Flame

Case Summary

Flame is computer malware discovered in 2012 that is used for targeted cyber espionage. Its discovery was announced on 28 May 2012 and experts claimed it to be the most complex malware ever found.

According to estimates, Flame had initially infected approximately 1,000 machines, with victims including governmental organizations, educational institutions and private individuals. At that time 65% of the infections happened in Iran, Israel, Sudan, Syria, Lebanon, Saudi Arabia, and Egypt, with a majority within Iran. Flame does not appear to target a particular industry, but rather was designed for general cyber-espionage. Flame particularly sought AutoCAD drawings, PDFs, and text files. Computing experts said that the program appeared to be gathering technical diagrams for intelligence purposes. After Flame's exposure in news media, it was reported on 8 June 2012 that some Flame command and control computers had sent a "suicide" command to infected PCs to remove all traces of Flame.

On June 19, 2012, The Washington Post reported that Flame was jointly developed under a classified effort, code-named Olympic games, by the NSA, CIA and Israel’s military as part of an intelligence collection effort to support cyber-sabotage aimed at slowing Iranian nuclear efforts.

Recommended Literature

• Wikipedia entry
• Kim Zetter, Meet ‘Flame,’ The Massive Spy Malware Infiltrating Iranian Computers, Wired: Threat Level, 28 May 2012
• Ellen Nakashima, Greg Miller and Julie Tate, U.S., Israel developed Flame computer virus to slow Iranian nuclear efforts, officials say, Washington Post, Jun 19, 2012
• Alexander Gostev, The Flame: Questions and Answers, SecureList, May 28, 2012