Given the size and complexity of Flame, the cyber weapon that forced Iran to cut off its oil ministry rigs from the Internet this week, it seems safe to say that it was a state-sponsored attack, with the United States and Israel the primary suspects.
But the most interesting thing about Flame may be that it's simply a precursor for many more viruses like it. The Pentagon’s new cyber security strategy, first reported Thursday by Ellen Nakashima in the Washington Post, seems to suggest as much. At the center of the strategy, also known as Plan X, is a five-year, $110 million research program sponsored by the Defense Advanced Research Projects Agency (DARPA), a Pentagon division that focuses on experimental efforts.
The strategy reveals that DARPA will be increasingly shifting its cyber operations from intelligence-gathering to offensive cyber capabilities. To that end, it will be reaching out to private sector firms, universities, and even computer game companies, to help foster creative breakthroughs in developing highly-effective attacks.
Indeed, there are already some suggestions that such collaborations were involved in the creation of Flame: According to a report released Monday by Kaspersky Lab, a Russian computer security firm, the virus (which can record keystrokes, capture screenshots, and record conversations using computers’ internal microphones) was written using gamer code. It's possibly even the same language — which game programmers like because its simple and stable — as many popular games for mobile phones. It turns out Angry Birds are a lot more pernicious when they're working for the government.