Cybersleuths see link between Flame, Stuxnet virus

Associated Press SHARE

By RAPHAEL SATTER, Associated Press

LONDON (AP) — Cybersecurity researchers said Monday that they'd found a link between the infrastructure-wrecking cyberweapon known as Stuxnet and the recently-discovered Flame virus — possibly offering a new clue about the latter's origins.

Kaspersky Labs expert Alexander Gostev said in a blog post that his company had identified a similarity between a subset of the code used in Flame and another set of code used in an early version of Stuxnet, which is believed to have been aimed at Iran's disputed nuclear program.

Kaspersky had previously said that while Flame and Stuxnet spread in similar ways, the two worked off of different coding platforms.

"It turns out we were wrong," Gostev said. "Wrong, in that we believed Flame and Stuxnet were two unrelated projects."

Alan Woodward, a cybersecurity researcher at the University of Surrey in southern England, backed Kaspersky's analysis, saying that the similarity they identified "does suggest that very early on there was some sharing" between the viruses' authors.

The discovery of Stuxnet revolutionized the cybersecurity field because it appeared aimed at damaging centrifuges used in Iran's nuclear program — the most high-profile example of malicious software being used to wreak havoc in the physical world.

Speculation as to the virus' authorship quickly settled around Israel or the United States, a theory which was given new credence by an article in The New York Times detailing how President Barack Obama ordered a wave of cyberattacks — code-named Olympic Games — which included unleashing Stuxnet against Iran's underground nuclear plant at Natanz.

The article also claimed that Israelis cooperated with the highly classified project.

The Times drew on anonymous sources, but its detailed description of conversations in the Oval Office among Obama, the vice president and the CIA director, was the most direct evidence to date of U.S. responsibility for Stuxnet.

The newspaper cited unnamed officials as denying that Flame was part of Olympic Games, but if Kaspersky is correct, then that suggests some sort of a relationship between the two projects.

The debate over the potency of Flame continues. The oversize virus is a kind of surveillance Swiss army knife, capable of turning on a computer's microphones, taking screenshots of its monitor, and — in one of its more novel attacks — sucking data from unsecured, Bluetooth-enabled cellphones left nearby.

Some researchers say the program isn't nearly as complex as Stuxnet and note that many of its functions have been seen before. But Marco Obiso, cybersecurity coordinator at the Geneva-based International Telecommunication Union, told The Associated Press late last month that Flame was one of the most serious threats his organization had ever come across.

___

Raphael Satter can be reached at: http://twitter.com/razhael

Copyright 2012 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.