Powerful ‘Flame’ cyberweapon tied to popular Angry Birds game

By Catherine Herridge

The most sophisticated and powerful cyberweapon uncovered to date was written in the LUA computer language, cyber security experts tell Fox News -- the same one used to make the incredibly popular Angry Birds game.

LUA is favored by game programmers because it’s easy to use and easy to embed.  Flame is described as enormously powerful and large, containing some 250,000 lines of code, making it far larger than other such cyberweapons. Yet it was built with gamer code, said Cedric Leighton, a retired Air Force Intelligence officer who now consults in the national security arena.

“The people who developed the malware … found an ingenious way to use a code not part and parcel of a hacker’s normal arsenal, and that made it harder to detect,” he told Fox News.

But this new weapon is twenty times the size of earlier cyberbombs and far more powerful, making it practically an army on its own, said Roel Schouwenberg, a senior security researcher with Kaspersky Labs.

“Flame is a cyberespionage operation,” he told FoxNews.com.

The reconnaissance virus variously called “Worm.Win32.Flame” or simply “Flame” resembles some of its predecessors, notably DUQU. DUQU was like a computer advance team for the Stuxnet virus that ravaged the Iranian nuclear program at Natanz in 2009. Flame is likewise a form of spyware that enters a computer system, though exactly how is unclear.

“A thumb drive is one way of introducing Flame,” Leighton told Fox News. “But once you know the email address or computer IP address … they can introduce Flame remotely.”

Cyber experts tell Fox News that once in a computer network, Flame is powerful enough to initiate webcams, microphones, and Bluetooth connections in order to extract contact lists, record conversations and more.

It was likely built by the same nation-state responsible for the Stuxnet virus that targeted Iran’s nuclear power plant. One of the leading candidates, is Israel, because Flame has been found in Saudi Arabia, Palestinian territories, Syria, Iran and Hungary.

Israeli Vice Premier Moshe Ya'alon on Tuesday hinted to a local radio station that his country was indeed responsible for it.

"Whoever sees the Iranian threat as a serious threat would be likely to take different steps, including these, in order to hurt them," Ya’alon said.

The spyware has been seen in Israel as well – something that could be a red herring, Leighton said.

Flame came to light when the U.N. International Telecommunications Union (which oversees cyberactivities for the body) received reports of unusual activity.  A Russian security firm first identified it, noting that the virus has apparently existed in these networks for several years undetected.

The U.N. body is expected to release a warning Wednesday that Flame is a significant threat.

Flame virus most powerful espionage tool ever, UN warns

The Flame virus is the most powerful espionage tool ever to target countries, a United Nations agency responsible for regulating the internet has warned.

By Damien McElroy

This is the most serious warning we have ever put out," said Marco Obiso, cyber security coordinator for the UN's Geneva-based International Telecommunications Union.

The formal warning will tell member nations that the Flame virus is a dangerous espionage tool that could potentially be used to attack critical infrastructure, he said. "They should be on alert."

Orla Cox, a security analyst at the security firm Symantec, said that Flame was targeting specific individuals, apparently Iranian related. "The way it has been developed is unlike anything we've seen before," she said. "It's huge. It's like using an atomic weapon to crack a nut."

Figures released by the Kaspersky Lab show that infections by the programme were spread across the Middle East with 189 attacks in Iran, 98 incidents in the West Bank, 32 in Sudan and 30 in Syria.

Other countries where the virus was detected include Lebanon, Saudi Arabia and Egypt.

Evidence suggest that the virus, dubbed Flame, may have been built on behalf of the same nation or nations that commissioned the Stuxnet worm that attacked Iran's nuclear program in 2010, according to Kaspersky Lab, the Russian cyber security software maker that took credit for discovering the infections.

"I think it is a much more serious threat than Stuxnet," Mr Obiso said.

Unlike the Stuxnet virus that was previously used to disrupt Iranian systems, Flame does not disrupt or terminate systems.

Iran, whose nuclear facilities and oil ministry have previously been the target of virus attacks, accuses the US and Israel of trying to sabotage its programme. It denies the allegation that its programme is weapons related.

A leading Israeli politician hinted at the country's involvement in the virus. Israel rejects Tehran's claims that its nuclear programme is designed to produce energy, not bombs. It considers Iran to be the greatest threat to its survival.

"Whoever sees the Iranian threat as a significant threat is likely to take various steps, including these, to hobble it," Vice Premier Moshe Yaalon told Army Radio. "Israel is blessed with high technology, and we boast tools that open all sorts of opportunities for us."