Report: U.S., Israel Developed FlameIntel from Flame May Have Guided Stuxnet Attack Against Iran
Flame, the massive spyware that attacked computers in Iran and other nations in the Middle East [see Massive, Advanced Cyberthreat Uncovered], was developed jointly by the United States and Israel, Western officials familiar with the effort told the Washington Post.
See Also: A CISO's Guide to Communicating Risk
The U.S. and Israel employed Flame to secretly map Iran's computer networks and monitor the computers of Iranian officials, sending back a steady stream of intelligence used to enable an ongoing cyberwarfare campaign, the Post report says, suggesting that intelligence culled through Flame may have been used to identify Iranian nuclear enrichment centrifuges that the virus Stuxnet crippled in 2010.
"This is about preparing the battlefield for another type of covert action," one former high-ranking U.S. intelligence official, who added that Flame and Stuxnet were elements of a broader assault that continues today, told the Post. "Cyber collection against the Iranian program is way further down the road than this."
The National Security Agency and CIA along with the Israeli military were involved in this effort, according to the report, and both governments declined to comment to the news organization.
The Post report is the latest news account of the United States aggressively using cyber to attack its adversaries. On June 1, the New York Times reported that President Obama, since the early months of his presidency, ordered increasingly sophisticated cyberattacks on Iranian computer systems to cripple nuclear enrichment centrifuges as part of a major expansion of America's first persistent use of cyberweapons [see Report: Obama Ordered Stuxnet Assault].
The new details about Flame furnish additional clues about what the Post characterizes as possibly the first sustained campaign of cyber-sabotage against an adversary of the United States.
Setback in U.S.-Israeli Cyber Efforts?
The latest revelation about a cyberattack on Iranian computers doesn't bode well for joint U.S.-Israeli cyber efforts, says the author of the book Surviving Cyberwar. "The actual revelation and apparent admission by unidentified U.S. government officials will probably have the greatest impact on international intelligence relations," Richard Stiennon says. "The intelligence community is, if anything, secretive and leaks create distrust. ... I expect that U.S.-Israel cooperation in the cyber arena has been set back."
Suggestions that identifying the U.S. and Israel as collaborators behind Flame and Stuxnet would create a cyberarms race akin to the proliferation of nuclear weapons during the Cold War are dismissed by Jim Harper, director of information policy studies at the Cato Institute, who referenced his recent blog posted on the libertarian think tank's website. "Cyberattacks can have nothing like the consequence of nuclear weapons," Harper says.
"The methods used in these viruses will be foreclosed as researchers unpack how they work," he says. "Our technical systems adapt to new threats the way humans develop antibodies to disease. But in the near term the techniques in Stuxnet and Flame may well be incorporated into attacks on our computing infrastructure.
"The likelihood of attacks having extraordinary consequences is low. This talk of cyberwar and cyberterror is the ugly poetry of budget-building in Washington, D.C. But watch out for U.S. cyberbellicosity coming home to roost. The threat environment is developing in response to U.S. aggression."
Flame came to light last month after Iran detected a series of cyberattacks on its oil industry. The disruption was directed by Israel in a unilateral operation that apparently caught its American partners off guard, several U.S. and Western officials, speaking on the condition of anonymity, told the Post.
An IT security expert at security researchers such as Kaspersky Lab, which first reported the existence of Flame, in a blog posting says Flame and Stuxnet contain some of the same code, suggesting that both sets malware came from the same entity. Experts say the size and sophistication of Flame and Stuxnet need the resources of a nation state to create.