Ellen Nakashima June 21, 2012
Sabotage ... the Iranian President, Mahmoud Ahmadinejad, examines gas centrifuge cascades at the Natanz nuclear facility. Photo: Official Office of Iran's Presid
The US and Israel jointly developed the sophisticated computer virus nicknamed Flame that collected critical intelligence in preparation for cyber attacks aimed at slowing Iran's ability to develop a nuclear weapon, according to Western officials with knowledge of the effort.
The malware was designed to secretly map Iran's computer networks and monitor the computers of Iranian officials, sending back a stream of intelligence used to enable an ongoing cyber warfare campaign, according to the officials.
The effort, involving the National Security Agency, the CIA and Israel's military, has included the use of destructive software such as the Stuxnet virus to cause malfunctions in Iran's nuclear enrichment equipment.
The emerging details about Flame provide new clues about what is believed to be the first such campaign against an adversary of the US.
''This is about preparing the battlefield for another type of covert action,'' said one former high-ranking US intelligence official, who added that Flame and Stuxnet were elements of a broader assault that continues today. ''Cyber collection against the Iranian program is way further down the road than this.''
Flame was exposed last month after Iran detected a series of cyber attacks on its oil industry. The disruption was directed by Israel in a unilateral operation that apparently caught its US partners off guard, according to Western officials, including some from the US, speaking on the condition of anonymity.
The collaboration on the virus between Washington and Israel has not been previously confirmed. Commercial security researchers last week reported that Flame contained some of the same code as Stuxnet. Experts said the two sets of malware were parallel projects run by the same entity.
The CIA, the NSA, the Office of the Director of National Intelligence, and the Israeli embassy in Washington, declined to comment.
The malware is among the most sophisticated and subversive exposed to date. Experts said the program was designed to replicate across highly secure networks, then control everyday computer functions to send a flow of secrets back to its creators. The code could activate computer microphones and cameras, log keyboard strokes, take computer screenshots, extract geolocation data from images and send and receive commands and data through Bluetooth wireless technology.
Flame was designed to do all this while masquerading as a routine Microsoft software update, evading detection for several years by using a program to crack an encryption algorithm.
''This is not something that most security researchers have the skills or resources to do,'' said the chief technology officer, Tom Parker, of FusionX, a security firm specialising in simulating state-sponsored cyber attacks, who does not know who was behind the virus. ''You'd expect that of only the most advanced crypto mathematicians, such as those working at NSA.''
Flame was developed at least five years ago as part of a classified effort code named Olympic Games, say officials familiar with US cyberspace operations. It was intended to slow Iran's nuclear program, reduce the pressure for a conventional military attack and extend the timetable for diplomacy and sanctions.
The Washington Post