The Washington Post

Iran acknowledges that Flame virus has infected computers nationwide

Iranian officials have acknowledged that a sophisticated virus has infected computers across the country and, echoing the conclusions of security researchers, suggested that the malicious code is related to the virus that damaged centrifuges in an Iranian nuclear facility two years ago.

In a statement, Iran’s National Computer Emergency Response Team said that “investigations during the last few months” had resulted in the detection of the virus, which has been dubbed Flame and is capable of stealing data from infected computers.

“It seems there is a close relation to the Stuxnet and Duqu targeted attacks,” the statement said, referring to two other viruses. Stuxnet damaged hundreds of centrifuges at the Natanz nuclear plant. Duqu, like Flame, was apparently built for espionage but shared characteristics with Stuxnet.

The Iranians also said they had developed tools to detect and remove Flame from infected computers.

Iran has in the past blamed Israel and the United States for creating Stuxnet, but there has been no proof of authorship.

Although Israeli officials have generally not commented on Iranian accusations that their country was behind that virus, a deputy to Prime Minister Benjamin Netanyahu on Tuesday appeared to hint at Israel’s possible involvement in manufacturing Flame.

Speaking on Israel’s Army Radio, Moshe Yaalon, the vice prime minister and minister for strategic affairs, said the virus was “apparently” state sponsored.

“Whoever sees the Iranian threat as a significant threat — and it’s not only Israel, it’s the whole Western world, led by the United States — it’s certainly reasonable that he uses all means at his disposal, including these, to harm the Iranian nuclear system,” Yaalon said.

He added, “Israel is blessed with being a country rich in high-tech, and from that perspective, these achievements we take pride in, both in the civilian sector and defense sector, open up very many opportunities.”

White House spokesman Jay Carney declined to comment, as did a spokesman for the CIA; officials at the Defense Department referred questions to the Department of Homeland Security. A spokesman for the DHS said the department has been made aware of the malware and is working with other U.S. agencies to analyze its potential impact on the United States.

Security researchers say Flame is capable to logging keyboard strokes, activating microphones to record conversations and taking screen shots.

Experts have cautioned that it is far too early to draw conclusions about who might have created the virus and why. “There’s a lot of guessing going on out there, and I don’t think a lot of it is based on facts,” said Jody Westby, chief executive of Global Cyber Risk, a consulting firm.

Iran was among several countries that about a week ago reported the infection to a U.N. agency responsible for communications technology, the International Telecommunication Union, said Mohd Amin, head of the ITU’s global cyber-center, which analyzes and shares data on cyber-threats.

The ITU asked the Russian-based Kaspersky Lab, which provides software to clients around the world, to investigate. Kaspersky checked its database and found samples of the virus in countries across the Middle East. Iran had the highest number of infections, followed by Israel and the Palestinian territories, then Sudan, Syria and Lebanon, according to the firm, whose database is limited to infections reported by its clients.

Kaspersky also has detected a few infections in Europe and the United States, but it is unclear whether those reflect people in the Middle East accessing the Internet through U.S. and European servers to circumvent Web filters, said Kaspersky Lab senior researcher Roel Schouwenberg.

Special correspondent Joel Greenberg in Jerusalem contributed to this report.

Ellen Nakashima is a national security reporter for The Washington Post. She focuses on issues relating to intelligence, technology and civil liberties.
Show Comments

Sign up for email updates from the "Confronting the Caliphate" series.

You have signed up for the "Confronting the Caliphate" series.

Thank you for signing up
You'll receive e-mail when new stories are published in this series.
Most Read



Success! Check your inbox for details.

See all newsletters

Close video player
Now Playing

To keep reading, please enter your email address.

You’ll also receive from The Washington Post:
  • A free 6-week digital subscription
  • Our daily newsletter in your inbox

Please enter a valid email address

I have read and agree to the Terms of Service and Privacy Policy.

Please indicate agreement.

Thank you.

Check your inbox. We’ve sent an email explaining how to set up an account and activate your free digital subscription.