NBC News reports: As the United Nations and Iran warn that the newly discovered Flame computer virus may be the most potent weapon of its kind, U.S. computer security experts tell NBC News that the virus bears the hallmarks of a U.S. cyber espionage operation, specifically that of the super-secret National Security Agency.
The Flame virus, which is intended to gather intelligence — not destroy equipment or data, as was the case with the notorious Stuxnet virus — is too sophisticated to be the work of another country, said one U.S. official, speaking on condition of anonymity. “It was U.S.,” said the official, who acknowledged having no first-hand knowledge of how the virus operates or was introduced into the Iranian computers.
The U.S. was also believed to have a hand in the creation and insertion of the Stuxnet virus, which targeted Iran’s uranium-enriching centrifuges.
The newly discovered Flame virus essentially “colonizes” the targeted computers, giving hackers control over critical data stored on them, according to cybersecurity experts who spoke with NBC News.
U.S. intelligence officials declined to discuss the virus. “We have no comment,” said one. Israeli officials, suspected in previous attacks, denied involvement.
ABC News reports: Clues in the code, such as the names of processes like “Beetlejuice” and “Platypus,” led some experts to believe it could have been written by native English-speakers, but others pointed out that English is a common coding language in many countries.
Roel Schouwenberg, a senior researcher at Kasperky Labs, told ABC News today some monikers used in coding mean nothing at all or are just inside jokes among the programmers.
“We are talking about a very high stakes operation here, covert cyber ops, but that doesn’t mean these guys aren’t just having fun sometimes,” he said.
Another possible clue in the code, Schouwenberg said, is that even though the program’s structure and capabilities are very different, Flame shares some sophisticated techniques and geographical targets with another infamous cyber weapon, Stuxnet. Stuxnet was an offensive cyber weapon that was only discovered in 2010 after it had reportedly infected and caused physical damage to an Iranian nuclear facility.
Schouwenberg said Kaspersky Labs is operating under the theory that Stuxnet and Flame were created by different development teams but likely under the direction from the same backer and with access to each other’s work. A researcher with the U.S.-based cyber firm Symantec told ABC News that scenario was a “definite” possibility and in its report Crysys said it could not be ruled out.