'Proof' Links Flame, Stuxnet Super Cyber Weapons: Researchers
Experts say same section of code used in pair of cyber weapons that hit Iran.
June 11, 2012 — -- Researchers say they have uncovered "proof" linking the authors of the Flame cyber espionage program to Stuxnet, the most powerful offensive cyber weapon ever developed -- both of which are believed to have targeted Iran.
Analysts at the Russia-based cyber security firm Kaspersky Labs, which was the first to uncover Flame and had previously analyzed Stuxnet, wrote in a blog post today that they had found the "missing link" between Flame and Stuxnet: a specific piece of code that appears to have been used in both programs.
Flame, a highly advanced "toolkit" of cyber espionage programs capable of watching virtually everything on an infected computer, was discovered last month on computers in the Middle East and Iran and had apparently been spying on those systems for years. Stuxnet, an offensive cyber weapon designed to physically alter its intended target, was discovered in 2010 after it reportedly infiltrated and managed to damage an Iranian nuclear enrichment facility -- an unprecedented feat.
In both cases, cyber security experts that analyzed the programs' code determined that due to similarities in cost, time requirement and apparent target, it was likely they had each been developed under the direction of a nation-state, leading to speculation the U.S. or Israel may be involved. However, the same experts quickly noted that Flame's code architecture was vastly different from Stuxnet's and determined that while both could have come from the same nation-state, they were not likely written together.
READ: Smoke Over Flame: Who Is Behind Super Cyber Spy Tool?
But now Kaspersky Labs says the two cyber tools appear to have been developed in tandem and a section of code directly from Flame was used in an early 2009 version of Stuxnet, meaning that the two development teams overlapped in their work at least for a little while, even if they appear to have gone their separate ways in 2010 when newer versions of the programs appeared.
"We believed that the two teams only had access to some common resources, [but] that didn't show any true collaboration," Kaspersky Labs senior researcher Roel Schouwenberg told ABC News. "However, now it turns out that the Stuxnet team initially used Flame to kickstart the project. That proves collaboration and takes the connection between the two teams to a whole new level."
After Stuxnet's discovery, a Congressional report in December 2010 put the U.S. and Israel on a short list of countries believed to be capable of carrying out that attack -- a list that also included Russia, China, the U.K. and France. A month later, The New York Times reported Stuxnet may have been the result of a joint U.S., Israeli project to undermine Iran's nuclear program.
Five different U.S. government agencies declined to comment to ABC News about allegations they were involved in Flame and the Israeli government has reportedly denied any link to the virus.
News of the new connection between the two programs came just days after a U.S.-based cyber security firm, Symantec, reported Flame appears to have been given a "suicide" command that would wipe any trace of it from an infected computer.