The recently discovered Flame cyberattack, believed to be directed primarily against Iran and collect data, has attracted significant international attention in recent days. A number of reports had pointed the responsibility for the attack against Israel or the U.S. Eyebrows were raised when Israeli vice prime minister Moshe Ya’alon spoke on Israel’s Army Radio, stating:
“there are quite a few governments in the West that have rich high-tech [capabilities] that view Iran, and particularly the Iranian nuclear threat, as a meaningful threat — and can possibly be involved with this field.”
It was also suggested that any country that considered Iran a nuclear threat would:
“take every single measure available, including these, to harm the Iranian nuclear project.”
On the record, a spokesman for the official stated to the BBC:
“There was no part of the interview where the minister has said anything to imply that Israel was responsible for the virus.”
The U.S. has also denied responsibility. While the behavior, sophistication, and target of the virus has been repeatedly linked to a nation-sponsored development, we are seeing a logical denial of any such attacks from a couple of nations now and that is to be expected. As Bert Latamore reported today, this and other attacks have taken up the tact of long-term data theft. The risk and threat to nation, state and individual are critically high.
The Flame virus features significant counter malware removal protections and was designed to evade detection. The rumored number of anti-malware removal defenses is 346. It further features an as yet undisclosed design feature that would only infiltrate certain targeted networks. If a virus like this was to get out into the open and into the hands of the cybercrime underworld, the mechanisms described could be exploited and utilized for extensive damage. Privately there are likely a number of security organizations analyzing the virus at this time. This happened with Stuxnet and others. In the case of Stuxnet, a public partial release of its code by the hacktivist group Anonymous was attributed to leaks that were eventually exploited by cyber-criminal groups in their own malware. To what extent that code has been seen in the wild in new malware is a significant concern and flashpoint for security practitioners to monitor for some time to come.