Report: Flame Virus A Joint U.S.-Israeli Project Like Stuxnet

Some news I missed last week concerns the Flame cyber virus, which I previously wrote about here and here, and reports that it has a similar origin to Stuxnet:

The United States and Israel jointly developed a sophisticated computer virus nicknamed Flame that collected intelligence in preparation for cyber-sabotage aimed at slowing Iran’s ability to develop a nuclear weapon, according to Western officials with knowledge of the effort.

The massive piece of malware secretly mapped and monitored Iran’s computer networks, sending back a steady stream of intelligence to prepare for a cyber­warfare campaign, according to the officials.

The effort, involving the National Security Agency, the CIA and Israel’s military, has included the use of destructive software such as the Stuxnet virus to cause malfunctions in Iran’s nuclear-enrichment equipment.

The emerging details about Flame provide new clues to what is thought to be the first sustained campaign of cyber-sabotage against an adversary of the United States.

“This is about preparing the battlefield for another type of covert action,” said one former high-ranking U.S. intelligence official, who added that Flame and Stuxnet were elements of a broader assault that continues today. “Cyber-collection against the Iranian program is way further down the road than this.”

Flame came to light last month after Iran detected a series of cyberattacks on its oil industry. The disruption was directed by Israel in a unilateral operation that apparently caught its American partners off guard, according to several U.S. and Western officials who spoke on the condition of anonymity.

There has been speculation that Washington had a role in developing Flame, but the collaboration on the virus between the United States and Israel has not been previously confirmed. Commercial security researchers reported last week that Flame contained some of the same code as Stuxnet. Experts described the overlap as DNA-like evidence that the two sets of malware were parallel projects run by the same entity.

Spokesmen for the CIA, the NSA and the Office of the Director of National Intelligence, as well as the Israeli Embassy in Washington, declined to comment.

Well of course they did. You wouldn’t expect them to admit it now would you? In all honestly, I’m not sure why stories like this are getting leaked out to begin with. Wouldn’t we prefer that our role in all of this remain secret? Of course, the other alternative is that the leaks are strategic in that they are designed  to say to the Iranians “See, this is what we can do to you” as a way of persuading them to make concessions during the ongoing, and so far largely fruitless, negotiations over their nuclear weapons program. Not a bad idea, perhaps, but it strikes me that such admissions are just as likely to enrage the Iranians as they are to scare them.

FILED UNDER: Intelligence, Middle East, National Security, World Politics, , , , , ,
Doug Mataconis
About Doug Mataconis
Doug Mataconis held a B.A. in Political Science from Rutgers University and J.D. from George Mason University School of Law. He joined the staff of OTB in May 2010 and contributed a staggering 16,483 posts before his retirement in January 2020. He passed far too young in July 2021.


  1. Ben Wolf says:

    It would be nice if we’d stop pretending we need Israeli help with anything at all. We appear to include them in weapons development because it makes them feel important.

  2. If you read through the various articles about this cyber war against Iran that have come out, it is clear that the main reason for bringing Israel into the loop is to give them some sense of assurance that we’re trying to do something about the Iranian weapons program so that they back away from the idea of launching an attack on a hair trigger’s notice.

  3. Ben Wolf says:

    @Doug Mataconis:

    I’ve noticed you have a tendency to accept whatever the official line is on many subjects. Israel has no capacity to attack Iran without assistance from the U.S., Syria, Iraq and Saudi Arabia. The Israelis do not control this issue and the United States is not a passive actor which has no choice but to fall into line with whatever decision is made in Tel Aviv. The idea we have to pacify Israel so they don’t cause trouble is nothing more than stroking the macho fee-fees of a piss-ant country angry it doesn’t rule the universe.

  4. Ben,

    Since I am not present in the White House Situation Room when these matters are discussed I can only speculate as to what the reason for certain things might be. The idea of placating the Israelis, or at least calming them down about, is one that makes sense under current circumstances. And while it may be true that Israel could not launch a truly effective attack against Iran’s nuclear weapons facilities that doesn’t mean that they would not do it anyway if they believed their backs were pushed up against the wall.

  5. Jen says:

    It might enrage the Iranians and it might scare them, but it also might make them paranoid. Angry/scared/paranoid/under stress people make more mistakes. This could also be a way of directing their attention to too many different things, taking their eyes off the ball. Which could in turn make it easier to collect intelligence and it could also slow them down. If they are busy looking behind every program and email for security threats, they have less time to devote to other projects.

    In other words, in addition to collecting intelligence, these sorts of things are a distraction and a type of psychological espionage, too. Just a thought.