X-SciTech

U.S., Israel fired up Flame cyberattack, report says

By Don Reisinger

June 20, 2012 / 2:30 PM EDT / CNET

Computer virus found in Iran — Flame, a computer virus more powerful than Stuxnet, has been making its way undetected for years through hundreds of computers in Iran. CBS

(CNET) The U.S. and Israel developed and carried out the Flame virus attacks on Iran, according to a new report.

The Washington Post reports, citing sources, that Flame was the brainchild of the U.S. National Security Agency, the Central Intelligence Agency, and Israel's military. The focus of the malware was to surreptitiously map and monitor Iran's networks to deliver sustained intelligence to the government organizations. That information could then be used for other attacks.

"This is about preparing the battlefield for another type of covert action," an intelligence official told the Washington Post. "Cyber-collection against the Iranian program is way further down the road than this."

The source went on to tell the Post that Israel and the U.S. are still conducting a cyberassault on Iran.

The new Flame malware that has infected computers in Iran and the Middle East is named after one of the main modules it uses to spread. — The Flame malware that has infected computers in Iran and the Middle East is named after one of the main modules it uses to spread. Securelist

Flame was discovered last month, but had been in operation since 2010. Kaspersky, which first noted the virus, said that it appeared to be "state-sponsored," but at the time stopped short of saying it came from the U.S. and Israel. Flame's main charge, according to security experts, was to steal information about targeted systems and stored files, as well as information on the computer display and audio conversations. Iran was the central target for the virus, but it also impacted machines in the West Bank, Syria, and other Middle East countries, as well as Sudan.

The U.S. has stayed tight-lipped on its possible involvement in Flame. After Israeli vice prime minister Moshe Ya'alon said on the country's military radio station, Army Radio, last month that "there are quite a few governments in the West that have rich high-tech [capabilities] that view Iran, and particularly the Iranian nuclear threat, as a meaningful threat - and can possibly be involved with this field," his office was forced to publicly deny any involvement with Flame.

Despite first delivering its payload in 2010, Flame was under development at least five years ago, according to the Post's sources. The development was part of an effort known as Olympic Games, which according to an earlier report by The New York Times, also included the Stuxnet virus. Talk of using cyberwarfare to sabotage Iran's nuclear efforts first arose during President George W. Bush's second term, according to the report.

While Flame and Stuxnet have been brought to light, similar payloads may still be lurking. In fact, one source told the Post that the unveiling of Stuxnet and Flame "doesn't mean that other tools aren't in play or performing effectively."

This article first appeared at CNET.

Don Reisinger

Don Reisinger is a technology columnist who has covered everything from HDTVs to computers to Flowbee Haircut Systems. Besides his work with CNET, Don's work has been featured in a variety of other publications including PC World and a host of Ziff-Davis publications.

Don writes product reviews for InformationWeek and Computerworld, and is a regular contributor to Byte and Switch. You can visit his personal site at DonReisinger.com or email him at CNETDigitalHome@gmail.com.

More from CBS News