Science

Flame virus hit Iran's oil industry but officials say antidote found

Iran's key oil industry was briefly affected last month by the powerful computer virus known as Flame, which has unprecedented data-snatching capabilities and can eavesdrop on computer users, a senior Iranian military official said Wednesday.

Israeli vice-prime minister suggests Israel might have been behind cyberattack

A view of an Iranian petrochemical complex in Assaluyeh seaport on the Persian Gulf, 1,400 km south of Tehran. Iranian officials claim that the country's oil infrastructure was briefly affected by a newly discovered computer virus that experts say is the most sophisticated cyberweapon to date. (Morteza Nikoubazl/Reuters)

Iran's key oil industry was briefly affected last  month by the powerful computer virus known as Flame, which has unprecedented data-snatching capabilities and can eavesdrop on computer users, a senior Iranian military official said Wednesday.

The comment is the first direct link between the emergence of the new malware and an attack inside a highly sensitive computer system in Iran, which counts on oil revenue for 80 per cent of its income.

The full extent of last month's disruptions has not been given, but Iran was forced to cut internet links to the country's main oil export terminal, presumably to try to contain the virus.

It would be the latest high-profile virus to penetrate Iran's computer defences in the past two years, boosting speculation that Israeli programmers could have struck again.

Israeli suggests it could be behind attack

Experts see technological links between Flame and the highly focused Stuxnet virus, which was tailored to disrupt Iran's nuclear centrifuges in 2010. Many suspect Stuxnet was the work of Israeli intelligence.

Israeli Vice-Prime Minister Moshe Yaalon suggested Tuesday that his country may have been behind the Flame computer virus that attacked the computer systems of Iran and other Mideast countries. (Jim Hollande/Reuters)

On Tuesday, Israel's vice-prime minister Moshe Yaalon seemed to suggest that Israel could be behind the Flame attack, as well.

"Whoever sees the Iranian threat as a significant threat is likely to take various steps, including these, to hobble it," Yaalon told Galei Tzahal, the radio network of the Israel Defence Forces, when asked about Flame. "Israel is blessed with high technology, and we boast tools that open all sorts of opportunities for us."

Gholam Reza Jalali, who heads an Iranian military unit in charge of fighting sabotage, claimed that Iranian experts had detected and defeated the Flame virus. He told state radio that the oil industry was the only governmental body seriously affected and that all data that had been lost were retrieved.

"This virus penetrated some fields. One of them was the oil sector. Fortunately, we detected and controlled this single incident," Jalali said. "We could also retrieve the information that was lost."

Jalali said there has been no report of any other governmental agency being affected by the virus.

Flame anti-virus found, Iran claims

Iran's government-run Maher Computer Emergency Response Team Co-ordination Centre has said the highly sophisticated Flame virus appeared linked to espionage but cited no specific country or source.

Iranian President Mahmoud Ahmadinejad speaks at a ceremony in Iran's nuclear enrichment facility in Natanz. Iran insists its nuclear program exists only for peaceful purposes, but Israel and the U.S. suspect the country is developing nuclear weapons. (Hasan Sarbakhshian/Associated Press)

Ali Hakim Javadi, Iran's deputy minister of communications and information technology, was quoted by the official IRNA news agency as saying Wednesday that Iranian experts have already produced an anti-virus capable of identifying and removing Flame from computers.

The Maher center "has produced an anti-virus capable of detecting and removing the Flame for the first time in the world," IRNA quoted Javadi as saying. "The anti-virus software was delivered to selected organizations in early May."

The Russian Internet security firm Kaspersky Lab said the Flame virus is unprecedented in size and complexity.

Kaspersky's conclusion that the virus was crafted at the behest of a national government has fueled speculation it could be part of an Israeli-backed campaign of electronic sabotage against the Jewish state's archenemy.

The virus can activate a computer's audio systems to listen in on Skype calls or office chatter. It can also take screenshots, log keystrokes and — in one of its more novel functions — steal data from Bluetooth-enabled cellphones.

Aftana.ir, a government-run website, said Flame has been active since 2010, the same year when a virus known as Stuxnet disrupted controls of some nuclear centrifuges and some other industrial sites in Iran. A Hungarian cryptography and computer security lab at the Budapest University of Technology and Economics, however, said it found evidence of the Flame worm going as far back as 2007.

Stuxnet targeted centrifuges

Iran has acknowledged that Stuxnet affected a limited number of its centrifuges — a key component in the production of nuclear fuel — at its main uranium enrichment facility in the central city of Natanz. But Tehran has said its scientists discovered and neutralized the malware before it could cause serious damage.

Iran says is has previously discovered one more espionage virus, Duqu, but that the malware did not harm Iran's nuclear or industrial sites. Jalali said Flame is the third.

Iran says Stuxnet and other computer virus attacks are part of a concerted campaign by Israel, the U.S. and their allies to undermine its nuclear program and economy.

Western countries suspect Iran of eventually wanting to use its nuclear program to build weapons, but Iran insists the sole purpose of the program is as a source of power.