Cyberdefense specialists in the U.S. and Israel collaborated on the so-called Flame malware that caused havoc with Iran's nuclear reactors, a top engineer has said.
The unidentified engineer cited by the Institute of Electrical and Electronics Engineers said Flame as well as the earlier Stuxnet worm were co-developed by cyberintelligence specialists at the U.S. National Security Agency, the Central Intelligence Agency and the Israel Defense Forces.
The specialist said far more work is going on than has been reported. This is about preparing the battlefield for another type of covert action...Cyber-collection against the Iranian program is way further down the road than this.
For the past several years, government officials in Washington and Jerusalem have declined all comment about the two computer worms, which got into the Iranian nuclear installations, interfered with centrifuges and otherwise disrupted alleged nuclear planning.
In his new book, Confront and Conceal: Obama's Secret Wars and Surprising Use of American Power, (Crown, $28) New York Times reporter David Sanger provided a full description of the cyberintelligence program called Olympic Games that brought about the computer worms.
Sanger mainly cited anonymous intelligence sources but identified Thomas E. Donilon, President Barack Obama's National Security Adviser, by name. The book laid out details of Olympic Games for the first time. Sen. Dianne Feinstein (D-Calif.), Chairman of the Senate Intelligence Committee, said she had not been aware of most of the details.
Indeed, Attorney General Eric Holder was prompted by Congress on June 8 to appoint two U.S. attorneys, Ronald Machen Jr. of Washington, D.C., and Rod Rosenstein of Maryland, to investigate who provided details of the reports to journalists.
Holder didn't publicly spell out precisely what leaks the law enforcement officials are to probe. Analysts said that was to prevent official confirmation.
Security experts at leading software providers such as International Business Machines Corp. (NYSE: IBM) and Symantec Corp. (Nasdaq: SYMC) have said they are aware governments have used cyberattacks to hack into U.S. government sites which run their products. They've declined all comment on what the U.S. government may be using to counter them, likely using many of their software and analytics products.
For example, IBM has sold its most advanced Blue Genie computer servers to U.S. national laboratories such as Lawrence Livermore in Livermore, Calif., and Argonne National Laboratories in Lemont, Ill.., where their announced uses include running simulations for nuclear weapons testing as well as seismographic research that could detect nuclear explosions. Other uses aren't so clear.
At the same time, the various U.S. defense and intelligence agencies have installed servers from other providers including Hewlett-Packard (NYSE: HPQ), the No. 1 computer maker, and Oracle Corp. (Nasdaq: ORCL), the No. 1 database provider that acquired Sun Microsystems two years ago, for analysis as well as storage of data.
Various software companies including IBM, Symantec, EMC Corp. (NYSE: EMC) ,Citrix Systems (Nasdaq: CTXS) and LANDesk are selling security software to enterprises to guard against hackers and intruders. The providers don't discuss tools they sell to allow programmers to deploy malware, though.
Shares of IBM closed up 31 cents at $193.70 on Friday while Symantec shares rose a penny to $14.45.