Wednesday, 20 June 2012 18:05

US/Israel Flame Collaboration Rumor Misses Some Facts and Almost Looks Too Well Timed To be True

Written by

Reading time is around minutes.

208193530There are two things about leaks that always concern me; the content of the leak, who it was leaked to, and … (Ok three things I look at when dealing with leaks) the timing. Now when the leak hit concerning Stuxnet and Duqu we took a look at the information and compared it with some information we were able to dig up including the timing of the attack and a few other factors. The leak seemed to fit the facts. At the time of the leak there was no mention of Flame, any program to gather intelligence, or even hints that there might be more out there.

Now however we have a new “leak” that claims that Flame was the spy to the attack that was Stuxnet. This leak also goes on to claim that it was created by the US and Israel in cooperation and with the intent to delay Iran’s nuclear program. Ok so now let me get this straight. Flame came before Stuxnet? Some of this does not make sense and now even calls into question the first leak that was dropped.

You see the problem here is that if we take what Kaspersky has discovered into account then Flame appeared a little after Stuxnet. Yet the current leak claims that it was there to spy on Iranian systems for a later attack. The other side of this is the fact that Duqu was not a malicious piece of malware. It was designed (based on Stuxnet source Code) to act like a piece of intelligence gathering software. It was installed for a small amount of time and then… went away. Why the need for Flame if Duqu was working?

Right now researchers are only saying that one module shares a common method of operation. Considering the time between Stuxnet and Duqu and the fact that Flame used multiple plug-ins it is entirely possible that anyone could have developed this with only access to the Stuxnet/Dugu malware. Even Kaspersky did not claim it was made by the same team, only that there was evidence to suggest that at some point the developers of Flame had access to a certain subset of code. Now considering the number of times software companies have reverse engineered software and the massive amounts of “similar code and features” in most of today’s modern software it is not a solid fact that they were made by the same groups (and yet it has been reported that way on many occasions).

Other than the small subset of code and two naming conventions the two applications ran very different from each other. This is not like Stuxnet and Duqu where the source code was an almost perfect match. This is a single module that has similar functions and methods. Still we have this leak from “officials”.

Now let’s look at that part. These officials only spoke to the Washington Post and they did so anonymously. However they were careful to include some watch words to make it credible. One of these is the now popular “former high-ranking U.S. intelligence official” that could mean anything though when you think about it. The Washington Post has also been vocal with its criticism of President Obama and we also know that the GOP would like nothing more than to get him out of the White House, so a nice leak like this would be an excellent one given the timing.

On the technological side the US and especially Israel has the talent to come up with something like Flame but I do not think they have the coordination to do it. We have multiple agencies that walk all over each other in an effort to get the most funds and the most power. Only recently we have seen the Department of Homeland Security fighting with both the FBI and the NSA for power. Next is that our policy makers would not have the understanding to grasp this type of exercise and then be able to keep it quiet on this level. I can tell you that they are barely able to grasp conventional war in many cases. If it was an executive order for the covert operation then in 18 months it would have had to go to oversight and someone would have talked then, not at this late stage.

No I think that what we have here is a particularly attractive set of circumstances that have led someone to think that pinning this on the current administration will help them in the long run. There is simply not enough to go on other than a few improperly quoted and linked facts and the words of “officials” that seem to know a lot about what is going on right before an election.

Discuss this in our Forum

Read 2827 times Last modified on Wednesday, 20 June 2012 18:11

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.