Has Flame become a psychological prop? The Flame cyber-weapon was part of an intelligence-gathering operation designed to aid separate more physically disruptive attacks, the Washington Post has reported anonymous US officials as saying.If accurate this would posit Flame as the software that made more than one version of Stuxnet (discovered before Flame but now forensically connected to it) the effective tool it turned out to be when wielded against systems at Iran’s nuclear enrichment facility in Natanz.Flame was so successful at its reconnaissance role that it probably furnished Iran’s enemies – including co-developer Israel – with enough data to attack a wide range of other targets, including a mysterious one reported on the country’s main oil terminal as recently as April.“This is about preparing the battlefield for another type of covert action,” the newspaper reported the US official as saying. “Cyber-collection against the Iranian program is way further down the road than this [Flame],” confirming that operations were ongoing. “It [Flame] doesn’t mean that other tools aren’t in play or performing effectively,” the official reportedly said.Normally, newspaper reports such as this would be part of the stream of interesting speculation of the sort that has appeared from time to time since Stuxnet’s discovery almost two years ago. That US officials seem to be queuing up to claim responsibility for a cyberweapon most people already believe was the work of the US suggests that the Administration is complimenting software war with a psychological counterpart.The cover blown, the US might now be making the best use of Flame as a warning to Iran of its intent, capability and ingenuity.As several analyses have pointed out, that capability is significant, featuring a large number of different modules, at least five zero day exploits over time, and an innovative attack on the encryption used to secure Microsoft certificates as a way of compromising the Windows Update system.The role of Israel and other countries remains less clear. According to the Washington Post report, Israel used the same Flame independent of US direction during the oil terminal attack, which suggests a looser and less disciplined modus operandi than officials have tried to project.In the US, the revelations about the US’s apparent cyber-weapons programme have already been dismissed by Senator John McCain as part of an attempt by US President Obama to portray himself as being tough on Iran. Related content news Amazon debuts biometric security device, updates Detective and GuardDuty Amazon’s latest security offerings, announced at its re:Invent conference, cover everything from advanced biometrics to new tools for defeating runtime and cloud threats, including identity and access management (IAM) capabilities. By Jon Gold Nov 29, 2023 3 mins Biometrics Security Monitoring Software Threat and Vulnerability Management news Almost all developers are using AI despite security concerns, survey suggests About 96% of developers are using AI tools and nearly eight out of 10 coders are bypassing security policies to use them, while placing unfounded trust into AI’s competence and security, according to the report by Snyk. By John Mello Jr. Nov 29, 2023 4 mins Development Tools Security Practices Supply Chain news FBI probes Pennsylvanian water utility hack by pro-Iran group Federal and state investigations are underway for the recent pro-Iran hack into a Pennsylvania-based water utility targeting Israel-made equipment. By Shweta Sharma Nov 29, 2023 4 mins Cyberattacks Utilities Industry feature 3 ways to fix old, unsafe code that lingers from open-source and legacy programs Code vulnerability is not only a risk of open-source code, with many legacy systems still in use — whether out of necessity or lack of visibility — the truth is that cybersecurity teams will inevitably need to address the problem. By Maria Korolov Nov 29, 2023 9 mins Security Practices Vulnerabilities Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe