The United States and Israel jointly developed a sophisticated computer virus nicknamed Flame that collected critical intelligence in preparation for cyber-sabotage attacks aimed at slowing Iran’s ability to develop a nuclear weapon, according to Western officials with knowledge of the effort.
The massive piece of malware was designed to secretly map Iran’s computer networks and monitor the computers of Iranian officials, sending back a steady stream of intelligence used to enable an ongoing cyberwarfare campaign, according to the officials.
The effort, involving the National Security Agency, the CIA and Israel’s military, has included the use of destructive software such as the so-called Stuxnet virus to cause malfunctions in Iran’s nuclear enrichment equipment.
The emerging details about Flame provide new clues about what is believed to be the first sustained campaign of cyber-sabotage against an adversary of the United States.
“This is about preparing the battlefield for another type of covert action,” said one former high-ranking U.S. intelligence official, who added that Flame and Stuxnet were elements of a broader assault that continues today. “Cyber collection against the Iranian program is way further down the road than this.”
Flame came to light last month after Iran detected a series of cyberattacks on its oil industry. The disruption was directed by Israel in a unilateral operation that apparently caught its U.S. partners off guard, according to several U.S. and Western officials, speaking on the condition of anonymity.
There had been speculation that the United States had a role in developing Flame, but the collaboration on the virus between Washington and Israel has not been previously confirmed. Commercial security researchers last week reported that Flame contained some of the same code as Stuxnet. Experts described the overlap as DNA-like evidence that the two sets of malware were parallel projects run by the same entity.
Spokespersons for the CIA, the NSA and the Office of the Director of National Intelligence, as well as the Israeli Embassy in Washington, declined to comment.
The virus is among the most sophisticated and subversive pieces of malware exposed to date. Experts said the program was designed to replicate across even highly secure networks, then control everyday computer functions to send a flow of secrets back to its creators. The code could activate computer microphones and cameras, log keyboard strokes, take computer screen shots, extract geolocation data from images and send and receive commands and data through Bluetooth wireless technology.
Flame was designed to do all this while masquerading as a routine Microsoft software update, evading detection for several years by using a sophisticated program to crack an encryption algorithm.
“This is not something that most security researchers have the skills or resources to do,” said Tom Parker, chief technology officer for Fusion X, a security firm specializing in simulating state-sponsored cyberattacks, who does not know who was behind the virus. “You’d expect that of only the most advanced cryptomathematicians, such as those working at NSA.”