When news of the Flame malware began making headlines at the end of May, it was suspected the U.S. and/or Israeli governments were involved in the virus that attacked systems, most of which were identified in Iran. Now, sources are formally accusing the U.S. Central Intelligence Agency, the National Security Agency and the Israeli military for their involvement in creating the cyber threat, also saying it is merely laying the groundwork for something bigger.
The Washington Post reports a former intelligence official, who spoke on the condition of anonymity, saying Flame “is about preparing the battlefield for another type of covert action.”
When Flame was first being discovered, it was found to pre-date even the infamous Stuxnet worm, which was built to attack Iran’s nuclear program in 2010. Now, Kaspersky Labs, which has been leading the charge in researching Flame, has said it is absolutely sure the two viruses were created by those who also made Stuxnet. According to a report released by the security researchers last week, they were able to find some of the same code present in both Flame and Stuxnet. The Post has more from Kaspersky on the relation of the two bits of malware:
“We are now 100 percent sure that the Stuxnet and Flame groups worked together,” said Roel Schouwenberg, a Boston-based senior researcher with Kaspersky Lab.
The firm also determined that the Flame malware predates Stuxnet. “It looks like the Flame platform was used as a kickstarter of sorts to get the Stuxnet project going,” Schouwenberg said.
Here’s what Kaspersky said in its report:
The discovery of the Flame malware in May 2012 revealed the most complex cyber-weapon to date. At the time of its discovery, there was no strong evidence of Flame being developed by the same team that delivered Stuxnet and Duqu. The approach to the development of Flame and Duqu/Stuxnet was different as well, which lead to the conclusion that these projects were created by separate teams. However, the following in-depth research, conducted by Kaspersky Lab’s experts, reveals that these teams in fact cooperated at least once during the early stages of development.
The presence of Flame quickly became apparent after an oil refinery in Tehran was taken offline completely for a time after suffering a cyber attack. Although both the U.S. and Israel allegedly created the virus — none of the agencies contacted by the Post provided a statement — it is reported that Israel was= working alone to cause this minor disruption at the oil refinery in April. The Post reports U.S. officials saying they were “dismayed” by this one-sided decision that ultimately lead to the discovery of Flame.
According to the Post, this incident “shows the importance of mapping networks and collecting intelligence on targets as the prelude to an attack, especially in closed computer networks.”
Read more details in the Washington Post report here.