The U.S. and Israel developed and carried out the Flame virus attacks on Iran, according to a new report.
The Washington Post reports, citing sources, that Flame was the brainchild of the U.S. National Security Agency, the Central Intelligence Agency, and Israel's military. The focus of the malware was to surreptitiously map and monitor Iran's networks to deliver sustained intelligence to the government organizations. That information could then be used for other attacks.
"This is about preparing the battlefield for another type of covert action," an intelligence official told the Washington Post. "Cyber-collection against the Iranian program is way further down the road than this."
The source went on to tell the Post that Israel and the U.S. are still conducting a cyberassault on Iran.
Flame was discovered last month, but had been in operation since 2010. Kaspersky, which first noted the virus, said that it appeared to be "state-sponsored," but at the time stopped short of saying it came from the U.S. and Israel. Flame's main charge, according to security experts, was to steal information about targeted systems and stored files, as well as information on the computer display and audio conversations. Iran was the central target for the virus, but it also impacted machines in the West Bank, Syria, and other Middle East countries, as well as Sudan.
The U.S. has stayed tight-lipped on its possible involvement in Flame. After Israeli vice prime minister Moshe Ya'alon said on the country's military radio station, Army Radio, last month that "there are quite a few governments in the West that have rich high-tech [capabilities] that view Iran, and particularly the Iranian nuclear threat, as a meaningful threat -- and can possibly be involved with this field," his office was forced to publicly deny any involvement with Flame.
Despite first delivering its payload in 2010, Flame was under development at least five years ago, according to the Post's sources. The development was part of an effort known as Olympic Games, which according to an earlier report by The New York Times, also included the Stuxnet virus. Talk of using cyberwarfare to sabotage Iran's nuclear efforts first arose during President George W. Bush's second term, according to the report.
While Flame and Stuxnet have been brought to light, similar payloads may still be lurking. In fact, one source told the Post that the unveiling of Stuxnet and Flame "doesn't mean that other tools aren't in play or performing effectively."