Flame virus leaves Iran with no place to hide online

By Anshel Pfeffer, May 31, 2012
EU foreign policy chief, Lady Ashton, after the latest negotiations on Iran, held in Baghdad last week

EU foreign policy chief, Lady Ashton, after the latest negotiations on Iran, held in Baghdad last week

Until now, Israel has been extremely coy about its offensive cyber-capabilities.

While the country’s security service has been relatively forthcoming about the efforts of the Shin Bet, the IDF and other security agencies to defend crucial civilian and military infrastructures from hostile cyber attacks, very little reliable information has been released regarding the attempts of Mossad and the IDF’s 8200 electronic intelligence unit to develop and deploy computer viruses and spyware against Israel’s enemies.

Even less has been officially confirmed.

One notable exception to the blanket silence was in February 2011, when at a farewell party for former IDF Chief of Staff, Gabi Ashkenazy, attended by hundreds of guests, including journalists, a specially produced film on his achievements as army chief, included a news report on the Stuxnet virus.
Stuxnet was discovered two years ago, after it had drastically infected the computerised operating systems of hundreds of centrifuges used by Iran for enriching uranium.

This Tuesday saw a second near-admission, when Vice Prime Minister and strategic affairs Minister, Moshe Ya’alon, when asked about the latest virus reported to have been detected in Iran — Flame — did not confirm or deny Israeli involvement.

Anyone who sees Iran as a significant threat will take reasonable steps’ — Ya’alon

Instead, he said that “anyone who sees the Iranian threat as a significant threat – it’s reasonable that he will take various steps, including these, to harm it.”

Mr Ya’alon went to say: “Israel is blessed as being a country rich with hi-tech. These tools that we take pride in open up all kinds of opportunities for us.”
Software analysts who have studied the Flame virus in recent days believe that, like Stuxnet, it is not the work of individual programmers or a criminal organisation, but a code of a complexity that could have been written only by a large team over a lengthy period of time. In other words, a product achievable only with the national resources of one of very few countries with advanced-tech capabilities.

The complex virus, with a program as large 20 megabytes, is designed to be operated by a remote-control computer and record every keystroke, every visit to a website, whatever appears on the screen, and any audio conversation through the computer.

Flame is capable of bypassing all known anti-virus systems. It is unclear how it was detected to begin with and whether the detection was intended by the programmers or if it was a failing on their part.

Whatever the answer to this, Mr Ya’alon’s intentions are clear — he was signalling to the Iranians that they can run but they can’t hide. If, in the past, Israel’s strategic deterrence was a result of the IDF’s military prowess and the Mossad’s fabled master-spies, today it is its hi-tech whizz-kids who are keeping Iran’s researchers, officers and officials offline, from fear that nothing they do can remain secret.

Last updated: 2:39pm, May 31 2012