Two independent teams of researchers studying the Flame computer virus believe that the maker of the malware — all but certain to be the United States — has architected three additional programs to conduct clandestine cyberwar or espionage.
Both Symantec Corp of the United States and Kaspersky Lab of Russia acknowledged on Monday that their research of Flame has led them to believe that whoever had a role in creating that virus has also put their efforts behind three other similar programs.
A team of engineers at Kaspersky released new information on Monday collected during forensic analysis of Flame command-and-Control servers that were examined with the assistance of Symantec, ITU-IMPACT and CERT-Bund/BSI. Researchers had first disclosed in May that Flame, a sophisticated espionage virus, targeted computer systems in Iran and was likely the product of a nation-state, specifically the US. With this week’s update, however, it appears as if the United States’ endeavors in cyberwar may have stretched past even what researchers had imagined.
“Based on the code from the servers, it can be said that they were working with at least three other programs similar to Flame. The code names of those programs are IP, SP and SPE,” Kaspersky Lab chief security expert Aleks Gostev told RT.
Although the United States government has not gone on the record to take credit for either Flame or Stuxnet, a similar computer worm that targeted Iranian nuclear facilities first discovered in 2010, experts have long maintained that the US is involved in both viruses, perhaps even enlisting Israeli scientists for assistance.
Speaking at a TED Talk in 2011, researcher Ralph Langner said, "My opinion is that the Mossad is involved but that the leading force is not Israel. The leading force behind Stuxnet is the cyber superpower – there is only one; and that's the United States."
In January of this year, Mike McConnell, the former director of national intelligence at the National Security Agency under George W Bush, told Reuters that the US had indeed attacked foreign computer systems at one time or another, and confirmed that America has “the ability to attack, degrade or destroy” the e-grids of adversaries. When the New York Times followed up with a report of their own only five months later, members of US President Barack Obama’s national security team admitted on condition of anonymity that the White House continued cyber-assaults on Iran’s nuclear program through Stuxnet, which Mr. Obama himself endorsed.
Once compared with coding from Flame, security experts saw an immediate correlation.
“Stuxnet of 2009 had a large piece of code similar to that of Flame, so apparently creators of Stuxnet and Flame were working in close collaboration,” Gostev from Kaspersky Lab said.
With America all but confirmed as the culprit behind both viruses, this week it’s revealed that the United States may have crafted another three coded programs to target Iran and its allies. Speaking to Reuters, researchers involved in the latest analysis say they are still trying to figure out the basic facts about the three new viruses, but believe that the same entity responsible for Stuxnet and Flame are at it again.
"We know that it is definitely out there. We just can't figure out a way to actually get our hands on it. We are trying," Symantec researcher Vikram Thakur tells Reuters.
Also in their report, Kaspersy say that the heavy encryption and nature of the newest programs “fits the profile of military and/or intelligence operations."