ebook img

FAQs on FLAME PDF

5 Pages·00.392 MB·English
by  ITU
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview FAQs on FLAME

FAQs on FLAME 1. What is Flame? Flame is a computer virus that contains a sophisticated attack toolkit, and which is a lot more powerful than previously encountered malware such as Duqu. It is extremely complex — about twenty times larger than the virus Stuxnet. Flame has very advanced ability to carry out espionage, including intercepting network traffic, taking screenshots, and even recording conversations near to an infected computer — and its functionality can be extended with additional modules that can be created by the perpetrators at any time. All the data it gathers are sent to the authors of Flame via the Internet. Given the way it works and how it is being deployed, Flame can be classified as a cyberweapon. 2. What exactly does Flame do? Flame collects many kinds and formats of information from a victim’s computer. It can:  collect basic information about the infected system and local network  record network connections  search for and steal files based on name patterns  record audio (if there is a microphone on the system)  take screenshots  grab the content of textual windows  scan for locally available Bluetooth devices. 3. How does Flame work? Is there a specific mechanism that can be observed? When Flame is activated, it tries to contact a number of pre-defined command-and-control servers. If this is successful, it starts uploading basic system information and waits for more commands from its controllers. While operating in a system, Flame creates many temporary files, which are saved in the %windir%\temp directory using the following names: ~DEB93D.tmp ~HLV*.tmp ~TFL848.tmp ~8C5FF6C.tmp ~KWI988.tmp ~TFL849.tmp ~DF05AC8.tmp ~KWI989.tmp ~mso2a0.tmp ~DFD85D3.tmp ~rei524.tmp ~mso2a1.tmp ~DFL*.tmp ~rei525.tmp ~mso2a2.tmp ~dra*.tmp ~rf288.tmp sstab*.dat ~fghz.tmp ~rft374.tmp The presence of files with any of these names in a computer’s TEMP folder usually indicates a Flame infection. 4. What are the consequences of a Flame infection? If computers are infected by Flame, governments risk losing classified information; private companies risk losing intellectual property, and individuals might have their privacy compromised and unwittingly become a link in a cyber-espionage chain. 5. What are the targets of Flame? Victims of Flame range from individuals to state-related organizations or educational institutions; however, the purpose of the virus appears to be to systematically collect information on the operations of certain nation states, including those in the Middle East. Flame has also been reported in Europe and North America. As a neutral and impartial organization, ITU cannot comment on possible target countries, but it is clear that difficult political situations in any region are being reflected in the rise of cyber-attacks in such regions. We cannot disclose which specific organizations, companies or individuals have been targeted by Flame so far. 6. Is the Flame attack being carried out by a nation state? Currently there are three known classes of player who develop malware and spyware: hacktivists (who use computer networks for political protest), cyber-criminals, and nation states. Flame is not designed for crimes such as stealing money from bank accounts. Also, it does not resemble the less complex tools used by hacktivists. So, by excluding these categories, one could conclude that the perpetrators of Flame most likely belong to the third group. However, there is no information in the code or otherwise that could tie Flame to any specific nation state. So, just like with the Stuxnet and Duqu viruses, its authors remain unknown. Statements to the contrary are pure speculation. 7. Should the public be worried about this threat? Yes. Flame is a suite of tools for professional cyber-espionage. It is an example of powerful cyber- weapons that are a rising international problem. People’s lives could be seriously affected by such weapons if personal data is stolen, or if critical infrastructure is threatened through connections to the Internet. 8. When was Flame discovered and how? Flame was discovered in mid-May 2012 by the computer security company Kaspersky Lab. It was performing technical analyses at the prompting of ITU on another possible piece of malware called Wiper (which might have been responsible for wiping clean hard disks in an attack targeting oil facilities in Western Asia). The status of Wiper is still being investigated; it could be a separate virus, or be part of the Flame suite. 9. Was Wiper or Flame found in ITU computers? No. Neither Wiper nor Flame have been discovered as infecting ITU computers. 10. Does ITU employ Kaspersky, which discovered Flame? No. ITU did not commission the work by Kaspersky Lab, but the company is one of the key partners (together with others such as Symantec, Microsoft, Trend Micro, and F-secure) in the ITU-IMPACT initiative. IMPACT —the International Multilateral Partnership Against Cyber Threats — comprises 142 countries, academia, industry and international organizations (see www.impact-alliance.org). Kaspersky Lab has been spearheading research in this area and was ready to provide its expertise, technology and resources to help ITU support its membership and partners in securing their critical IT infrastructure. After the alert about Wiper was issued at the beginning of May 2012, Kaspersky Lab assisted in the technical analysis of the threat by providing services on a non-commercial, pro-bono basis. Within the spirit of cooperation and public-private partnership, ITU is open to work with any stakeholder that is ready to invest resources towards collectively addressing the global cybersecurity agenda. ITU also has Memoranda of Understanding with Symantec, UNODC, Microsoft, and so on. Ensuring cybersecurity is a top priority for ITU as it concerns the safety of global telecommunications and the services that support the word’s economy. It is therefore very focused on determining exactly what is happening in cyberspace — not only concerning this current threat, but also to be better prepared for what might be encountered in future. 11. What response to Flame is being organized? According to our current knowledge, Flame can be detected and cured with antivirus software. However investigations must continue, since we have yet to discover the full potential of Flame. ITU is facilitating an international response to the threat as follows:  Within the framework of ITU-IMPACT, ITU will notify Member States on the nature of Flame, providing technical information on the malware, including remedial action and tools.  ITU-IMPACT will facilitate further analysis and provide a platform for exchanging information to expedite a response. 12. What precautions can I take to prevent Flame from infecting my computer? The full potential of Flame has yet to be determined. But in order to avoid detection by antivirus technologies, Flame seems to avoid, or not become fully activated in, machines that have antivirus security solutions installed. Kaspersky and all the major antivirus companies have added detection of Flame to their databases. As well as running a reliable security suite on your computer, other precautions include:  Using a modern operating system, preferably in a 64-bit version that is more resilient to malware attacks  Keeping the operating system and all third-party software updated  Practising safe computing — be careful opening attachments from unknown sources; do not publish private information on social networks, and use strong passwords. 13. What is the mandate of ITU for investigating this cyber-attack? At the World Summit on the Information Society (held in 2003 and 2005) world leaders gave ITU the mandate as sole facilitator for “building confidence and security in the use of information and communication technologies (ICTs).” ITU has passed Resolutions on cybersecurity specifically asking the Secretary-General and the Directors of the ITU Bureaus to undertake activities for the benefit of member States. These resolutions include: At the 2010 Plenipotentiary Conference:  Res 130 (PP2010) - instructs the Secretary-General and the Directors of the Bureaus to facilitate access to tools and resources, within the available budget, required for enhancing confidence and security in the use of ICTs for all Member States, consistent with WSIS provisions on universal and non-discriminatory access to ICTs for all nations.  Res 130 (PP2010) - instructs the Director of the Telecommunication Development Bureau to continue collaboration with relevant organizations with a view to exchanging best practices and disseminating information.  Res 130 (PP2010) - further instructs the Director of the Telecommunication Standardization Bureau and the Director of the Telecommunication Development Bureau to implement relevant resolutions of both WTSA-08 and WTDC-10, including Programme 2 on providing support and assistance to developing countries in building confidence and security in the use of ICTs. At the 2010 World Telecommunication Development Conference:  Res 45 (WTDC 2010) - instructs the Director of the Telecommunication Development Bureau to assist developing countries in enhancing their states of preparedness in order to ensure a high and effective level of security for their critical telecommunication/ICT infrastructure.  Res 45 (WTDC 2010) - instructs the Director of the Telecommunication Development Bureau to assist Member States in the establishment of an appropriate framework between developing countries to allow for rapid responses to major incidents, and to propose an action plan to increase their protection.  Res 45 (WTDC 2010) - invites the Secretary-General, in coordination with the Directors of the Radiocommunication Bureau, the Telecommunication Standardization Bureau and the Telecommunication Development Bureau, to support IMPACT, FIRST and other global or regional cybersecurity projects, as appropriate, and to invite all countries, particularly developing countries, to take part in these activities. ITU has the mandate to work with relevant organizations and use their expertise for the benefit of Member States. 14. What is cyber-warfare and why is ITU (and the UN as a whole) paying such attention to it? Flame is another stage in the discovery of cyber threats that have probably been developed with the support of a nation state. Investigating and combating Flame is an important step in understanding the nature of potential cyber warfare. Cyber-warfare refers to politically motivated sabotage, espionage and crippling of critical infrastructure through dedicated cyber-attacks. Because of growing dependence upon ICTs in the modern world — as well as the interconnection of many systems — the disruption of computers and networks can cripple critical infrastructure. In the worst case, this could lead to chaos at a local, regional or even global level, causing significant damage to economies and people’s safety. Potentially, power grids, financial systems, transport, telecommunications and other types of infrastructure are all highly vulnerable to this type of threat. Importantly, cyber-warfare might also trigger conventional warfare, considering that a number of states have already proclaimed that cyber- attacks would be seen as an act of war requiring retaliation with conventional arms. 15. Where can I find more technical information about Flame? For specific technical information, please refer to the Kaspersky SecureList, at: www.kaspersky.com/about/news/virus/2012/Kaspersky_Lab_and_ITU_Research_Reveals_New_Adv anced_Cyber_Threat. www.securelist.com/en/blog/208193522/The_Flame_Questions_and_Answers. www.securelist.com/en/blog/208193538/Flame_Bunny_Frog_Munch_and_BeetleJuice.

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.