Feeds

Flame was scout ahead of Stuxnet attack on Iran nukes - US spooks

Israel blamed for cyberweapons' escape into the wild

Security for virtualized datacentres

Flame was created by the US and Israel in order to collect intelligence on Iranian computer networks as part of the same covert operation that spawned Stuxnet.

Anonymous US officials told the Washington Post that Flame was created as part of of the secret programme codenamed Olympic Games. Flame was designed as a means to map Iranian networks, as part of a reconnaissance mission to map closed computer networks that served as a prelude to the sabotage of systems at Uranium nuclear enrichment facilities carried out by Stuxnet.

The news that the US and Israel were behind Flame follows weeks after a similar confirmation that the two countries cooked up Stuxnet. Neither revelation came as a particular surprise since both strains of malware bore the hallmarks of a state-sponsored attack, cooked up by intelligence agencies or perhaps military sub-contractors rather than anything that might have been developed by either cybercrooks or politically-motivated hacktivists.

Flame was developed around five years ago as part of a classified US-Israeli effort designed to slow down Iran’s nuclear programme, reducing the pressure for a conventional military attack that would undoubtedly inflame tension in the Middle East.

Stuxnet and Flame are both elements of a broader and ongoing cyber-assault, one former high-ranking U.S. intelligence official told the Washington Post. Although Stuxnet and Flame can be countered "it doesn’t mean that other tools aren’t in play or performing effectively," he said.

Key agencies in the development of Stuxnet included the CIA’s Information Operations Center, the NSA and an Israel Defence Forces intelligence formation known as Unit 8200.

However despite working together to develop "cyberweapons" the US and Israel have not always co-ordinated their attacks. The Washington Post sources blame assaults on Iran’s Oil Ministry and oil-export facilities launched by Israel in April for the discovery of Flame. Israel was also blamed for changes in Stuxnet that meant it spread from the compromised laptop of an Iranian nuclear technician onto the internet.

Intelligence agencies from both Israel and the US are also using more conventional spycraft to screw up the supply of hi-tech components necessary to sustain Iran's controversial nuclear program, for example by making sure the high speed centrifuges supplied to the country are often faulty.

Last week, researchers with Kaspersky Lab reported that Flame was created by a group that must have collaborated with whoever created Stuxnet. A component in an early build of Stuxnet appears in Flame as a plugin. Despite this link Stuxnet and Flame are not close relatives. However Stuxnet uses the same programming building blocks as Duqu, another information stealing cyberweapon.

Neither the US or Israel has claimed responsibility for the creation of Duqu, as yet. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
Found inside ISIS terror chap's laptop: CELINE DION tunes
REPORT: Stash of terrorist material found in Syria Dell box
Show us your Five-Eyes SECRETS says Privacy International
Refusal to disclose GCHQ canteen menus and prices triggers Euro Human Rights Court action
Radio hams can encrypt, in emergencies, says Ofcom
Consultation promises new spectrum and hints at relaxed licence conditions
Heavy VPN users are probably pirates, says BBC
And ISPs should nab 'em on our behalf
Former Bitcoin Foundation chair pleads guilty to money-laundering charge
Charlie Shrem plea deal could still get him five YEARS in chokey
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Top 5 reasons to deploy VMware with Tegile
Data demand and the rise of virtualization is challenging IT teams to deliver storage performance, scalability and capacity that can keep up, while maximizing efficiency.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.