I reported here about the Flame computer cyberweapon developed by Israel, which has infected individual computers in Iran and other Middle Eastern nations, including Israel and Palestine. A number of pro-Israel readers dismissed these findings. Now Kaspersky Labs, which was one of the first research teams to expose Flame’s existence, has confirmed a common element in the computer coding for each piece of malware. Initially it had only said that the two worms were developed by two separate teams which were working independently, but possibly in parallel.
Here is the summary of its findings:
- …A module from the early 2009-version of Stuxnet, known as “Resource 207,” was actually a Flame plugin.
- This means that when the Stuxnet worm was created in the beginning of 2009, the Flame platform already existed, and that in 2009, the source code of at least one module of Flame was used in Stuxnet.
- This module was used to spread the infection via USB drives. The code of the USB drive infection mechanism is identical in Flame and Stuxnet.
- The Flame module in Stuxnet also exploited a vulnerability which was unknown at the time and which enabled escalation of privileges…
- Subsequently, the Flame plugin module was removed from Stuxnet in 2010 and replaced by several different modules that utilized new vulnerabilities.
- Starting from 2010, the two development teams worked independently, with the only suspected cooperation taking place in terms of exchanging the know-how about the new “zero-day” vulnerabilities.
As far as I’m concerned, this further confirms the scoop conveyed by my Israeli source who told me that Flame was an Israeli product. Since the NY Times and others have earlier confirmed that Israel and the U.S. collaborated on the development of Stuxnet, the only question remaining is whether Flame was a similar effort or one by Israel alone.
Given that Flame has been found in computers in Palestine and Israel, my bet is that it was created by the IDF’s Unit 8200 alone and is being used solely to advance Israel’s own peculiar set of political-military-intelligence interests. I’ve reported here another scoop by my source that Flame was deployed by the Shin Bet to monitor the computer of Ehud Barak’s chief of staff, who the IDF chief of staff suspected of spying on him.