Slashdot Mirror

← Back to Stories (view on slashdot.org)

US, Israel Behind Flame Malware

Posted by Soulskill on from the apparently-they-did-start-the-fire dept.

The Washington Post is reporting that the sophisticated 'Flame' malware was created by the United States and Israel in order to collect intelligence on Iranian computer networks. The intel was to be used in a cyber-sabotage campaign intended to slow Iran's development of nuclear weapons. This follows confirmation a few weeks ago that the U.S. and Israel were behind Stuxnet, which caused problems at Iran's nuclear facilities. From the article: "The emerging details about Flame provide new clues to what is thought to be the first sustained campaign of cyber-sabotage against an adversary of the United States. 'This is about preparing the battlefield for another type of covert action,' said one former high-ranking U.S. intelligence official, who added that Flame and Stuxnet were elements of a broader assault that continues today. 'Cyber-collection against the Iranian program is way further down the road than this.' ... The scale of the espionage and sabotage effort 'is proportionate to the problem that's trying to be resolved,' the former intelligence official said, referring to the Iranian nuclear program. Although Stuxnet and Flame infections can be countered, 'it doesn't mean that other tools aren't in play or performing effectively,' he said."

45 of 382 comments (clear)

  1. Duh - Who else would have done it? by Gothmolly · · Score: 5, Insightful

    I mean seriously? Who else besides the Israelis a) hate Iran and b) have the technical chops to do it?

    --
    I want to delete my account but Slashdot doesn't allow it.
    1. Re:Duh - Who else would have done it? by DynamoJoe · · Score: 5, Insightful

      Sabotage: yes. Cyber terrorism? No. Warfare, yes, but not terrorism.

      --
      bah.
    2. Re:Duh - Who else would have done it? by Anonymous Coward · · Score: 4, Informative

      I don't agree with it, and it sure makes America look like a hypocritical dick, but yeah it's not really terrorism. You could argue what's happening in Iraq and Afghanistan by America is terrorism, which to be honest is the only way to win there, you can't occupy it for ever and if you can't scare every one into submission the problem will return when you leave, because you won't of fixed any underlying issues, and may of even made them worse. But i don't see the same terror that happened on 911 or with the civilian deathroll in the middle east happening in Iran research centres, at least not due to cyber terrorism (I’m well aware of the Israeli assassins taking out Iran scientists).

    3. Re:Duh - Who else would have done it? by girlintraining · · Score: 3, Insightful

      I mean seriously? Who else besides the Israelis a) hate Iran and b) have the technical chops to do it?

      Believe it or not, we're not the most technologically sophisticated country. China has more honor students than we have students. Most of Europe has a more developed telecommunications infrastructure than we do; internet, mobile phones, cable tv, you name it. We are not number 1.

      As to who else hates Iran and has the capability to do something about it... it should be pointed out we don't hate Iran. We hate any country who tries to acquire nuclear weapons. Something the size of a suitcase can destroy a major city... it's why we worked so damn hard with the Russians to disarm as many of them as we could. Not every country will play nice: Some of them will do whatever it takes to beat their enemies, even if that means killing themselves in the process. Unfortunately, all the countries currently working on making nuclear weapons fall into that category, including Iran.

      The only reason we're fucking around with 'cyber' warfare instead of curb stomping them is it's an election year and our economy is in ruins thanks to fighting two unnecessary wars based on our President deciding to finish what his daddy started rather than leave well enough alone, and our country having a momentary fit of stupidity where we had to kill everyone and everything wearing a funny hat because a couple of our sand castles got kicked over by a bully.

      --
      #fuckbeta #iamslashdot #dicemustdie
    4. Re:Duh - Who else would have done it? by thrich81 · · Score: 3, Informative

      How about doing some research or at least keeping up with the news before spewing? One of the two US attorneys on the leak case is Rod J. Rosenstein, a Republican appointed into his current position as US Attorney in 2005 by George W. Bush -- hardly the profile of an Obama partisan.

    5. Re:Duh - Who else would have done it? by RulerOf · · Score: 3, Interesting

      Sabotage: yes. Cyber terrorism? No. Warfare, yes, but not terrorism.

      To be fair, terrorism is rather broadly any act that incites fear, specifically for political purposes. I don't know about you, but Stuxnet and Flame scare the hell out of me.

      And I don't even begin to represent their targets.

      --
      Boot Windows, Linux, and ESX over the network for free.
    6. Re:Duh - Who else would have done it? by Anonymous Coward · · Score: 3, Insightful

      I can kinda see both arguments, but "We're spying on your obviously high profile nuclear program" and "our virus broke some of your enrichment hardware", probably just don't have the same shock and terror as "someone just randomly blew up a bus with your family in it". If you find yourself going to the dictionary to figure out if something is terrorism, you're trying too hard.

      Though when the Israelis sent people to execute Iranian nuclear scientists and such... that might well qualify in a more traditional way.

    7. Re:Duh - Who else would have done it? by Dahamma · · Score: 4, Insightful

      It's hard to claim that the primary *intent* was to incite fear when it was created to be so stealthy it may have been running for years without anyone even noticing...

      To quote a well-respected Dr. on the subject... "Of course, the whole point of a Doomsday Machine is lost, if you *keep* it a *secret*! Why didn't you tell the world, EH?"

    8. Re:Duh - Who else would have done it? by SeaFox · · Score: 4, Insightful

      You seem to be assuming that Obama is actually behind this. The three letter agencies that make up the U.S. government don't ask for the President's approval every time they want to tie their shoes.

    9. Re:Duh - Who else would have done it? by dpilot · · Score: 4, Insightful

      Which scares you more, Stuxnet and Flame, which at the very least appear to have been fairly specifically targeted, or Iran with nuclear weapons?

      In another way, at least Stuxnet and Flame have come to light, show us what's possible, and start us thinking about how to counter. Imagine a world where such capabilities had been kept in the dark until used on a public infrastructure attack.

      --
      The living have better things to do than to continue hating the dead.
    10. Re:Duh - Who else would have done it? by highphilosopher · · Score: 4, Informative

      You mis-spelled "centers".

      P.S. Please mod this funny

      P.P.S. Please do NOT mod this Informative... You'll look stupid.

    11. Re:Duh - Who else would have done it? by AlphaWolf_HK · · Score: 3, Informative

      War tends to be when you are hitting military and/or government targets.

      Terrorism tends to be when you are hitting civilian targets.

      Destroying equipment used to make nuclear weapons is cyberwarfare. DDoSing the vatican is cyberterrorism.

      --
      Careful with names containing L slashdot.org/~AiphaWolf_HK slashdot.org/~AlphaWoif_HK slashdot.org/~AiphaWoif_HK
    12. Re:Duh - Who else would have done it? by symbolset · · Score: 4, Insightful

      Israel has had nukes for a very long time and not hurt anybody with them. When somebody new gets nukes we have to worry if they'll settle a grudge right away.

      --
      Help stamp out iliturcy.
    13. Re:Duh - Who else would have done it? by Anonymous Coward · · Score: 3, Insightful

      > Which scares you more, Stuxnet and Flame, which at the very least appear to have been fairly specifically targeted, or Iran with nuclear weapons?

      A loaded question. I'm either with you or with the terrorists? I fear the US more than any other country, but I think the US fears any other country more than I do the US.

    14. Re:Duh - Who else would have done it? by Tom · · Score: 4, Insightful

      Which scares you more, Stuxnet and Flame, which at the very least appear to have been fairly specifically targeted, or Iran with nuclear weapons?

      That's so easy, it's unfair: Stuxnet and Flame, of course. They already have caused considerable damage on a wide scale, and while they are targeted, it would be way too easy to re-target them on something that matters to me.

      Iran with nukes, on the other hand, is still theoretical, still has a long way to go, and even if they had nukes the chances are 99:1 that they would use them for MAD and not actually use them and even if the extremely remote chance of a nuclear detonation came to pass, it would almost certainly not affect me in the slightest.

      And, quite frankly, I don't buy nuclear fearmongering coming from the only country ever to actually drop nuclear bombs on civilian cities, twice.

      --
      Assorted stuff I do sometimes: Lemuria.org
    15. Re:Duh - Who else would have done it? by stainlesssteelpat · · Score: 4, Informative

      Centre = center or did i miss something? English comes in different flavours. Here in Oz we speak 'Strine'.

      --
      War is the statesman's game, the priest's delight, the lawyer's jest, the hired assassin's trade.- Shelley
    16. Re:Duh - Who else would have done it? by AliasMarlowe · · Score: 3, Insightful

      Besides, Israel itself has described cyberattacks as terrorism.

      So that implies Stuxnet was "state-sponsored terrorism". In which case, the US should add itself to that list it keeps...

      --
      Those who can make you believe absurdities can make you commit atrocities. - Voltaire
    17. Re:Duh - Who else would have done it? by cozziewozzie · · Score: 4, Informative

      No, they don't. Most Chinese live in poverty, only dreaming of the luxury of higher education.

      Most Chinese live in big cities (more than a million inhabitants) and have access to government scholarships if they score well on the university entrance examination (gaokao).

      The scholarships are a pittance, and many students have to work part-time to get through university, but their universities are loaded with brilliant people.

      China is a developing country and many people do live in poverty, but there are likely more kids with (real!) Gucci bags in Chinese cities than in the US. You have no idea how fast the place is developing.

    18. Re:Duh - Who else would have done it? by dpilot · · Score: 5, Insightful

      > the only country ever to actually drop nuclear bombs on civilian cities, twice.

      True, and the US has used nuclear blackmail more than any other country, regrettably.

      But there is another perspective on having used the nuclear bomb in war - historical necessity. There are many who say that a "demonstration event" would have sufficed, that the nuclear bomb need never have been used in war. Unfortunately I don't believe that. I don't believe that there would ever be sufficient fear of the nuclear bomb until it had actually been used to demolish a real city and kill real people. Also unfortunately, there was a very narrow window when that could be done "safely" - without the threat of a full-fledged nuclear exchange. That was the few years when the US had the Bomb and the USSR didn't.

      Plus if you ever studied the period, you'll see that many feel that using the bomb saved at least a million lives on both sides - the cost of a protracted air/sea/land war in the Pacific. Even the Hiroshima bomb didn't convince Japan to surrender - they felt that there could only ever be one bomb like that. After Nagasaki, the surrendered because they thought that we could just keep dropping bomb after bomb like that - the first one wasn't unique. What they didn't realize was that at the time we'd made 3 bombs, Trinity, Hiroshima, and Nagasaki - that we'd shot our wad. I don't know how far in time we were from a fourth, and I don't know how Japan would have acted had they known we couldn't do it a third time, even.

      --
      The living have better things to do than to continue hating the dead.
    19. Re:Duh - Who else would have done it? by ukemike · · Score: 3, Informative

      Good thing Eric Holder is appointing two Obama partisans to investigate the leaks.

      What exactly is an "Obama Partisan?"

      Perhaps Defense Secretary Robert Gates, Treasury Secretary Timothy Geithner, Transportation Secretary Ray LaHood, Army Secretary John McHugh, and Ambassador Jon Huntsman? All of these people are Republicans, conservatives, or people who served in Republican administrations. Finally as another poster here pointed out one of the two investigators appointed is a, gasp!, Republican! If you're drinking the Fox coolaid you may believe that the current administration is partisan, but it flies in the face of the facts. This President reaches across the aisle repeatedly looking for compromise only to have his open hand slapped. If you're looking for partisanship you'll have to look elsewhere.

      --
      -- QED
  2. When we do it to you by niftydude · · Score: 5, Insightful

    it is an act of espionage and sabotage proportionate to the problem that is trying to be resolved.

    If you do it to us, it will be considered an act of war.

    --
    You can never know everything, and part of what you do know will always be wrong. Perhaps even the most important part.
    1. Re:When we do it to you by artor3 · · Score: 4, Insightful

      You're referring to a previous story that you misinterpreted to mean that the US would consider cyberattacks to be an act of war. What that story actually said was that cyberattacks against certain key infrastructure might be considered an act of war if it were serious enough. Quoting:

      If a cyber attack produces the death, damage, destruction or high-level disruption that a traditional military attack would cause, then it would be a candidate for a "use of force" consideration, which could merit retaliation.

      That basically says that they won't rule out military force in certain extreme cases. Nor should they.

      And for Iran's part, if they'd like to consider Stuxnet to be an act of war, they can. Heck, they could consider Obama forgetting to say "bless you" after Ahmadinejad sneezes to be an act of war. That's the fun thing about the word "consider". But they won't, just as they didn't consider Israel's assassination of their nuclear scientists to be one.

      I'm sorry that international espionage isn't as cut and dry as you'd like it to be, but that's just how it is and has been for most of history. There were pretenses of chivalry in Europe (and likely other places) for a time, back when royalty was a good ole boys' club and the peasants would be the ones dying. We're past that now, and I for one am glad of it.

    2. Re:When we do it to you by Anonymous Coward · · Score: 5, Insightful

      in other words... if someone were to inject a cyber attack on say... or nuke facilities??? posted anon due to moding

    3. Re:When we do it to you by artor3 · · Score: 5, Insightful

      And if a normal person builds an aircraft carrier and conducts military exercises in national waters, they'd also go to prison. What is your point? If a government isn't allowed to do things that individual citizens can't, then it's not a government. It's a social club.

    4. Re:When we do it to you by demachina · · Score: 3, Insightful

      The U.S. law on computer intrusions specifically exempts law enforcement and intelligence agencies:

      "(f) This section does not prohibit any lawfully authorized investigative, protective, or intelligence activity of a law enforcement agency of the United States, a State, or a political subdivision of a State, or of an intelligence agency of the United States."

      This is the price we pay for electing people who are willing to criminalize nearly every action of ordinary citizens, and almost no action by government officials, even when they engage in actions that most people would consider criminal.

      For example:

      - torturing people
      - computer hacking
      - spying on people without a warrant
      - snatching people for rendition in violation of the laws and sovereignty of the countries where they are snatched
      - holding people, sometimes the wrong people, in indefinite detention without a hearing
      - assassinating people including U.S. citizens without a trial
      - using drones to assassinate people, often innocent civilians, in countries where no state of war exists while violating the sovereignty of nations we are not at war with

      This list goes on for a long time so I'll stop now.

      --
      @de_machina
    5. Re:When we do it to you by artor3 · · Score: 4, Insightful

      Oh come on, you know full well that Stuxnet was targeting the centrifuges. Screwing with centrifuges is not going to take their power grid offline, and it's certainly not "risking the lives of Iranian citizens". You're either being dishonest, or you are woefully ignorant of how nuclear power works.

      As for your support, I couldn't care less about it, and I've certainly never said anything even remotely like "they hate our freedoms".

    6. Re:When we do it to you by Maudib · · Score: 4, Interesting

      Ugh, overrated nonsense.

      There are stories every other day about Chinese and Russian efforts to compromise U.S. military networks, agencies and schools. When was the last time the U.S. declared war over foreign attempts at espionage?

    7. Re:When we do it to you by TubeSteak · · Score: 5, Insightful

      I don't know what the Iranians have done to you that makes you happy that the US and Israeli government is dangerously meddling with Nuclear power plants and risking the lives of Iranian citizens

      Stuxnet only attacked specific hardware configurations known to exist in Iran's uranium enrichment facilities.
      Stuxnet infected other computers, but did nothing malicious to them.
      There was no risk to nuclear power plants or Iran's civilian population.

      but the Iranians haven't done anything to me, and so I'd prefer to take an approach of innocent until proven guilty before instigating a war against them.

      Innocent until proven guilty is a legal fiction created so that our system of justice can be fair.
      It does not mean you are innocent and outside the legal system no one has to abide by that standard.

      That said, allowing Iran to go nuclear would lead to nuclear proliferation amongst its neighbors.
      At the same time, directly attacking Iran would cause them to lash out, in all directions, at once.
      It's a lose-lose situation that Stuxnet turned into a moderate win.

      --
      [Fuck Beta]
      o0t!
    8. Re:When we do it to you by artor3 · · Score: 4, Insightful

      Well since you asked...

      I have a strong dislike for irrationality, fear-mongering, and lies. I see a lot of all three whenever the topic of the United States comes up on Slashdot. The US certainly has its flaws. Lots of them in fact. But if you believe Slashdot, you'd think the US is some sort of comic book dystopia. So yeah, I push back against that sort of paranoid fear-mongering. I know I'll never get through to the true believers -- just as I'll never convince truthers that Bush didn't plan 9/11 along with Rockefeller and the queen of England -- but hopefully I can stop some forum lurkers from being lured down that path of irrationality and lies.

      As for Iran, I don't consider them to be a threat to the US. But if they obtain nukes, it will cement the leadership in power, as it did in North Korea. We all saw the beatings, rapes, and murders that the Iranian government employed against its people when they protested Ahmadinejad's reelection. Do you really think it would be a good thing for that regime to have even more power? I would never support a war in Iran, because that would kill innocent people. I don't even support Israel's assassination of nuclear scientists. But by the same token, I do support actions that prevent the current regime from obtaining nukes, because I think that Iran having nukes would also cause more death. Not through nuclear attacks, mind you, but by perpetuating a regime with a horrid record of human rights abuses. Delaying or preventing that possibility, without bloodshed, is a Good Thing.

    9. Re:When we do it to you by JoshuaZ · · Score: 3, Insightful

      Whether Iran considers assassination of their nuclear engineers to be an act of war by Israel isn't that relevant since Iran is in a state of war with Israel. In fact, they are at this point the only country in the region which has essentially refused to ever even remotely attempt to consider sitting down at a negotiating table with Israel. (Even Syria has done more). For all purposes that matter, Israel and Iran are at war. The only marginal way that they might not be from a legal perspective is that Iran doesn't recognize Israel's existence. So assassinating Iranian nuclear scientists just means that the state of war is heating up.

    10. Re:When we do it to you by JoshuaZ · · Score: 4, Insightful

      That ignores that Iran is helping prop up the Syrian government, and that Iran has been one of the chief funders of Hezbollah and other organizations which have repeatedly attacked Israel. Moreover, comparing small countries to large countries when it comes to foreign policy is not generally representative- large countries have much more wide-ranging interests and have much more ability to project power in the pursuit of those interests. So to really do very badly on foreign policy you need to be large.

    11. Re:When we do it to you by ethergear · · Score: 3, Informative

      So if the United States sabotages Iranian efforts to develop nuclear power, and they have an energy shortfall which results in 100 preventable deaths of Iranian civilians who were on life support, this is just as bad as if the Iranian cyber-warfare division deliberately cut the power to a US hospital and 100 American civilians on life support died?

      We and other countries have bent over backwards to offer Iran access to nuclear energy. If that's all they wanted they could have had it a decade ago, for cheap. No, they wanted to enrich uranium to make a nuclear weapon. When we blew up those centrifuges, we did it using computers AND NOBODY GOT BOMBED.

      And before you get your jimmies rustled about those poor people in that energy starved hospital, may I remind you that Iran is one of the world's biggest oil producers. I think it might just be barely possible they could make up this imaginary shortfall with some of that oil.

  3. Beating the War Drums by cosm · · Score: 4, Interesting

    My conjecture is that we will be at war with Iran in time for the election, call it a November surprise. Bunch of FUD stories from the Ministry of Information's various major news network puppets, and then we'll all be chest-pumping while the populace sings let's roll in the tanks.

    --
    'We are trying to prove ourselves wrong as quickly as possible, because only in that way can we find progress.' RPF
    1. Re:Beating the War Drums by Darkness404 · · Score: 3, Insightful
      Yep, I just love it.

      Last November people said: I'm voting for Obama because he's anti-war and wants to see peace!

      2009 Peace Prize: goes to Obama

      for his extraordinary efforts to strengthen international diplomacy and cooperation between peoples

      2010: Let's bomb Pakistan with even more drones!

      2011: Let's bomb Libya!

      2012: Let's use "cyber-terrorism" against Iran!

      --
      Taxation is legalized theft, no more, no less.
    2. Re:Beating the War Drums by artor3 · · Score: 5, Insightful

      So will you come back and admit to being wrong when you inevitably are?

      Israel has been trying to get Obama to go to war alongside them for quite some time now. He's refused. Maybe because we can't afford it, maybe because he doesn't think its necessary, maybe because his base would desert him, maybe because he just thinks that wars of aggression are bad. But declaring war right before an election? Absolute political suicide. His base would desert him, his opponents would mock him for his transparent ploy, and independents would look at the bill from Iraq and blanch.

      Now, if Romney wins, we might be in Iran by November of 2013... maybe. But I think Syria is the more likely candidate. He already wants to arm the rebels, and his party wants to go further than that.

    3. Re:Beating the War Drums by wmac1 · · Score: 4, Informative

      You forgot the kill list.

    4. Re:Beating the War Drums by phantomfive · · Score: 3, Insightful

      Still better than Bush.

      --
      "First they came for the slanderers and i said nothing."
    5. Re:Beating the War Drums by Darkness404 · · Score: 4, Insightful

      And Herpes is better than AIDS, doesn't mean I want either of them.

      Plus, last time I checked, Bush wasn't running in 2008.

      --
      Taxation is legalized theft, no more, no less.
    6. Re:Beating the War Drums by rockout · · Score: 4, Insightful

      Actually he decided to commit our country to support a popular uprising against a dictator, which ultimately succeeded in deposing said dictator without putting American boots on the ground. You and I obviously have our differences if you don't see the contrast between that and Iraq2003, but I for one have no problem with the way he handled our involvement in Libya.

      --
      I've learned that they're worthless, so I don't read AC comments anymore.
  4. Evidence by phantomfive · · Score: 4, Interesting
    In case anyone was wondering what the evidence was, here is the relevant quote:

    [Flame] was directed by Israel in a unilateral operation that apparently caught its American partners off guard, according to several U.S. and Western officials, speaking on the condition of anonymity.

    Generally these kind of leaks, especially when they happen as much as they have lately, happen at the direction of officials. It's not an accident. The question is why are all these anonymous leaks being passed to the press? Is it because they want Iran to think we have greater capability than we actually do? Some people have speculated that this is an attempt to give Obama an election boost, but one leak is enough to do that, he doesn't need to keep leaking....So what is the purpose?

    --
    "First they came for the slanderers and i said nothing."
    1. Re:Evidence by Anonymous Coward · · Score: 5, Informative

      I work for Siemens, though on their medical devices, and, in a word, yes. In two words: fuck, yes. Hell, the girl from "Jurassic Park," who "knew UNIX" could hack at least one line of Siemens medical products.

  5. Double standards? by Darkness404 · · Score: 4, Insightful

    When the US uses "cyber-terrorism" its portrayed as a heroic action. If Iran does the same thing to the US, we'd use it as an excuse to start yet -another- costly, expensive, and needless war.

    Why does it seem like the past 15 years of politics have been "Wag the Dog" repeated over and over again?

    --
    Taxation is legalized theft, no more, no less.
  6. Other Disruptive Measures by raftpeople · · Score: 5, Funny

    The CIA has revealed that an entire warehouse of AOL CD's has been shipped to Iran...

  7. Re:Are you worried about a nuclear Iran? by Mashiki · · Score: 3, Interesting

    Worried about a nuclear Iran? Yes. Worried about a nuclear US, China, Russia, India, UK, France, Pakistan, North Korea, Israel? Yes.

    See this is the logical breakdown that some people have. MAD. Some government actually do care, no matter how destructive the soviets were to their own people. They actually did have some understanding of their actions to the world as a whole. Knowing there would be nothing left of the world if they nuked the US. The US knew the same. India and Pakistan are at a similar point. Though as Pakistan slips further towards the militant islamist side it become less so. North Korea wants a bomb to threaten anyone, and will use it against the south, simply to use it. Israel has it to protect itself from arab states that have repeatedly tried to annihilate it(another form of MAD).

    Trust is a tricky thing. What you should be asking is, what do they care about if they have it and what do they care about if they use it, and expect to gain from it.

    --
    Om, nomnomnom...
  8. what should happen next by slashmydots · · Score: 3, Interesting

    I think that Iran should declare war on the US over it. That'd be good for some lolz. You know, like every youtube video where a little fluffy kitteh picks a fight with a doberman :-P But honestly, what are they going to do? Threaten us and Israel, build weapons, launch test missiles? Seriously, I can't think of anything they can or would do about it and if they formally attacked us, that'd be about it for them. This is going to embarrass the hell out of them when they basically are forced to do nothing about it.