The Washington Post
confirms that Flame, like Stuxnet, was developed by the Israelis and the NSA as part of an operation called Olympic Games. My operating theory, at this stage, is that the NSA countenanced these cyberwar attacks as a way to impede Iran's nuclear development, but the Israelis deliberately changed the code and infected many systems outside Iran. Hence the Obama administration's sudden willingness to talk about the program.
By the way: Neither the Israelis nor the Americans referred to the worm as "Stuxnet." That sobriquet was invented by the first outsiders to study the virus.
Perhaps the most important aspect of the WP story is the revelation that there was much more to Olympic Games than Flame and Stuxnet:
The scale of the espionage and sabotage effort “is proportionate to the problem that’s trying to be resolved,” the former intelligence official said, referring to the Iranian nuclear program. Although Stuxnet and Flame infections can be countered, “it doesn’t mean that other tools aren’t in play or performing effectively,” he said.
Former CIA Director Michael Hayden offers a hint as to what these "other tools" might be up to.
“It is far more difficult to penetrate a network, learn about it, reside on it forever and extract information from it without being detected than it is to go in and stomp around inside the network causing damage,” said Michael V. Hayden, a former NSA director and CIA director who left office in 2009. He declined to discuss any operations he was involved with during his time in government.
So far, it looks like Flame was meant as an espionage tool. Stuxnet was more of an assault weapon.
The question before us is this: Why did the WP drop hints of ongoing cyber threats to Iran? Whoever the source was for that "other tools" remark, he or she had to have an agenda. Maybe the Obama administration wants Iran to think that the infestation is worse than it really is. Or maybe the administration is pissed off at Israel.