[Originally posted at
NOW Lebanon]
In his most recent book, “
Beware of Small States,” journalist and 50-year Beirut resident David Hirst argues that tiny Lebanon’s unique demography and geography condemn it to ever be the “battleground” of the region’s larger power struggles. It appears that this holds equally true for the newest – and potentially
most dangerous yet – form of warfare: that being waged in cyberspace.
“Flame,” also known as “Flamer” and “SkyWiper,” is the latest of several pieces of malicious software (“malware”) to have targeted major institutions in the Middle East in recent years. It is,
according to Kaspersky Lab, the Russian IT security firm that first identified it, “one of the most complex threats ever discovered”; a “big and incredibly sophisticated” malware that “redefines the notion of cyberwar and cyberespionage.” Strongly suspected to be the work of the US and/or Israeli governments, its principal target thus far has been Iran, with a smaller number of further attacks on the Israeli/Palestinian territories, Sudan, Syria, Lebanon, Saudi Arabia and Egypt.
Unlike “Stuxnet,” a previous malware that physically
disabled centrifuges at a uranium enrichment facility in Iran’s Natanz in 2010, Flame appears to be designed purely for espionage. Described as an “attack toolkit” by Kaspersky, the malware allows its controllers to extract a multitude of data by such means as “sniffing the network traffic, taking screenshots, recording audio conversations [and] intercepting the keyboard.” It is thought to infiltrate computers through websites, emails (a technique known as “
spear phishing”) and infected USB drives and local area networks (LANs).
In terms of actual damage done, the Iranian Computer Emergency Response Team (“MAHER”) revealed in a
statement released May 28 that Flame had caused “mass data loss in Iran.” This followed the
closure of an oil production facility on Kharg Island in April due to a then-unidentified malware attack in which data had been stolen. In addition to these, Kaspersky said that Flame has accessed “emails, documents, messages, discussions inside sensitive locations, pretty much everything.”
As for Lebanon, no specific details have emerged as to the targets of the 18 attacks identified by Kaspersky (compared to 189 on Iran). In general, the company said, “victims range from individuals to certain state-related organizations or educational institutions.” The company did not respond to requests for further information.
Experts contacted by NOW Lebanon could only speculate about the Lebanese targets. “Flame was targeting schematics and designs – rumor has it they may have been looking for schematics for nuclear facilities in Iran,” said Professor Haidar Harmanani of the Lebanese American University. “Now, is it possible that they might have been looking for schematics for Hezbollah hideouts or military bases in Lebanon? Are these on networked computers? It’s not clear.”
What was also unclear until recently was the identity of Flame’s creator; confirmed as a joint US-Israeli venture in the Washington Post on
Tuesday. According to the report, which cites anonymous officials, the malware was developed by the US National Security Agency, the CIA and the Israeli military with the aim of delaying Iran’s alleged efforts to develop a nuclear weapon and thus avert the perceived need for a military attack.
This followed an
announcement last week by Kaspersky that a key chunk of the Stuxnet software was based on Flame itself; a finding described by the company’s Chief Security Expert Alexander Gostev as “very strong evidence that [the] Stuxnet/Duqu and Flame cyber-weapons are connected.” Stuxnet itself was confirmed as a joint US-Israeli creation in a lengthy New York Times
report earlier this month.
Even before these announcements, however, much circumstantial evidence had suggested Israeli and/or American involvement. For one thing, Israeli Vice Prime Minister and Minister of Strategic Affairs Moshe Yaalon all but admitted it on local radio last month. “Anyone who sees the Iranian threat as a significant threat – it’s reasonable [to assume] that he will take various steps, including these, to harm it,” he
said. “Israel was blessed as being a country rich with high-tech. These tools that we take pride in open up all kinds of opportunities for us.” A spokesman for the minister later
denied to the BBC that the statement implied Israeli responsibility.
Furthermore, there appeared to be few possible alternative creators. “Only a handful of nations have the technical capacity to do this kind of work,”
according to Scientific American. “The list would include the United States, the UK, Germany, China, Russia, Israel and Taiwan.” While the other five could not be ruled out, Israel and the US are the two most vocally opposed to the Iranian government.
In any event, against such highly sophisticated electronic weaponry, there appears to be little the Lebanese can do in the way of self-protection – a fact underscored by the series of much cruder
attacks on government websites in March. “All I can advise people to do is keep their machines’ anti-virus software up to date,” said IT security specialist Nabil Bou Khaled to NOW. Beyond that, the country appears – as so often – to be at the mercy of its larger friends and foes.