Vice Prime Minister Moshe Ya’alon.
Vice Prime Minister Moshe Ya’alon. Photo by Alon Ron
Text size

Vice Prime Minister and Strategic Affairs Minister Moshe Ya'alon took to Twitter this afternoon to try and clarify his remarks made on Israel Radio that all but seemed to be taking credit for the Flame bug

To recap, in his interview Ya'alon said that "Anyone who sees the Iranian threat as a significant threat – it's reasonable [to assume] that he will take various steps, including these, to harm it," and that "Israel is blessed as being a country rich with high-tech, these tools that we take pride in open up all kinds of opportunities for us."

While that wasn't actually taking responsibility in Israel's name, it was much closer than any Israeli official has come to acknowledging that the nation's much-vaunted technological capabilities were being harnessed to wage electronic warfare on Iran.

After this statement caused the expected fuss, and was quickly seized in Tehran, Ya'alon issued nine separate tweets, in English and Hebrew, in which he made clear that: "We take pride in our technological accomplishments, both civilian and defense… the State of Israel investing significantly in defending against penetration of its computer networks… Plenty of advanced Western countries, with apparent cyber-warfare capabilities, view Iran and especially its nuclear program as real threat"

Enough said, plenty of countries could have been behind Flame.

We don't know much about Flame yet. Thomas Rid, a reader at the Department of War Studies in London's King College, who has told me that much of what has been written about Flame over the past couple of days is "premature because of the sheer size of it (20MB) and the fact that it is very hard to reverse-engineer.

There is a lot of speculation, and even saying that a state was behind it is a speculation." Rid gave it the best description I have heard so far – "a listening device on steroids." He also thinks it will be virtually impossible to trace the source and the computers that were controlling it from afar and receiving the information collected from the computers in Iran and other countries in the Middle East that were affected.

"If it's anything like we saw with Stuxnet, then Flame will be covering its traces, with false IP addresses in different countries that probably are not relevant anymore anyway. It will also be impossible to figure how long it was operating since the time-spans have been falsified to the 1990s. It probably hasn't been working for fifteen years."

But Mikko Hypponen, one of the world's leading experts on computer viruses, believes that Flame "has been spreading for years." Which leads to the question, if this spy-virus was lurking for so long, recording and passing on every keystroke, e-mail, websearch and conversation carried out on the unwitting host computers, why was it only discovered now?

Flame was apparently specifically designed to evade all types of anti-virus defense systems in general use and its detection could point to the fact that after a prolonged period of activity, it was finally tripped up by some new program, yet another indication of its longevity.

But there is also the possibility that its designers and operators developed in advance an even more sophisticated and stealthy version of spyware, and could allow for it to be detected. In this case, Ya'alon's intriguing statements this morning may have been aimed at spooking the Iranians.

Rid, who has recently published a major work on Israel's doctrine of strategic deterrence believes this could be the case. "It's an opportunity for people like Ya'alon to create a scare," he says. "Any statement by Israeli leaders is taking advantage of the situation to create so much visibility and scare and fear among the Iranians."