US and Israel behind computer virus that hit Iran, say sources

Flame virus code segmentBy JOSEPH FITSANAKIS | |
Flame, a sophisticated computer malware that was detected last month in computers belonging to the Iranian National Oil Company and Iran’s Ministry of Petroleum, was created by Israel and the United States, according to a leading American newspaper. Quoting “officials familiar with US cyber-operations”, The Washington Post reported on Wednesday that the malware, which is said to be “massive in size”, is part of a wider covert program codenamed OLYMPIC GAMES. The paper said that the US portion of the program is spearheaded by the National Security Agency, which specializes in cyberespionage, and the CIA’s Information Operations Center. The Post further claims that OLYMPIC GAMES has a three-fold mission: to delay the development of the Iranian nuclear program; to discourage Israeli and American officials from resorting to a conventional military attack on Iran; and to buy time for those officials who favor addressing the Iranian nuclear stalemate with diplomatic pressures coupled with sanctions. According to one “former intelligence official” quoted in The Post, the scale of OLYMPIC GAMES “is proportionate to the problem that’s trying to be resolved”. Russian antivirus company Kaspersky Lab, which first spotted the Flame virus in May, said that it is “one of the most complex threats ever discovered”. It is over 20 megabytes in size, consisting of 650,000 lines of code. In comparison, Stuxnet, a computer super-virus that was detected by experts in 2010, and caused unprecedented waves of panic among Iranian cybersecurity experts, was 500 kilobytes in size. Flame is so complex that it would take programming analysts around a decade to fully comprehend, according to Kaspersky Lab. The two are linked in terms of their target: Stuxnet, the most complex sabotaging malware ever discovered, and Flame, the world’s most powerful cyberespionage tool ever detected by computer security experts, both have been primarily directed at Iranian government computers. Earlier this month, Kaspersky Lab researchers said that they were “100 percent sure” that Stuxnet and Flame had been created “by the same group or groups”.

5 Responses to US and Israel behind computer virus that hit Iran, say sources

  1. Pete says:

    Hi Joseph

    The NSA’s part in it is certainly what was expected while the CIA is the appropiate (semi-customer) body to identify the targets, internally explain the strategy and assemble the necessary documentation for Presidential approval (findings).

    Interesting that Kaspersky Lab is a Russian company – raising the scenario of former or current Russian Government sigint/infosec employees in “cyber combat” with current US and Israeli Government sigint/infosec employees.

    I’m not on top the Russian organisation – is it still Fapsi, another centralised body or a decentralised setup?


  2. Kidd says:

    the code of the west — happy trails

  3. intelNews says:

    @Pete: In some cases the CIA is also responsible for installing the virus on-site, mostly through agents/informants on the ground. Interesting point re: Kaspersky’s relationship with the Russian government. If such a relationship exists, I would imagine that it is probably similar to that between the NSA and Google, or Microsoft. FAPSI is what the Russian organization is informally called, though their actual name since 2004 (I believe) is Special Communications Service. They are now under the FSB, and often deal directly with the President of the Russian Federation. Thanks for your comment. Nice blog. [JF]

  4. Pete says:

    @Thanks Joseph – for the information and your praise. I appreciate it. Pete.

  5. Pete says:

    See my website post “FSB infosec-sigint, Kaspersky Labs and Flame” at . This indicates connections between the FSB and Moscow based Kaspersky Labs.

    Kaspersky Labs, from its Boston and Miami offices, services millions of individual US customers and 10,000s of US corporate customers.

    The the UKUSA sigint alliance’s negative treatment of China’s Huawei (with significant Chinese sigint connections) oddly does not apply to Kaspersky Labs (with significant Russian sigint connections).

We welcome informed comments and corrections. Comments attacking or deriding the author(s), instead of addressing the content of articles, will NOT be approved for publication.

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: