By Pam Benson
Some of the nation's biggest banks are at risk of a massive cyber attack next year that could potentially siphon funds from unsuspecting customers, according to a leading digital security firm.
The fraud campaign, known as Project Blitzkrieg, is a credible threat, the Internet security firm McAfee Labs concluded in a new report.
The malware has been lying dormant in U.S. financial systems and is scheduled to go active by the spring of 2013, McAfee researchers concluded.
The project "appears to be moving forward as planned," the report states.
People familiar with the study said some 30 financial institutions are targets of the campaign.
It's the largest, most extensive cyber espionage tool to date.
Researchers say the computer virus dubbed Flame stole secrets on Iran's nuclear program and it likely went on for years, discovered only after a cyberattack on Iran's oil infrastructure.
Now The Washington Post cites "western officials with knowledge of the effort" as saying Flame was jointly-developed between the United States and Israel.
Intelligence Correspondent Suzanne Kelly reports on U.S. strategy in going to battle in cyberspace.
Editors Note: James Lewis is a Senior fellow and Director of the Technology and Public Policy Program at the Center for Strategic and International Studies. He offers this commentary on Flame, a recently discovered malware program infecting computer systems in Iran and elsewhere.
By James Lewis, Special to CNN
Is it wrong to be blasé about the most frightening malware ever invented? Some people worry that Flame is "bigger" than Stuxnet, weighing in at 20 megabytes. Flame is "bigger" than Stuxnet, but size and sophistication aren't the same.
Let's look at some of the tricks Flame uses. Recording keystrokes (a "keylogger") is about 20 years old. Turning on the microphone of your computer is also mid-90s (turning on the camera is more recent, but also not news). The same is true for taking screen shots of your e-mail. You can buy some of these features on the black market. This is not cutting-edge stuff - somebody cobbled together existing exploits into a big package.
The "Flame" virus, the most complex computer bug ever discovered, has been lurking for years inside Iranian government computers, spying on the country's officials.
In a statement posted on its website on Monday, the Iranian National Computer Emergency Response Team (CERT) said it discovered Flame after "multiple investigations" over the past few months.
The Iranian CERT team said it believes there is a "close relation" between Flame two previous cyber attacks on Iran, known as the Stuxnet and Duqu computer worms. Stuxnet is widely believed to have been launched by either the U.S. or Israel (or both countries).
This isn't traditional war. The Internet has leveled the playing field, allowing governments that would never launch military attacks on one another to target one another in cyberspace.
"In warfare, when a bomb goes off it detonates; in cyberwarfare, malware keeps going and gets proliferated," said Roger Cressey, senior vice president at security consultancy Booz Allen Hamilton, at a Bloomberg cybersecurity conference held in New York last month.
"Once a piece of malware is launched in wild, what happens to that code and its capability?" he added. "Things like Stuxnet are being reverse-engineered."
By Guy Azriel reporting from Jerusalem
Israel's Vice Prime Minister suggested Tuesday that his country has the capabilities to develop malware capable of attacking sophisticated computer systems, but would not confirm whether Israel has any role in the newly revealed “Flame” malware that has been infecting computers in the region, with Iran seeming to be a main target.
(Watch the video above for a good explanation of the Flame threat)
Speaking to Israeli Army radio, Minister of Strategic Affairs Moshe Yaalon said “Israel is blessed to be a nation possessing superior technology. In that respect our achievements open up all sorts of opportunities for us."
“Whoever sees the Iranian threat as a serious threat, not just for Israel, but the entire western world led by the United States would be likely to make use all possible means, including these in order to hurt them," said Yaalon, a former Chief of Staff of the Israeli Defense Forces, when asked about Israel’s involvement in cyber warfare activity. FULL POST