When news broke Tuesday that thousands of government computers in Iran had been infected with a sophisticated virus called Flame, officials in the country along with cybersecurity experts worldwide immediately started assessing blame across the world.
But the international case of cyber whodunit isn't likely to be solved anytime soon. Experts agree that the 20 megabyte file—extremely large for a virus—was so complex that it was likely created by state-sponsored actors.
But exactly which state is responsible? According to Kevin Coleman, author of The Cyber Commanders Handbook and a senior fellow with the Technolytics Institute, the virus' authors would have to be "really stupid" to allow it to be traced back to them, and they clearly were not.
"It's impossible to know who did it. I don't think it was a private hacking group, based on the information targeted. It wouldn't lend itself to criminal activity," Coleman says.
Experts immediately began looking at the United States and Israel, who Iran blamed for the 2010 Stuxnet virus, which damaged centrifuges inside uranium enrichment plants in the country. Iran has already admitted it lost "massive amounts of data" since March 2010.
But Coleman says "no one can be ruled out," including China, whose economy relies on Iran's actions.
"If I was China and I wanted to gather info about Iran, I'd make it look like the United States was behind this," he says. "China is a formidable opponent in all things cyber—I would not rule anything past them."
Adam Segal, a senior fellow at the Council on Foreign Relations who specializes in cyberconflict and technology in China and India, says China "has an intelligence interest in Iran, just like every other major country."
"We know the Chinese do engage in cyber espionage, so they are a possibility," he adds. "When you put together a list of who has the technical prowess and who benefits from this information, you get a list of about five or six countries—the U.S., Israel, the U.K., Germany, China, and Russia."
Moshe Yaalon, the Vice Prime Minister of Israel, has hinted his country could be behind the virus.
"Israel is blessed with being a country rich in high-tech, and from that perspective, these achievements we take pride in, both in the civilian sector and the defense sector, open up very many opportunities," he said on Israel's Army Radio.
According to Kaspersky Lab, the Russian antivirus company that discovered Flame, the virus could automatically take screenshots, record audio, and detect Bluetooth-enabled devices on an infected computer and send them back to the attacker, making it "one of the most advanced and complete attack-toolkits ever discovered."
According to Kaspersky "arguably … the most complex malware ever found," but its purpose is completely different from Stuxnet, according to Coleman.
"We're comparing apples with oranges—one's a weapon, one's for spying," says Coleman. "Stuxnet as a weapon is unparalleled. [Flame] is an act of espionage. As far as we know at this point, it's not destructive or disruptive."
Jason Koebler is a science and technology reporter for U.S. News & World Report. You can follow him on Twitter or reach him at firstname.lastname@example.org
- Obama's Iran Options: Talk, Threaten or Attack
- Check out U.S. News Weekly: an insider's guide to politics and policy
- Chen Case Reveals Fragility of Chinese Communist Party