Feeds

Flame was scout ahead of Stuxnet attack on Iran nukes - US spooks

Israel blamed for cyberweapons' escape into the wild

The Power of One Infographic

Flame was created by the US and Israel in order to collect intelligence on Iranian computer networks as part of the same covert operation that spawned Stuxnet.

Anonymous US officials told the Washington Post that Flame was created as part of of the secret programme codenamed Olympic Games. Flame was designed as a means to map Iranian networks, as part of a reconnaissance mission to map closed computer networks that served as a prelude to the sabotage of systems at Uranium nuclear enrichment facilities carried out by Stuxnet.

The news that the US and Israel were behind Flame follows weeks after a similar confirmation that the two countries cooked up Stuxnet. Neither revelation came as a particular surprise since both strains of malware bore the hallmarks of a state-sponsored attack, cooked up by intelligence agencies or perhaps military sub-contractors rather than anything that might have been developed by either cybercrooks or politically-motivated hacktivists.

Flame was developed around five years ago as part of a classified US-Israeli effort designed to slow down Iran’s nuclear programme, reducing the pressure for a conventional military attack that would undoubtedly inflame tension in the Middle East.

Stuxnet and Flame are both elements of a broader and ongoing cyber-assault, one former high-ranking U.S. intelligence official told the Washington Post. Although Stuxnet and Flame can be countered "it doesn’t mean that other tools aren’t in play or performing effectively," he said.

Key agencies in the development of Stuxnet included the CIA’s Information Operations Center, the NSA and an Israel Defence Forces intelligence formation known as Unit 8200.

However despite working together to develop "cyberweapons" the US and Israel have not always co-ordinated their attacks. The Washington Post sources blame assaults on Iran’s Oil Ministry and oil-export facilities launched by Israel in April for the discovery of Flame. Israel was also blamed for changes in Stuxnet that meant it spread from the compromised laptop of an Iranian nuclear technician onto the internet.

Intelligence agencies from both Israel and the US are also using more conventional spycraft to screw up the supply of hi-tech components necessary to sustain Iran's controversial nuclear program, for example by making sure the high speed centrifuges supplied to the country are often faulty.

Last week, researchers with Kaspersky Lab reported that Flame was created by a group that must have collaborated with whoever created Stuxnet. A component in an early build of Stuxnet appears in Flame as a plugin. Despite this link Stuxnet and Flame are not close relatives. However Stuxnet uses the same programming building blocks as Duqu, another information stealing cyberweapon.

Neither the US or Israel has claimed responsibility for the creation of Duqu, as yet. ®

Maximizing your infrastructure through virtualization

More from The Register

next story
You! Pirate! Stop pirating, or we shall admonish you politely. Repeatedly, if necessary
And we shall go about telling people you smell. No, not really
UK Parliament rubber-stamps EMERGENCY data grab 'n' keep bill
Just 49 MPs oppose Drip's rushed timetable
MPs wave through Blighty's 'EMERGENCY' surveillance laws
Only 49 politcos voted against DRIP bill
EU's top data cops to meet Google, Microsoft et al over 'right to be forgotten'
Plan to hammer out 'coherent' guidelines. Good luck chaps!
US judge: YES, cops or feds so can slurp an ENTIRE Gmail account
Crooks don't have folders labelled 'drug records', opines NY beak
Delaware pair nabbed for getting saucy atop Mexican eatery
Burrito meets soft taco in alleged rooftop romp outrage
LightSquared backer sues FCC over spectrum shindy
Why, we might as well have been buying AIR
'Two-speed internet' storm turns FCC.gov into zero-speed website
Deadline for comments on net neutrality shake-up extended to Friday
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Mobile application security vulnerability report
The alarming realities regarding the sheer number of applications vulnerable to attack, and the most common and easily addressable vulnerability errors.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.