Official: Flame transferred Iranian documents to Europe, US (ISRAEL HAYOM) Ilan Gattegno, News Agencies and Israel Hayom Staff 06/04/12)
Israel Hayom Articles-Index-Top
An unidentified source says the Flame virus moved dozens of encoded
Iranian documents to public cloud servers • Guardian reports U.S.
is "principal player" in what has been called the most sophisticated
As intelligence agencies and software security experts continue to
examine the Flame virus that infected computers in Iran and other
countries in the Middle East, one source familiar with the matter
said the virus had transferred dozens of encoded documents from Iran
to public cloud servers in the Netherlands, Switzerland and the U.S.
Analysts are now trying to figure out where the information continued
on to, and how the virus transferred the information to its handlers.
Meanwhile, according to a weekend report in British newspaper The
Guardian, the U.S. was the "principal player" in what has been widely
recognized as the most sophisticated cyberattack ever.
The Guardian report followed a New York Times report Friday, in which
an anonymous senior administration official said: "President Barack
Obama decided to speed up an initiative launched by his predecessor,
George W. Bush, code-named Olympic Games, which aimed to use computer
viruses to attack Tehran´s uranium-enrichment program."
The Times article continued: "Obama took the decision to accelerate
the pace of computer sabotage against Tehran in 2010, even after
details about one of the cyber weapons developed to attack Iran, the
Stuxnet worm, accidentally leaked on to the internet. It had been
designed to target Iran´s Natanz nuclear plant."
Two days ago, the Obama administration warned American businesses
about the Flame virus but also assured them that no infections had
been discovered inside the U.S. so far. The Homeland Security
Department described Flame as an espionage tool that was
sophisticated in design, using encryption and other techniques to
help break into computers and move through corporate or private
networks. The virus can eavesdrop on data traffic, take screenshots
and record audio and keystrokes. The department said Flame´s origin
was a mystery.
The White House has declined to discuss the virus.
Private security researchers have long suspected that the U.S. and
Israeli governments were responsible for the Stuxnet virus. But the
New York Times´ detailed description of conversations in the Oval
Office among Obama, the vice president and the CIA director about the
U.S. government´s responsibility for Stuxnet is the most direct
evidence of this to date. U.S. officials rarely discuss the use of
cyber weapons outside classified settings.
The White House said Friday it would not discuss whether the U.S. was
responsible for the Stuxnet attacks on Iran.
"I´m not able to comment on any of the specifics or details," White
House spokesman Josh Earnest said. "That information is classified
for a reason, and it is kept secret. It is intended not to be
publicized because publicizing it would pose a threat to our national
But one source familiar with the Bush administration´s initial work
on Stuxnet said it had stalled Iran´s nuclear program by about five
"It bought us time. First, it was to get across from one
administration to the next without having the issue blow up. And then
it was to give Obama a little more time to come up with alternatives,
through the sanctions, et cetera," said the source.
Russian digital security provider Kaspersky Lab, which first
identified the virus, said Flame´s complexity and
functionality "exceed those of all other cyber menaces known to
date." There is no doubt, the company said, that a government
sponsored the research that developed it. Yet Flame´s author remains
unknown because there is no information in the code of the virus that
would link it to a particular country.
Other experts said it was not as fearsome as believed.
Much of the code used to build the virus is old and available on the
Internet, said Becky Bace, chief strategist at the Center for
Forensics, Information Technology and Security at the University of
South Alabama. She said Flame could have been developed by a small
team of smart people with motivation and financial backing, making it
just as likely a criminal enterprise or a group working as surrogates
could have been responsible.
"Here´s the wake-up call as far as cyber is concerned: You don´t have
to be a nation-state to have what it would take to put together a
threat of this particular level of sophistication," said Bace, who
spent 12 years at the National Security Agency working on intrusion
detection and network security. "There´s no secret sauce here."
Stuxnet was far more complex. Still, Stuxnet could not have worked
without detailed intelligence about Iran´s nuclear program that was
obtained through conventional spycraft, said Mikko Hypponen, chief
research officer at F-Secure, a digital security company in Helsinki,
Finland. The countries with the motivation and the means to gather
that data are the U.S. and Israel, he said.
"This is at the level of complexity that very few organizations in
the world would even attempt," said Hypponen, who has studied Stuxnet
and Flame. "Basically you have to have moles. Most of what they
needed to pull this off was most likely collected with what we would
characterize as traditional intelligence work."
A senior defense official involved in Israel´s cyber warfare program
said last Friday, "Israel is investing heavily in units that deal
with cyber warfare both for defense and offense." He would not
elaborate. The official spoke on condition of anonymity.
It could take years to know who is responsible. "We are very good as
an industry at figuring out what a piece of malware does," said Dave
Marcus, director of advanced research and threat intelligence at
digital security giant McAfee. "But we are less accurate when it
comes to saying what group is responsible for it, or it came from
this country or that organization."
Return to Top
MATERIAL REPRODUCED FOR EDUCATIONAL PURPOSES ONLY