LONDON — Iran and other Middle East countries have been hit with a cunning computer virus that can eavesdrop on computer users and their co-workers and filch information from nearby cellphones, cybersecurity experts said Tuesday.
Suspicion immediately fell on Israel as the culprit.
The Russian Internet security firm Kaspersky Lab ZAO said the “Flame” virus is unprecedented in size and complexity, with researcher Roel Schouwenberg marveling at its versatility.
“It can be used to spy on everything that a user is doing,” he said.
Computers in Iran appear to have been particularly affected, and Kaspersky’s conclusion that the virus was crafted at the behest of a national government fueled speculation that it could be part of an Israeli-backed campaign of electronic sabotage against the Jewish state’s archenemy.
The virus can activate a computer’s audio systems to listen in on Skype calls or office chatter. It also can take screenshots, log keystrokes and steal data from Bluetooth-enabled cellphones.
Schouwenberg said there is evidence to suggest that the people behind Flame also helped craft Stuxnet, a virus that is believed to have attacked nuclear centrifuges in Iran in 2010. Many experts suspect that Stuxnet was the work of Israeli intelligence.
Tehran has not said whether it lost any data to Flame, but a unit of the Iranian communications and information technology ministry said it has produced an anti-virus capable of identifying and removing Flame from its computers.
Israel’s vice premier did little to deflect suspicion about the country’s possible involvement in the attack.
“Whoever sees the Iranian threat as a significant threat is likely to take various steps, including these, to hobble it,” Moshe Yaalon told Army Radio when asked about Flame. “Israel is blessed with high technology, and we boast tools that open all sorts of opportunities for us.”
Researchers not involved in Flame’s discovery were more skeptical of its sophistication than Kaspersky, with Richard Bejtlich of Virginia-based Mandiant saying the virus appeared similar to spyware used by the German government to monitor criminal suspects.
“There have been tools like this employed by high-end teams for many years,” he said.