Israeli officials have denied any connection to the Flame malware, after media reports connected statements from the vice-Prime Minister to the cyberespionage threat uncovered by Kaspersky Labs
Israel is dismissing charges that it had anything to do with the Flame malware discovered by Kaspersky Labs. Several news reports on the malware toolkit (though not our coverage) linked comments made by the vice-Prime Minister, Moshe Ya’alon, with the malware, which researchers have tentatively labeled a weapon of cyberespionage, though full analysis could take years. A spokesman for the Israeli government, however, told BBC reporters that Ya’alon had been misrepresented in the reporting of the comments. Security researchers have also been quick to point out that it’s far too early to pinpoint the source of the attack.
The comments were made by Mr. Ya’alon, who also happens to be the Minister of Strategic Affairs, while discussing the attacks on Army Radio, Israel’s military radio station. “There are quite a few governments in the West [with] rich high-tech [capabilities] that view Iran, and particularly the Iranian nuclear threat, as a meaningful threat, and can possibly be involved with this field,” he said. “I would imagine that everyone who sees the Iranian nuclear threat as a significant one, and that is not only Israel, it is the entire Western world, headed by the United States of America, would likely take every single measure available, including these, to harm the Iranian nuclear project.” When asked to clarify the comments, a spokesman said, “There was no part of the interview where the minister has said anything to imply that Israel was responsible for the virus.”
Other speculation has linked America with the malware, including a completely unverifiable claim by an “anonymous official” to NBC that the US was behind the attack, but that he had “no first-hand knowledge” of the attack. The US has also denied responsibility for the attack.
Kaspersky Labs, the security firm that discovered the malware, has said that it could take years to determine where the toolkit had originated. However, their researchers have noticed that whoever was behind the malware appears to be slowly retreating, covering their tracks as the go. “It’s very tough to shut down 80+ C&C (command & control) servers at the same time,” explained Roel Schouwenberg, one of Kaspersky’s senior security researchers. “Some of them are not active anymore. I think this is some sort of effort to buy themselves some time and change the game plan if the need would arise. We’ve seen it in the past that after some period of silence [the] operation is rebooted.”
The UN has described Flame as a significant espionage tool and issued its “most serious” cyber security warning to date. However, others have suggested that the threat has been overblown by all the media coverage. It seems that every time there’s a new malware threat detected, it gets labeled a huge threat, or the worst malware ever, no matter its actual purpose.