The “Flame” malware: Hungary as a target?

I am anything but a computer guru. Just the opposite. I know only what is necessary to do everyday computer chores. If anything terribly complicated comes up, I cry for help. That’s why this post is, at least in part, out of my comfort zone because it deals with the spy malware known as Flame.

I have to admit that I never heard of Flame until about three days ago when I was watching National Public Television’s Newshour and Jeffrey Brown, one of the regulars on the show, had a conversation with two experts on computer technology and national security matters.

Flame is powerful malware used for espionage. It is capable of taking computer screen-shots, logging keystrokes, and even listening in on Skype. Iran reported that several of the country’s important computers, especially those related to its oil industry, had been affected, but Flame was discovered in several other Middle Eastern countries as well.

When I heard Skype mentioned as one of the vehicles of intelligence gathering via Flame, I made a crack about a Skype conversation I just had with my cousin. “They are not targeting Hungary, for Pete’s sake,” my friend said. I answered that I was only joking.

At this point, one of the guests on the show from the Institute for Law, Science and Global Security at Georgetown University began to list the countries affected: Iran, Israel, Palestine, Saudi Arabia, Sudan, Syria, Egypt, and Hungary. Well, at this point, we stopped laughing.

The most sophisticated cyber weapon ever used / redorbit.com

From the rest of the conversation it became clear that although computer analysts know how many computers were affected by Flame they don’t know the identity of the targets. They might be government agencies or private companies. The spying itself may come from governments or large corporations. Kaspersky Lab, which specializes in computer virus prevention, identified 189 attacks in Iran, 98 in the West Bank, 32 in Sudan, 30 in Syria and a few in Saudi Arabia, Libya and Egypt. I found no details on Hungary but from a map attached to an article on Flame in the Hungarian edition of Computer World the Hungarian infections, judging from the color assigned to the country, must be sizable.

Where do the attacks come from? According to Fox News, “one of the leading candidates is Israel.” Apparently Israeli Vice Premier Moshe Ya’alon hinted to a local radio station the other day that his country was responsible for Flame. But if that is the case, why would Israel be interested in Hungarian computers when most of the attacks are directed toward Tehran and the Middle East?

I can think of a couple of reasons. One is the alleged connection between Iran and Jobbik, the Hungarian neo-Nazi party. Jobbik because of its anti-Semitism is a sworn enemy of Israel; the party supports the Palestinian cause. Jobbik also has ties to countries that are high on international terrorist watch lists.  Gábor Vona, for example, visited Yemen already in 2003, shortly after he organized Jobbik.  The party has close relations with the Iranian government. Just before the 2010 elections Vona demanded Iranian observers. He promised that the Iranian Revolutionary Guard and Jobbik’s paramilitary Hungarian Guard together would watch over the purity of the Hungarian elections. What a lovely combination!

Suspicion of Iranian money in support of Jobbik lingers on. Jobbik ran a very expensive election campaign, allegedly from private donations. Naturally, no one believes this. Even prior to the appearance of Jobbik on the Hungarian political scene the Hungarian extreme right received money from Sadam Hussein’s Iraq. György Lázár, who wrote about the Hungarian right’s Middle Eastern connections in Élet és Irodalom a few years back, is convinced that Muslim extremists’ connections to the Hungarian right has had a long history and that the relationship is still flourishing.

But perhaps there might be another reason. I suspect that Israel is even suspicious of the Orbán government’s real intentions with respect to the Arab world. Viktor Orbán during his first term as prime minister made several trips to various Arab countries and promised much closer relations between Hungary and the Arab nations. I wrote about this more than a year ago and predicted that this trend was going to continue during the second Orbán government. As indeed it has.

Moreover, although Israel is not saying much, I am sure that Israeli politicians are watching with apprehension the growing anti-Semitism in Hungary, which the Orbán government is not exactly fighting with full vigor. The rehabilitation of anti-Semitic writers whose activities between the two world wars inflamed public opinion against the country’s Jewish population cannot be to Israel’s liking either.

These were my thoughts when I heard Hungary being mentioned along with Iran, Saudi Arabia, the West Bank, and Sudan. An odd-man out. Or is it?

Sort by:   newest | oldest | most voted
Guest

Eva, this seems a bit far-fetched …

I’m quite sure that the weapons production and control systems of Iran are the targets here – maybe other Arab countries too, but Hungary ? It surely is a mistake of some kind.

It seems that someone published a book right now about the “Stux worm”, a kind of precursor to Flame claiming that the US had developed this cyberweapon – probably with the help of Israel.

As a mathematician and former IT consultant I know that some of the most brilliant computer people are in Israel – hardware and software on all levels is developed there. Things like “backdoors” into well known systems are absolutely possible.

Guest

Just found an article in English:
“High concentrations of compromised computers were found in the Palestinian West Bank, Hungary, Iran, and Lebanon. Additional infections have been reported in Austria, Russia, Hong Kong, and the United Arab Emirates.”
http://phys.org/news/2012-05-flame-virus-age-cyber-spy.html
Maybe the spread to Hungary etc was accidental.

BTW the virus has a size of 20 MB – a really large program.

Ovidiu
Guest

well, wikipedia has a theory :

“The unusually high infection rate of computers in Hungary relative to other European countries, as detected by the anti-virus company Symantec [20] might be related to the fact that Hungary relies on nuclear power and has lots of expertise with it [21] – the infection could be seen as an attempt to detect nuclear proliferation.”

http://en.wikipedia.org/wiki/Flame_(malware)

Member

Where did you see this? The Wikipedia article has nothing about Hungary …

Ovidiu
Guest

It was removed from that entry on Wiki some 10 minutes after I read it and copy/paste the excerpt here ! Weird.

Member

Not to start a “flame war” here, but that’s why we evicted all Windows computers from the house. We are on Macs.

This “news” about the Flame is rather the work of the AV companies propaganda machine. It’s been around for 2 years in it’s present form. The interesting bit to me is that the source of the infections is unknown. They suspect a video compression exploit on Windows – in plain words a certain video file played from the internet contained the virus and the buggy Windows happily installed it.

Nevertheless the connection of the Hungarian right to the Islamic extremist is a very interesting subject. I really would like to know if the FIDESZ was implicated in some way or not. I wouldn’t be surprised.

Member

muttdamon :
Not to start a “flame war” here, but that’s why we evicted all Windows computers from the house. We are on Macs.

Bad news…. ‘OSX/Flshplyr-B’. MAC computers are now getting viruses too.
Also the Flash virus. If you want to check if your computer is infected, just follow the instructions. THere are also help on how to remove it: http://www.mac-and-i.net/2012/04/flashback-detect-and-remove-uprising.html
My whole life is MAC based for at least twenty years. Currently: 2 laptops, 1 desktop, 1iPad, 2 iPods, 3 iPhones, 1 Apple TV, 1 Time Machine, 3 Xpress, complete wireless audio. I am just saying this, as I recently removed

Member

Thanks Some1. I don’t have THE Mac virus 🙂 (I use Chrome and develop on Java so I update quickly).

If you are on Windows you only have to verify 1,017,208 malware programs …

LwiiH
Guest

This looks like a Java applet vulnerability. Apple’s traditionally been slow at updating Java and have just recently punted their efforts to Oracle (though Apple employees are still involved). They are now about 11 months behind but once they make their next GA, the should be step in step with everyone else. No idea on the next GA as they are still fighting some significant bugs

Member

We are on MacBook Pros and iPhones. Only the two renegade geek kids insisted on Android phones.

Ron
Guest

This is all part of the cyber warfare which is going on in secrecy for years. Here are some wiki articles about this:

http://en.wikipedia.org/wiki/Cyberwarfare
http://en.wikipedia.org/wiki/Stuxnet
http://en.wikipedia.org/wiki/Flame_(malware)

An
Guest

Ovidiu :
It was removed from that entry on Wiki some 10 minutes after I read it and copy/paste the excerpt here ! Weird.

Hmm… maybe the secret service agencies are very efficient (and reading this blog?)

Ovidiu
Guest

Maybe, or maybe coincidence.
But it was there and then disappeared few minutes after I posted it here.

Anyway, it is very unlikely that Hungary would get involved in such a deadly game as nuclear-proliferation in Middle East.
It would mean asking for big troubles.

LwiiH
Guest
@mutt, we don’t have a Windows machine in the house. In fact, I’m about the only one left in the house using a laptop on a regular basis (no desktops left either). Everyone else is using a combination of devices as most of their activities are consumption related. The devices tend to be Linux (OSX/iOS are mach/BSD variant) based which tend to be a lot harder targets. Certainly they are a lot easier to harden without the need for virus scanners. As for Hungary and spam. A few years ago I co-authored a book and needed to collaborate with someone who was using GoDaddy as their ISP. All of my email to him was getting bounced and so I finally found the right person to talk to and was told that they just stopped accepting email traffic coming through Gyor because it was responsible for almost all of the spam they were seeing. My theory is that people here tend to use older versions of Windows add in language difficulties, not wanting to pay for virus software and it’s a perfect storm for bot’ing machine. Skype… I don’t directly know anyone @ Skype but I know a number of Estonians… Read more »
Member

LwiiH :
So again, it seems Hungary presents it’s self as an interesting target for testing things out. And maybe to keep an eye on the increasing public out-bursts of anti-semitisum.

I was thinking the same, how Fidesz and Jobbik will use this info to wag the dog again. THey will not look at it as it had to do with the tapes released where Jobbik is deciding to go to war and declaring that they will have the weapons, or the rising, unchallenged anti-Semitism, or with the new Fidesz sponsored “cult” that is building behind of war criminals and its adoration for those who ever took or preached for anti-semitic measures, the ongoing adoration of extreme regimes. They will portray that Hungary have to protect itself from Israel because Hungary is darn important that Israel is spying on it. They will not occur to them what countries are on the list in our company….

nyaripal
Guest

“My theory is that people here tend to use older versions of Windows add in language difficulties, not wanting to pay for virus software and it’s a perfect storm for bot’ing machine.”

LwiiH has it right.

Guest

London Calling!

O/T – and I suspect you know about this – but:

“Greece here we come”!

Firstly some ‘Facts of the Bleedin Obvious’:

The VAT in Hungary is the highest in the EU – 27% – shocking, even on food and energy.

The higher it is the more incentive there is to evade it.

Presumably it is 27% (indirect tax), to compensate for the Flat tax (direct tax).

It is easier to evade indirect taxes than it is evade direct taxes?

Tax evasion in Hungary must be at epidemic levels!

Tax inspectors engaged five law offices – (all specialising in tax law!) in business tasks, in a sting operation.

They all took the fees – and only two made out invoices!

And one decided to sue!

Here’s the link:

http://www.realdeal.hu/20120529/did-you-hear-the-one-about-the-budapest-lawyer-and-the-tax-inspector/

Pretty obvious really. It must be occurring all over Hungary.

I think the flat tax will have to go!

Regards

Charlie

Guest

Charlie, you’re so right!

Whenever I have some work done here and I ask, how much ?, I always get another question:

Do you need a bill/receipt ? And when I say no …

Back to the “Flame”:

It seems the only connection to Hungary is the fact that a team at the university in Budapest analysed the virus and thereby produced some traffic on the ‘net, which lead people to believe that computers in Hungary were infected.

wpDiscuz