No official word yet, but minister suggests Israel was behind attack, while Iran directly accuses it
A high-ranking Israeli politician has hinted that his country was behind the complex Flame malware that was designed to steal data from targets across the Middle East.
While stopping short of confirming Israel’s involvement, Moshe Yaalon, the country’s Vice Prime Minister and Strategic Affairs Minister, said they certainly have the tools available and are willing to take steps to combat what he called "threats" from neighbouring countries.
"Whoever sees the Iranian threat as a significant threat is likely to take various steps, including these, to hobble it," he told Army Radio. "Israel is blessed with high technology, and these tools that we take pride in open up all kinds of opportunities for us."
Meanwhile, an Iranian cyber defence official has firmly pointed the blame at Israel for the Flame outbreak. Speaking to the New York Times, Kamran Napelian, part of Iran’s Computer Emergency Response Team, said the encryption used was similar to previous malware from Israel.
"Its encryption has a special pattern which you only see coming from Israel," he said. "Unfortunately, they are very powerful in the field of IT."
Napelian’s interview also gave more clues about how Flame operates. He told the New York Times the infection was spread via USB sticks rather than online, meaning it was manually introduced to the Iranian network. He also said it was designed to monitor specific computers on the network, highlighting Flame’s targeting capabilities.
While he could not go into any great details, he estimated that Flame had been active for at least six months and was responsible for a "massive" amount of data being stolen.
There is still little known about Flame, which has been described by Kaspersky Lab, one of the first security companies to reveal details of it, as "one of the most complex threats ever discovered. It pretty much redefines the notion of cyberwar and cyber-espionage," Alexander Gostev, Kaspersky Lab expert said.
Its size and complexity means analysis has so far been a slow process and Kaspersky estimates it will take many months before a fuller picture emerges.