For years, we discuss the authorship of what is considered one of the most offensive cyber weapon of history, Stuxnet, a thousand voices were compared on the difficult question alternating assertions and denials.
Always the principal international experts have suggested the U.S. as the authors of the cyber threat, but the main U.S. authorities have consistently denied, leaving that suspects will also concentrate on the work of Israel intelligence.
But when it was developed Stuxnet and by whom?
The planning of the deadly cyber weapon started under the administration of George Bush Junior as part of a military operation named “Olympic Games”, but the Obama administration has been pushing a more energetic on the offensive program. The uncomfortable truth was disclosed by The New York Times that could have shed light on one of the most disturbing questions of the global security landscape. The article is adapted from journalist David Sanger’s forthcoming book, Confront and Conceal: Obama’s Secret Wars and Surprising Use of American Power, and it confirms that both the US and Israeli governments developed and deployed Stuxnet.
The real problem as we will see is the damage caused by the uncontrolled spread of the dangerous virus to computing facilities across the world.
Stuxnet was designed with the intent to interfere and destroy the control systems inside the Iranian nuclear plan in which it assumes is being carried out the dangerous design of President Ahmadinejad to develop a nuclear arsenal with which to threaten the Western enemy. But the U.S. does not have acted alone, as it has been suspected they had the precious collaboration of Israeli computer scientists who have contributed to strengthening the malware.
The development has been conducted with the intensive collaboration of the NSA and the secret Israeli 8200 unit, a complex work of intelligence to realize a dangerous cyber weapon able to attack SCADA system in Natanz plant.
Striking are the backgrounds on the tests revealed the malware being developed, once it was completed the United States began building replicas of Iran’s P-1 centrifuges, a project that Iran purchased from Abdul Qadeer Khan, the Pakistani nuclear chief.
The US fortunately already owned a P-1s model because when Colonel Qaddafi gave up his nuclear weapons program in 2003, he turned over the centrifuges he had bought from the Pakistani nuclear ring, and they were placed in storage at a weapons laboratory in Tennessee. The results of the test were satisfactory, the malware demonstrated its efficiency to shut down operations in the test site.
Mr. Obama decided to accelerate the attacks even after, for an apparent error, the virus was spread outside the Iran infecting machines also in other countries. The article published by The New Your Times reports of a tense meeting in the White House Situation Room, within days of the cyber offensive, attended by President Obama, Vice President Biden Jr. and the director of the Central Intelligence Agency at the time, Leon E. Panetta.
During the meeting was discussed the opportunity to stop the diffusion of the malware outside Iran
“Should we shut this thing down?” President Obama asked
The effectiveness of cyber operation that was causing damage to the systems of SCADA components of Iran’s nuclear plants led to the decision to continue with the attacks, despite the virus was spreading outside Iran. Considering the potential offensive threat this decision is really questionable, the virus could damage other critical infrastructures, including Western countries, with unpredictable consequences.
President Obama concluded the secret summit declaring that when it came to stopping Iran, the United States had no other choice.
During the next week, at least two new version of the malware has hit the Natanz nuclear plant and other facilities in Iran.
The NYT has collected during the last 18 months reserved information from former American, European and Israeli officials involved in the operations declaring to keep secret their identities.
What is considerable are the results obtained with the use of cyber weapons by the US against a historical enemy, demonstrating how much aggressive could be also a covert operation in cyberspace. The US was secretly working on cyber weapon development achieving, with malware, what until then could be accomplished only by conventional military operations.
“Previous cyberattacks had effects limited to other computers,” Michael V. Hayden, the former chief of the CIA, said, declining to describe what he knew of these attacks when he was in office. “This is the first attack of a major nature in which a cyberattack was used to effect physical destruction,” rather than just slow another computer, or hack into it to steal data.
“Somebody crossed the Rubicon,” he said.
According the information collected, once Obama has taken the place of Bush authorized the attacks to continue requesting to be constantly updated on the event and requesting its express authorization to proceed for each phase of the operation.
“From his first days in office, he was deep into every step in slowing the Iranian program — the diplomacy, the sanctions, every major decision,” a senior administration official said.
But do not forget that these days Iran was the scene of a new cyber attack, malware Flame seems to have infected Iranians systems for years with a very aggressive agent with purposes of cyber espionage. Again U.S. and Israel have denied every responsibility, however it is clear that we encounter a new and powerful weapon used for purposes of espionage and ready to be turned into a formidable offensive weapon.
Despite enormous differences with Stuxnet it’s clear that Flame could be another face of the US offensive against Iran, but according the opinion of several expert, this time also the industry of antivirus system could be involved the noisy behavior of the agent. It’s not first time that private industry help government in covert operations, it happened for example in German, where a private company, DigiTask , developed and sold a spyware program for public authorities in Bavaria. Of course in this case we are speaking of a different kind of help, making for example invisible the malware to the common antivirus systems.
On the question Mikko Hypponen, Chief Research Officer of F-Secure, declared:
“A couple of days ago, I received an e-mail from Iran. It was sent by an analyst from the Iranian Computer Emergency Response Team, and it was informing me about a piece of malware their team had found infecting a variety of Iranian computers. This turned out to be Flame: the malware that has now been front-page news worldwide.
When we went digging through our archive for related samples of malware, we were surprised to find that we already had samples of Flame, dating back to 2010 and 2011, that we were unaware we possessed. They had come through automated reporting mechanisms, but had never been flagged by the system as something we should examine closely. Researchers at other antivirus firms have found evidence that they received samples of the malware even earlier than this, indicating that the malware was older than 2010.
What this means is that all of us had missed detecting this malware for two years, or more. That’s a spectacular failure for our company, and for the antivirus industry in general.”
Stuxnet, Duqu and Flame are not normal, everyday malware, of course. All three of them were most likely developed by a Western intelligence agency as part of covert operations that weren’t meant to be discovered. The fact that the malware evaded detection proves how well the attackers did their job.
The truth is, consumer-grade antivirus products can’t protect against targeted malware created by well-resourced nation-states with bulging budgets. They can protect you against run-of-the-mill malware: banking trojans, keystroke loggers, and e-mail worms.
Examining the cyber operation form a political perspective it’s clear that a cyber operation has a great efficiency, the damage caused by Stuxnet have postponed or stopped an imminent conventional strike of Israel against Iran.
What is not acceptable are the risks to which a not controlled cyber weapon have exposed computer systems all over the world, the same US critical infrastructures have been exposed to the cyber weapon.
The problems begun during the summer of 2010 when the diffusion of the malware gone out of control, starting to spread itself out of Natanz plant. It was not clear the reason of the unexpected spread:
“We think there was a modification done by the Israelis,”
one of the briefers told the president,
“and we don’t know if we were part of that activity.”
Mr. Biden reported to the President
“It’s got to be the Israelis,” “They went too far.”
If the news will be confirmed it could represent an historical event, the usage of a cyber weapon has substituted a military strikes obtaining same results, destroying enemy line.
The question is:
How many Stuxnet like malware are operating around the word and where?
The International Strategy for Cyberspace describes the cyber attacks are serious and dangerous business. The US in fact reserves the right to use even military force to respond to similar attacks.
“All states possess an inherent right to self-defense, and we recognize that certain hostile acts conducted through cyberspace could compel actions under the commitments we have with our military treaty partners,”
“We reserve the right to use all necessary means—diplomatic, informational, military, and economic—as appropriate and consistent with applicable international law.”
In the coming years will see an increasing number of similar events, will leave vulnerable antivirus systems architectures powerless over the planet, the same nations attackers could suffer the dreaded boomerang effect due to the uncontrolled spread of cyber weapons. Fortunately, to date, no catastrophes have happened, but in future, the effects could be unpredictable.
The cyber war is begun and we must consider that these cyber threats could be used against every country and adopted in covert operations for several years. Are we really prepared?
(Security Affairs – Stuxnet, Hotel Group, Olympic Games)