US and Israel behind computer virus that hit Iran, say sources

Flame virus code segmentBy JOSEPH FITSANAKIS | intelNews.org |
Flame, a sophisticated computer malware that was detected last month in computers belonging to the Iranian National Oil Company and Iran’s Ministry of Petroleum, was created by Israel and the United States, according to a leading American newspaper. Quoting “officials familiar with US cyber-operations”, The Washington Post reported on Wednesday that the malware, which is said to be “massive in size”, is part of a wider covert program codenamed OLYMPIC GAMES. The paper said that the US portion of the program is spearheaded by the National Security Agency, which specializes in cyberespionage, and the CIA’s Information Operations Center. The Post further claims that OLYMPIC GAMES has a three-fold mission: to delay the development of the Iranian nuclear program; to discourage Israeli and American officials from resorting to a conventional military attack on Iran; and to buy time for those officials who favor addressing the Iranian nuclear stalemate with diplomatic pressures coupled with sanctions. According to one “former intelligence official” quoted in The Post, the scale of OLYMPIC GAMES “is proportionate to the problem that’s trying to be resolved”. Russian antivirus company Kaspersky Lab, which first spotted the Flame virus in May, said that it is “one of the most complex threats ever discovered”. It is over 20 megabytes in size, consisting of 650,000 lines of code. In comparison, Stuxnet, a computer super-virus that was detected by experts in 2010, and caused unprecedented waves of panic among Iranian cybersecurity experts, was 500 kilobytes in size. Read more of this post

About these ads

Comment: Who authored computer virus that ‘dwarfs Stuxnet’?

Flame virus code segmentBy JOSEPH FITSANAKIS | intelNews.org |
When the Stuxnet computer virus was detected, in 2010, it was recognized as the most sophisticated malware ever created. It had been specifically designed to sabotage Siemens industrial software systems, which were used in Iran’s nuclear energy program. Not surprisingly, most Stuxnet-infected computers were in Iran. Now a new, massive and extremely sophisticated piece of malware has been detected in computers belonging to the Iranian National Oil Company and Iran’s Ministry of Petroleum. It is called Flame and, according to antivirus company Kaspersky Lab, which first spotted the virus last week, it is “one of the most complex threats ever discovered”. Simply consider that Stuxnet, which caused unprecedented waves of panic among Iranian cybersecurity experts, was 500 kilobytes in size. Flame is over 20 megabytes in size, consisting of 650,000 lines of code; it is so complex that it is expected to take programming analysts around a decade to fully comprehend. The two are different, of course. Stuxnet was an infrastructure-sabotaging malware, which destroyed hundreds —maybe even thousands—of Iranian nuclear centrifuges. Flame, on the other hand, appears to be an espionage tool: it aims to surreptitiously collect information from infected systems. What connects them is their intended target: Iran. We now have Stuxnet, the most complex sabotaging malware ever discovered, which must have taken dozens of programmers several months to create, and Flame, the world’s most powerful cyberespionage tool ever detected by computer security experts. And both have been primarily directed at Iranian government computers. Read more of this post

News you may have missed #689: NSA edition

Michael HaydenBy IAN ALLEN| intelNews.org |
►►Ex-NSA Director calls Stuxnet a ‘good idea’. General Michael Hayden, once head of the NSA and CIA, who was no longer in office when the Stuxnet attack on Iran occurred, but who would have been around when the computer virus was created, denies knowing who was behind it. He calls Stuxnet “a good idea”. But he also admits “this was a big idea, too. The rest of the world is looking at this and saying, ‘clearly, someone has legitimated this kind of activity as acceptable'”.
►►NSA develops secure Android phones. The US National Security Agency has developed and published details of an encrypted VoIP communications system using commercial off-the-shelf components and an Android operating system. A hundred US government employees participated in a pilot of Motorola hardware running hardened VoIP called ‘Project FISHBOWL’, NSA Information Assurance Directorate technical director Margaret Salter told the RSA Conference in San Francisco on Wednesday. “The beauty of our strategy is that we looked at all of the components, and took stuff out of the operating system we didn’t need”, said Salter. “This makes the attack surface very small”.
►►Senior US Defense official says DHS should lead cybersecurity. In the midst of an ongoing turf battle over how big a role the National Security Agency should play in securing America’s critical infrastructure, Eric Rosenbach, deputy assistant secretary of Defense for Cyber Policy in the Department of Defense, said on Wednesday that the NSA should take a backseat to the Department of Homeland Security in this regard. “Obviously, there are amazing resources at NSA, a lot of magic that goes on there”, he said. “But it’s almost certainly not the right approach for the United States of America to have a foreign intelligence focus on domestic networks, doing something that throughout history has been a domestic function”.

News you may have missed #675

Eugene ForseyBy IAN ALLEN | intelNews.org |
►►US ‘has engaged in cyberwarfare’. Former National Security Agency Director Mike McConnell said in an interview with Reuters that the United States has already used cyber attacks against an adversary. Most believe he was referring to Stuxnet, the computer virus unleashed against Iran in 2010.
►►Philippines studying US offer to deploy spy planes. The Philippines is considering a US proposal to deploy surveillance aircraft on a temporary, rotating basis to enhance its ability to guard disputed areas in the South China Sea, the Philippine defense minister said last week. The effort to expand military ties between the United States and the Philippines, which voted to remove huge American naval and air bases 20 years ago, occurs as both countries grapple with the growing assertiveness of China.
►►Canadian intelligence spied on constitutional expert. Canadian security forces kept close tabs on renowned constitutional scholar Eugene Forsey from his early days as a left-wing academic to his stint as a senator, according to newly declassified documents. The collection of more than 400 pages, which has been obtained by Canadian newspaper The Toronto Star, reveals the RCMP Security Service (the predecessor to the Canadian Security Intelligence Service), followed Forsey for four decades throughout his career as an economics professor, research director for the Canadian Congress of Labour (now called the Canadian Labour Congress), a two-time Ottawa-area candidate for the Cooperative Commonwealth Federation and then his 1970 appointment as a Liberal senator. No surprises here.

News you may have missed #566 (analysis edition)

Jeffrey Richelson

Jeffrey Richelson

►►Stuxnet virus opens new era of cyberwar. Well-argued article by quality German newsmagazine Der Spiegel on Stuxnet, the sophisticated computer virus that attacked the electronic infrastructure of Iran’s nuclear program last year. The article argues that, in terms of strategic significance, the virus, which is widely considered a creation of Israeli intelligence agency Mossad, is comparable to cracking Germany’s Enigma cipher machine by Polish and British cryptanalists during World War II.
►►The fallout from the Turkish Navy’s recent spy scandal. Recently, the Turkish High Criminal court indicted members of an alleged spy ring operating inside the Turkish Navy. According to the indictment, members of the ring stole more than 165,000 confidential documents and obtained dozens of surveillance records and classified military maps. Its biggest customers were allegedly the intelligence services of Israel, Greece and Russia.
►►New edition of classic intelligence handbook published. A new edition of Jeffrey Richelson’s encyclopedic work on Read more of this post

Ex-CIA counterterrorist chief says al-Qaeda to turn to computer hacking

Cofer Black

Cofer Black

By JOSEPH FITSANAKIS | intelNews.org |
The strategic retreat currently being experienced by al-Qaeda will force the group to concentrate on inflicting damage on its enemies through the Internet. This is the opinion of Cofer Black, the straight-talking CIA veteran who retired in 2002 as Director of the Agency’s Counterterrorism Center. Black, who is known for his hawkish views on Washington’s ‘war on terrorism’, gave the keynote speech on Wednesday at the Black Hat Technical Security Conference in Las Vegas, Nevada. He told an audience of nearly 7,000 conference participants that “the natural thing” would be for al-Qaeda in the post-bin-Laden age to continue to engage in terrorism by “fall[ing] back to things that are small and agile”, with computer hacking being an ideal candidate. Black, who since 2002 has worked for private contractors, including Blackwater/Xe, illustrated his point by referring to Stuxnet, the elaborately programmed computer virus that targeted electronic hardware in Iran’s nuclear energy program in July of 2010. “The Stuxnet attack is the Rubicon of our future”, said the former CIA official, adding that it was the computer virus designed to cause “physical destruction of a national resource”. Black is rightly revered by intelligence observers for having warned US government officials of a large-scale terrorist attack in August of 2001, one month prior to the September 11 hijackings. Having said this, it is not exactly prophetic to state, as he did, that “cyber will be a key component of any future conflict”. Read more of this post

News you may have missed #538

Wali Karzai

Wali Karzai

By IAN ALLEN | intelNews.org |
►►Egyptian diplomat dead in London after bizarre suicide attempt. Police in London are trying to solve the mysterious apparent suicide of Ayman Mohammed Fayed, a 41-year-old employee of the Egyptian embassy, who plunged to his death from one of the embassy’s third-floor windows last week. Embassy officials said he did so after hurriedly signing a brief suicide note to his family. Interestingly, one witness saw him trying to get back into the building from the window, apparently having changed his mind about killing himself. But, says The Daily Mail, he seems to have “lost control and fell”. The death does not seem to be related to the political changes that have taken place in Egypt this year. ►►CIA agent Wali Karzai dead in Afghanistan. Another death, that of Afghan President Hamid Karzai’s brother, has featured all over the news media in the past few days. Ahmed Wali Karzai, Afghan drug lord and influential strongman, was shot dead by his bodyguards last Tuesday. Wali Karzai’s role as a CIA agent is less widely advertised in obituaries (with a few notable exceptions). IntelNews readers will remember that, in October of 2009, The New York Times revealed that Wali Karzai had been financially sustained by the CIA ever since the initial US invasion of Afghanistan, in 2001, and that he was still —as of 2009— receiving “regular payments” from the Agency.  Read more of this post

Iran admits some of its nuclear scientists spied for the West

Ali Akbar Salehi

Ali Akbar Salehi

By JOSEPH FITSANAKIS | intelNews.org |
A top-level Iranian government official has admitted that some scientists and technicians in Iran’s nuclear energy program were successfully lured into spying for Israeli and Western intelligence agencies in the past. The disclosure, which was characterized as “stunning” by the Associated Press, marked the first-ever open admission by the Iranian government that the country’s nuclear energy program has been penetrated by foreign spies. It was made last weekend by Ali Akbar Salehi, Iran’s Vice President and Director of the country’s Atomic Energy Organization. According to the Iranian government-controlled Fars News Agency, Vice President Salehi told an audience that individual scientists and technicians working in Iran’s nuclear program had used their access to classified relevant information to benefit from “foreign purchases and commercial affairs”. Read more of this post

News you may have missed #438 (Stuxnet edition)

[Research credit to Arthur Sbygniew]

Iran announces arrests of alleged nuclear spies

Heidar Moslehi

Heidar Moslehi

By IAN ALLEN | intelNews.org |
The Iranian government has announced the arrest of an unspecified number of alleged nuclear spies, reportedly in connection with a sophisticated virus that infected computers used in Iran’s nuclear energy program. The arrests were publicized on Sunday by Heidar Moslehi, Iran’s Minister of Intelligence, who said those arrested had helped facilitate the spread of the so-called Stuxnet virus last June. The malicious program, which appears to have been designed to sabotage sensitive hardware components found specifically in nuclear centrifuges, has infected at least 100,000 computer systems worldwide, most of which are located in Iran. Speaking to Iranian media, Moslehi accused Israel and the United States of trying to sabotage the Iranian nuclear energy program, but noted that Iran’s intelligence services have resumed “complete supervision of cyberspace” and will successfully prevent “any leak or destruction” of the Islamic Republic’s nuclear research and development program by outside forces. But elsewhere in Tehran, Hamid Alipour, an Iranian government Senior Information and Technology official, admitted that technical experts are still working on containing the virus, which appears to be mutating. Read more of this post

Experts see nation-state behind sophisticated computer virus attack

Ahmadinejad

By IAN ALLEN | intelNews.org |
Computer forensics specialists are split as to the purpose and initial target of a sophisticated computer virus that infected computers used in the Iranian government’s nuclear energy program. The virus, named Stuxnet, was discovered in Iran in June by a Belarusian computer security firm doing business in the Islamic Republic. It has since infected at least 100,000 computer systems in countries such as Brazil, India, Russia and the United States. But the primary target of the virus appears to have been the Iranian nuclear energy program, specifically computers located at the Islamic Republic’s nuclear reactor facility in Bushehr and the uranium enrichment plant in Natanz. Several commentators, including Wired magazine, dispute the existence of any evidence pointing to a clear target inside Iran.  But Israeli media maintain that computers at Natanz were the primary target of Stuxnet, and that subsequent infections at computer labs at Bushehr were in fact an unintended side effect. Read more of this post

News you may have missed #435 (cyberwarfare edition)

  • Analysis: Cyber attacks test US Pentagon. US military and civilian networks are probed thousands of times a day, and the systems of the North Atlantic Treaty Organization headquarters are attacked at least 100 times a day. Meanwhile, more than 100 countries are currently trying to break into US defense networks.
  • US should be able to shut Internet, ex-CIA chief says. Cyberterrorism is such a threat that the US President should have the authority to shut down the Internet in the event of an attack, Former CIA Director Michael Hayden has said.
  • Iran battling alleged ‘spy virus’. Iranian officials have confirmed reports that a malicious computer code, called Stuxnet, was spreading throughout the nation’s nuclear infrastructure. But they have given differing accounts of the damage, said to be capable of taking over computers that operate huge facilities, including nuclear energy reactors. Did someone say ‘Israel‘?
Follow

Get every new post delivered to your Inbox.

Join 681 other followers