Upon hearing of Flame, the recently discovered computer malware sometimes described as the most insidious and sophisticated ever, one’s first thought is bound to be of Stuxnet. Upon discovery of that virus a year and a half ago, analyses by top cyber-security firms soon yielded smoking-gun proof that Stuxnet was custom-made to knock out uranium enrichment centrifuges at Iran’s Natanz facility; nobody has seriously doubted that the smoking gun was in Israel’s hands, whether or not U.S. intelligence also was an accessory. But with Flame, the more one learns the more puzzling its probable origin seems.
Like Stuxnet, Flame appears to have had Iran has its principal target–though not its only one. Unlike Stuxnet, Flame was designed not for sabotage but for industrial and economic intelligence. Will Jones at IEEE Spectrum magazine and others like CNET News have explained why Flame may have gone undetected for as long as five years–an intriguing issue in itself. The way in which Flame was discovered also is intriguing. The International Telecommunications Union, wondering why data was disappearing from some servers in the Middle East, called upon Kaspersky Lab in Moscow for help. As a side-effect of that endeavor the top Russian cyber-security firm hit upon Flame, though the malware may in fact not be implicated in the disappearing data that aroused the ITU’s concern.
Kaspersky Lab described Flame as “a backdoor Trojan with worm-like features that allow it to propagate on local networks and removable media,” in the words of IT Security & Network Security News & Reviews. “It is reportedly capable of taking screenshots, recording audio conversations and intercepting network traffic.”
Israeli officials have emitted mixed signals when asked about Flame, which could be interpreted as just another manifestation of the country’s customary non-denial denials when it comes to security issues. But the mixed signals might equally indicate that Israelis are happy to take credit for anything bad that happens to Iran, whether they actually are responsible or not. On the face of it, considering the countries targeted by Flame (above, courtesy of the Telegraph), it’s not completely obvious why Israel would be spying on itself almost as much as it’s spying on Iran.
Given Flame’s Mideast scope, might its objective have been simply to acquire oil intelligence? In this scenario, the perpetrators might be big oil players, consumer country governments, or freelancers selling information to the highest bidders. But if something like that were the case, why then would Egypt, Sudan and Syria be among the targets?
It would seem that Flame was targeting the Mideast in the broadest political or geopolitical sense. That suggests the perpetrator is a major government intent on developing its position in the region as a whole. The list of candidate countries could be quite long, of course. It might, for example, include Russia.
Could the Russians have caught on to themselves?