by Stephen Bryen
The Kaspersky Labs, based in Moscow and well regarded, says that it has uncovered a computer virus that targeted banks in Lebanon, the Palestinian territories and in Israel. While not saying “who” invented the Gauss virus, Kaspersky makes the case that the new virus, called Gauss, is closely linked to the Stuxnet and Flame virus. Supposed leaks to the New York Times finger the CIA and Israel as the sponsors of Stuxnet.
There is always a little more than suspicion that should accompany any, and all, such declarations.
Stuxnet, as is now understood, focused on the controller systems of Iranian centrifuges. The Stuxnet infection caused the centrifuges to operate erratically defeating their ability to extract bomb-grade uranium from uranium hexafloride gas. (An interesting sidelight is that the Iranian centrifuges are derived from a European design, and the controllers and other electronics, as well as the special materials, come from Europe and appear to be in ample supply.)
But is Gauss really a “son of Sam” type virus?
Kaspersky Labs, through its Secure List Blog says:
We believe the theory that Gauss is used to steal money which are used to finance other projects such as Flame and Stuxnet is not compatible with the idea of nation-state sponsored attacks.
If the Secure List Blog is right, and if we accept that the Gauss is similar to Stuxnet and Flame as the Lab insists, then suspicion is thrown on the original claimed sourcing of Stuxnet and Flame –e.g., that these viruses were a CIA-Israeli deal.
For what it is worth, cooperation between the U.S. and Israel on Iran has been poor, if not worse. The CIA for the past decade has insisted the Iranians are not close to having a nuclear weapon, and even in the most recent admission that the Iranians are closer than the previous CIA estimate, the CIA is still very far apart from the public Israeli assessment. Furthermore, the administration has very strongly opposed not only physical intervention against Iran, but the administration has taken a strictly hands off approach, and has not supported the Iranian opposition or encouraged regime change (something they were glad to do in Egypt, Libya and Syria and strongly hinted at in other countries like Yemen, Jordan and Bahrain).
So believing the CIA and Israel actually cooperated on Stuxnet or anything else seems hard to believe. And the so-called leaks had plenty of political motive for President Obama, who has been trying to tell the American Jewish community that he is the best friend Israel ever had.
We also note that Russian cyber-thieves have been looting banks around the world for years. Clearly the cyber thieves had at their disposal the resources to carry out these thefts.
Could it be that all these viruses come from Russia instead of Israel or the CIA, or alternatively that there is an under-the-table deal between Israel and Russia to secretly block Iran’s nuclear programs instead of a collaboration between Israel and the CIA?
Israel’s relationship with Russia sometimes looks better than the relationship with the U.S. After all, President Putin found time to visit Israel and his visit was positive, even in the midst of the Syrian civil war. President Obama has not gone to Israel during his presidency.
Oddly, given that Kaspersky operates in Russia and no doubt has a positive relationship with the Russian government, it is very strange they would take the lead in exposing the Gauss virus if Gauss had any conceivable link to the Russian government. But politics is always a process, not a fixity, and things change rapidly. Maybe the Russians are starting to worry that Israel really will hit Iran and they are sending them a message? (Kaspersky brags about how “good” parts of the Gauss virus really is. Would they be touting Israeli skills or Russian skills? Or neither?)
So while the Gauss virus origins remains unknown, the suggestion that it is linked to Israel and the CIA can probably be ruled out. The rest we really don’t know.