Soource : http://www.nytimes.com/2012/05/31/technology/researchers-link-flame-virus-to-stuxnet-and-duqu.html

Senjata Pelacak Cyber Attack Buatan Jepang

Internet mulai mengancam penggunanya. Berbagai cara mulai dikembangkan untuk mengatasi hal tersebut.

Dilansir dari Physorg, Jepang sedang mengembangkan sejenis virus yang diklaim mampu mendeteksi sumber serangan cyber sekaligus menetralisasikannya. Laporan yang dikutip dari harian Yomiuri Shinbun itu mengatakan bahwa pengembangan senjata cyber merupakan puncak dari insiden serangan cyber pada sistem komputer yang dijalankan oleh sekitar 200 pemerintahan lokal Jepang bulan November lalu.

Itu merupakan kesekian kalinya setelah pada Oktober silam, komputer di parlemen Jepang mendapat serangan cyber. Serangan itu bermula dari sebuah email yang setelah diselidiki terhubung dengan sebuah server di Cina. Di musim panas lalu, komputer-komputer di kedutaan dan konsulatnya di sembilan negara juga terinfeksi virus akibat serangan cyber.

Oleh karena itu, pemerintah Jepang menjalankan proyek berjangka tiga tahun tersebut dengan memercayakannya kepada perusahaan teknologi Fujitsu. Dengan dana sebesar 179 juta Yen (sekitar US$ 2,3 juta), virus ini dapat digunakan sebagai perlengkapan untuk memonitor dan menganalisa serangan.

Untuk membuat senjata cyber ini, pemerintah Jepang juga terpaksa harus membuat perubahan dalam perundang-undangannya yang melarang pembuatan virus komputer. Saat ini, senjata tersebut sedang dalam proses percobaan dalam lingkungan terbatas, untuk meneliti pola aplikasinya.

Sebelumnya, Amerika Serikat (AS) dan Cina juga telah mengembangkan senjata cyber sejenis.

Sumber : http://telkomsolution.com/news/it-solution/senjata-pelacak-cyber-attack-buatan-jepang