Middle East
Researchers find link between spying programs
Experts say recently uncovered Flame shares software code with Stuxnet virus that targeted Iran's nuclear programme.
Last Modified: 12 Jun 2012 00:21
Computers compromised by Flame have been found in Lebanon, the Palestinian territories and Hungary

Two leading computer security firms have linked some of the software code in the powerful Flame virus to the Stuxnet cyber weapon, which was widely believed to have been used by the US and Israel to attack Iran's nuclear programme.

Eugene Kaspersky, chief executive of Moscow-based Kaspersky Lab, which uncovered the Flame virus last month, said on Monday his researchers had since found that part of the Flame program code is nearly identical to code found in a 2009 version of Stuxnet.

Later in the day, the largest security firm, the US-based Symantec Corp, said it had confirmed that some source code had been shared.

The new research could bolster the belief of many security experts that Stuxnet was part of a US-led cyber program still active in the Middle East and perhaps other parts of the world.

Kaspersky Lab had said Flame was developed with a different set of tools than Stuxnet, though it said its analysis was just beginning and would take many months.

Flame is the most complex computer spying program ever discovered and appeared to be aimed at government and energy-industry offices in Iran, Israel, the Palestinian territories and Sudan.

It has the capacity to steal or alter electronic documents. Flame has 20 times as much code as Stuxnet and hijacked Microsoft's process for automatic updates in order to install itself.

Although neither Kaspersky nor Symantec said who they thought built Flame, news organisations, including Reuters news agency and The New York Times, have reported the US and Israel were behind Stuxnet - which was uncovered in 2010 after it damaged centrifuges used to enrich uranium at a facility in Natanz, Iran.

US silent on viruses

Instead of issuing denials, authorities in Washington recently launched investigations into leaks about the highly classified project.

The White House declined to comment.

On Stuxnet and Flame, "there were two different teams working in collaboration", said Kaspersky.

In-depth coverage of a growing regional debate 

Flame is a highly sophisticated computer virus that  disguises itself as common business software. It was deployed at least five years ago and can eavesdrop on conversations on the computers it infects and steal data.

Security experts have suspected links among Flame, Stuxnet and Duqu - another piece of malicious software that was discovered last year - but Kaspersky Lab was the first to say it found hard evidence.

Late on Monday, Liam O Murchu, Symantec research manager, agreed, using his company's name for the newest virus, Flamer.

"Symantec Security Response confirms Flamer and Stuxnet share some of its source code," O Murchu wrote, adding that the analysis would continue.

If the US is proven to be a force behind Flame, it would confirm the country that invented the Internet is involved in cyber espionage - something for which it has criticised China, Russia and other nations.

A Pentagon report last year that outlined the still-evolving US cyber strategy said economic espionage could prove the greatest threat to long-term US interests, pointing to thefts of industrial and defence secrets via internet spyware.

Stuxnet was discovered in 2010 and has been closely scrutinised by the world's smartest cyber sleuths.

Yet Flame remained hidden until last month, when a UN agency asked Kaspersky Lab to look for a virus that Iran said had sabotaged its computers, deleting valuable data.


Topics in this article
Featured on Al Jazeera
'Justice for All' demonstrations swell across the US over the deaths of African Americans in police encounters.
Six former Guantanamo detainees are now free in Uruguay with some hailing the decision to grant them asylum.
Disproportionately high number of Aboriginal people in prison highlights inequality and marginalisation, critics say.
Nearly half of Canadians have suffered inappropriate advances on the job - and the political arena is no exception.
Women's rights activists are demanding change after Hanna Lalango, 16, was gang-raped on a bus and left for dead.
Buried in Sweden's northern forest, Sorsele has welcomed many unaccompanied kids who help stabilise a town exodus.
A look at the changing face of North Korea, three years after the death of 'Dear Leader'.
While some fear a Muslim backlash after café killings, solidarity instead appears to be the order of the day.
Victims spared by the deadly disease are reporting blindness and other unexpected post-Ebola health issues.