According to an Associated Press report here, contrary to previous reports that Stuxnet and Flame were unrelated, the authors of Stuxnet and Flame apparently worked together at one point. There is evidence that “does suggest that very early on there was some sharing”.
According to an ABC News Report by Lee Ferran and Kirit Radia here, a block of code was shared between the two programs, sometime around 2009.
If this is the case we might to begin looking for evidence of more code from Operation Olympic Games floating around in cyberspace. Flame provides a framework for future warfare in cyberspace, as proposed by eScan Blog here. According to the report:
Its only objective is to gather intelligence i.e. data . Usernames, password hashes, url-cache, network drives, Cached passwords, Bluetooth devices, Instant Messenger traffic, Browser traffic et al. And it also comes with its own SQLLite database.
Flame appears to capture information useful for future exploits, much like hacking 101, but on steroids.
Stuxnet seems to capitalize on detailed information about targeted systems, in this case, the nuclear enhancement facility near Natanz, Iran at 33°43′N 51°43′E.
It does not appear that Flame is used to feed information to Stuxnet, so for what is the information obtained by Flame used?
Ah, that is the $64,000 dollar question. There appears to be other programs floating around therefore, using the information obtained by Flame. We know the information obtained by Flame comes from systems connected with the internet, so offline facilities, such as Natanz, should not provide any information. I can speak only for the US, where the vast majority of military equipment is not connected to the internet, they are on separate networks. I am assuming Iranian systems are the same. This leaves critical infrastructure, such as electrical facilities, power sources, transportation and such, which can all have military applications. As I am careful to state, time and again, the targets must be used solely by the military to comply with the Laws of Armed Conflict. From experience we have seen that Iran might not apply their targeting criteria so studiously, especially when they have proclaimed their nuclear program is entirely for civilian use. When targeting electrical systems that supply power to the military, it is difficult to avoid civilian bleedover. It will be interesting to observe what the Iranians will target.
When will we begin calling it Cybergate?
- Back to Stuxnet: the missing link (securelist.com)
- Cue the Conspiracy Theories: Parts of Flame Virus Are Nearly Identical to Stuxnet (betabeat.com)
- Iran Retaliatory Cyberstrike: “Imminent” (toinformistoinfluence.com)
- Flame and Stuxnet show Obama’s commitment to Chinese cyberwar (theweek.co.uk)
- Flame Is No Stuxnet (technewsworld.com)
- Researchers Connect Flame to U.S.-Israel Stuxnet Attack (wired.com)
- Flame and Stuxnet malware linked, says Kaspersky (venturebeat.com)
- Development timeline key to linking Stuxnet, Flame malware (networkworld.com)
- Researchers link Stuxnet and Flame cyberweapons (pcpro.co.uk)
- Discovery of new “zero-day” exploit links developers of Stuxnet, Flame (arstechnica.com)
- Flame virus wiped from computers by suicide command (cbc.ca)
- Stuxnet And Flame Developers ‘Worked Together’ (techweekeurope.co.uk)
- Flame and Stuxnet devs shared zero day exploits (news.techeye.net)
- Flame malware snoops on PCs across the Middle East, makes Stuxnet look small-time (engadget.com)
- Researchers Connect Flame to U.S.-Israel Stuxnet Attack | Threat Level | Wired.com (warsclerotic.wordpress.com)