As the United Nations and Iran warn that the newly discovered Flame computer virus may be the most potent weapon of its kind, U.S. computer security experts tell NBC News that the virus bears the hallmarks of a U.S. cyber espionage operation, specifically that of the super-secret National Security Agency.
The Flame virus, which is intended to gather intelligence -- not destroy equipment or data, as was the case with the notorious Stuxnet virus -- is too sophisticated to be the work of another country, said one U.S. official, speaking on condition of anonymity. “It was U.S.,” said the official, who acknowledged having no first-hand knowledge of how the virus operates or was introduced into the Iranian computers.
The U.S. was also believed to have a hand in the creation and insertion of the Stuxnet virus, which targeted Iran’s uranium-enriching centrifuges.
The newly discovered Flame virus essentially “colonizes” the targeted computers, giving hackers control over critical data stored on them, according to cybersecurity experts who spoke with NBC News.
U.S. intelligence officials declined to discuss the virus. “We have no comment,” said one. Israeli officials, suspected in previous attacks, denied involvement.
The virus was first discovered and announced over the weekend by a Russian cybersecurity organization after reports of massive data losses in Iranian government computers. Kaspersky Lab told Reuters it found the Flame infection after the International Telecommunications Union asked it to investigate. By some accounts, the virus has been operating in the wild for as long as five years.
"This is the most serious (cyber) warning we have ever put out," Marco Obiso, cybersecurity coordinator for the U.N.'s Geneva-based ITU, told Reuters on Tuesday, referring to a bulletin about the virus expected to be issued in the next few days.
The confidential warning will tell member nations that the Flame virus is a dangerous espionage tool that could potentially be used to attack critical infrastructure, Obiso said.
Other experts said the virus appears to be a different type of invader than Stuxnet.
"From reading press reports, this appears to be penetrating networks to surveil, as opposed to destroy, as was the case with Stuxnet,” said Michael Leiter, former director of the National Counter Terrorism Center and now an NBC News analyst. “Such computer network operations are core components of what our and other intelligence services do day in and day out.
“Our intelligence services know that any weakness in an information system can mean the entire system is vulnerable. This makes defense very, very hard. Network defenses must work reliably and in real time across the entire network to defend against persistent intruders."
Iran’s cybersecurity officials seem to agree. The New York Times reported Iran’s Computer Emergency Response Team Coordination Center issued a warning Tuesday, saying, “This malware is a platform which is capable of receiving and installing various modules for different goals.”
If this is indeed a U.S. cyberwarfare operation, said computer security expert Roger Cressey, the target is likely to be Iran’s nuclear program and its decision-making apparatus.
"Whoever has developed this is engaged in very sophisticated intelligence gathering on computer networks throughout the region. Clearly, Iran is a top priority for this program," said Cressey, former chief of staff of the President’s Critical Infrastructure Protection Board under George W. Bush and now an NBC News analyst.
Two years ago, the U.S. and Israel were suspected of inserting the Stuxnet virus into the Iranian centrifuge center at Natanz. When the control software was corrupted, the motors that control the uranium centrifuge operations didn’t operate correctly, wobbling instead of spinning the way they’re supposed to, U.S. officials say.
Iran’s President Mahmoud Ahmadinejad has said that the work of Kaspersky Labs helped Iran uncover the infection and remove it from the centrifuge control program. Cybersecurity officials have told NBC News that the infection, while heavily publicized, was not as effective in disrupting Iran’s nuclear program as has been portrayed in some media accounts.
But Stuxnet is an example, said one U.S. official, of how those aiming to slow the Iranian nuclear program, which the U.S. says is aimed at producing nuclear weaponry, can have an effect similar to that of economic sanctions. The Iran program keeps making progress, he said, but never quite gets there.
Other U.S. officials said that the viruses not only affect the targeted program; they also make Iranian officials “paranoid.” Additionally, countering the attacks diverts valuable assets and resources from the core mission, they said.
While the Flame virus appears to be aimed more at gathering intelligence on the Iranian program, it, too, aims to make the Iranians paranoid, the officials said. It does so by making them wonder about security and by raising questions about whether the enemy knows the intricacies of Iranian decision making, not just on the nuclear program but on a host of other issues important to the U.S. and the West, they said.
Robert Windrem is a senior investigative producer for NBC News; Chief Foreign Correspondent Richard Engel contributed to this report.
More world news from msnbc.com and NBC News:
- US expels Syria diplomat after UN finds Houla victims were 'executed'
- UN agency appoints Mugabe as a 'leader for tourism'
- Teenager allegedly held as slave in Bosnia for years
- Britain's PM eats humble pie over snack tax
- At least 16 killed in 5.8-magnitude earthquake in Italy
- Brother of doctor who worked with CIA in bin Laden hunt seeks US protection