Flame: Israel rejects link to malware cyber-attack

By Dave Lee
Technology reporter, BBC News

image captionMoshe Ya'alon spoke to the country's military radio station about the attack

Israel has dismissed suggestions that it might be behind the Flame cyber-attack.

Several media reports linked comments made by the country's vice-prime minister with the malware, which has infected more than 600 targets.

However, a spokesman for the Israeli government told the BBC that Moshe Yaalon had been misrepresented.

Security experts said it was still too early to pinpoint the source of the attack.

Mr Yaalon, who is also Israel's minister of strategic affairs, discussed the attacks on Israel's military radio station, Army Radio.

"There are quite a few governments in the West that have rich high-tech [capabilities] that view Iran, and particularly the Iranian nuclear threat, as a meaningful threat - and can possibly be involved with this field," he said.

"I would imagine that everyone who sees the Iranian nuclear threat as a significant one, and that is not only Israel, it is the entire Western world, headed by the United States of America, would likely take every single measure available, including these, to harm the Iranian nuclear project."

When asked to clarify Mr Yaalon's comments by the BBC, a spokesman for the minister said: "There was no part of the interview where the minister has said anything to imply that Israel was responsible for the virus."

Retreating Flame

Other speculation has linked the US with the malware. An anonymous US official told NBC News the country was behind the attack - but conceded he had "no first-hand knowledge" of the matter. The US has also denied responsibility.

Many analysts said Stuxnet, a past high-profile attack which shares some similarities with Flame, could have been orchestrated by both countries.

Leading security expert Ralph Langner said in 2011 that Mossad - Israel's security agency - had collaborated in the attack with US intelligence. Both countries deny involvement.

Russian security firm Kaspersky Labs, which was among the first to reveal details of Flame, told the BBC that it could take months, or even years, to determine where it had originated.

image captionThe malware is said to have infected over 600 specific targets

However, its researchers have noted that whoever was behind the malware appeared to be retreating slowly.

"It's very tough to shut down 80+ command and control servers at the same time," explained Roel Schouwenberg, senior security researcher.

"Some of them are not active anymore. I think this is some sort of effort to buy themselves some time and change the game plan if the need would arise.

"We've seen it in the past, that after some period of silence, that the operation is rebooted."

The United Nations has described Flame as a significant espionage tool which could affect critical infrastructure - and issued its "most serious" cyber security warning to date.

However, others have suggested the threat had been overplayed.

"We seem to be getting to a point where every time new malware is discovered it's branded 'the worst ever'," said US security researcher Marcus Carey.

More on this story