Mahzor

New York Public Library

Churches

Sarajevo Haggadah

Mah Nishtanah

Sarajevo haggadah

Antaea Darom

Israeli women's art

Action

Torah as music

Ben Heine

Action

ceramic bowl

Mohammad Said Kalash, "Offering Reconciliation" exhibit (photo: Ilan Amihai)

Action

Punch and Judy/Pinchas and Jamila

Avi Katz

Action

David Grossman

Ben Heine

Action

Eldrige Street shul

Lower East Side

Action

Dove

Ben Heine

Action

Two birds

Hoda Jamal

Action

Israeli and Palestinian boys

from documentary, Promises

Action

Cat in the Hat

Yiddish version

Action

Daylight through the Wall

Banksy: graffiti art on Separation Wall

Action

Maurice Sendak's Brundibar set

New Victory Theater (photo: Nan Melville/NYT)

Action

Daniel Barenboim, West-Eastern Divan Orchestra

Palestinian-Israeli musical ensemble (photo: Kerstin Joensson/AP)

Action

Great Day on Eldrige Street

N.Y.'s klezmer greats celebrate shul rededication (photo: Leo Sorel)

Action

Joint Appeal for Peace

(Avi Katz)

Joint Appeal for Peace

Ketubah, Ancona, Italy (1772)

(Jewish Theological Seminary library)

Ancona ketubah

Posts Tagged ‘george-bush’

« Older Entries

Iran Threatens U.S. With Closure of Vital Strait If It Invokes New Oil Sanctions

Tuesday, December 27th, 2011

What do Howard Berman, Brad Sherman, Jane Harman, Gary Ackerman and all the other Congressional water-carriers for Aipac care about the impact of their vote for closing Iran’s oil spigot, even if it might force Iran to close the Strait of Hormuz in retaliation and start a regional war?  This is precisely the danger foreseen by the Founding Fathers when they arrogated the conduct of foreign policy to the executive branch and not the legislature.  Members of Congress grandstand and posture for their constituents.  They pander for votes.  Of course, they will vote for everything Aipac tells them to and more, in return for unlimited cash from pro-Israel donors.  Who the hell cares if their actions bring the region closer to conflagration?  When the shit hits the fan, they’ll blame Obama and say it’s the president who conducts foreign policy, not them.

strait of hormuz mapIran today warned that if Obama signs into law the new sanctions regime approved by Congress, it will close the Straits.  If it does that it will throw a huge wrench into the flows of Middle East oil around the world and send the price of oil through the roof.  Obama claims he has a plan to counteract such an Iranian act.  What might that be?  He’s not saying.  But it’s highly likely that anything the U.S. might do to respond to such an Iranian closure would escalate tensions even further.  How much higher can they go before real hostilities break out?  And perhaps that’s precisely what the U.S. and Israel want–to ratchet up pressure gradually so that Iran finally breaks and does something that will be a cause for war.  If they do this incrementally, they believe the world won’t be as likely to blame THEM for starting the war.  But we know better, don’t we?

On a slightly different note, UPI is reporting the settlement of a lawsuit brought by the government against the defense contractor which provides the fuses for the bunker buster bombs Obama gave the Israelis for use in penetrating Iran’s underground nuclear facilities.  The lawsuit alleged that fuses for the weapons were defective.  This may have some impact on Israel’s plans for attacking Iran, unless they’ve already solved the problem.

Returning to the NY Times story, I found this passage in David Sanger’s report to be foolhardy:

…A White House spokesman said there would be no comment on the Iranian threat to close the strait. That seemed in keeping with what administration officials say has been an effort to lower the level of angry exchanges, partly to avoid giving the Iranian government the satisfaction of a response and partly to avoid spooking financial markets.

You mean passing a law to destroy Iran’s ability to feed its people wasn’t provocation enough?  And not responding to the Iranian threat will somehow assuage them?  And do Sanger and Obama think that the financial markets don’t read the NY Times and won’t understand the full import of the Iranian threat?

As I’ve written here, any attempt to stop Iran’s access to world oil markets is likely to blow up in our faces.  It will send the price of oil sky-high, it will not necessarily shut Iran out of the markets, and will benefit Iran which stands to gain a financial windfall from increased oil prices.   In fact, today world oil prices broke the $100/barrel  barrier.  Hey, the sky’s the limit.  Howard Kohr and the boys from Aipac are probably working up some new ploy which will send them even higher.  I can’t wait to find out what they have in store for us next.  And this couldn’t have happened at a more opportune moment economically when the 99% (which excludes Obama, Sherman, Harman, Berman, et al.) face a looming recession and nearly 10% unemployment.

Don’t ya just love the cool certainty of this Treasury Department wise man who assures us the administration knows precisely how to handle this situation so that it will cause maximum harm to Iran and minimum harm to the U.S.:

“We have flexibility here, and I think we have a pretty good opportunity to dial this in just the right way that it does end up putting significant pressure on Iran.”

Why didn’t you say so?  Now I know we’re in good hands and nothing bad can come of this nonsense.

So here’s the U.S. plan in all its brilliance:

…The administration’s aim is to reduce Iran’s oil revenue by diminishing the volume of sales and forcing Iran to give its customers a discount on the price of crude.

Got that?  Through some sort of magical hocus-pocus we’re going to cut Iran’s ability to sell oil to anyone.  That won’t send the price of oil for us through the roof by some sleight of hand.  Luckily, there are some sane analysts out there who take a dim view of the practicalities of this:

Some economists question whether reducing Iran’s oil exports without moving the price of oil is feasible, even if the market is given signals about alternative supplies. Already, analysts at investment banks are warning of the possibility of rising gasoline prices in 2012, due to the new sanctions by the United States as well as complementary sanctions under consideration by the European Union.

Note that the administration plans to offer “alternative supplies” to Iran’s trading partners so that they can wean themselves from that country’s oil.  We haven’t ever been able to get the Saudis to do anything we wanted regarding raising or lowering their oil production.  Now all of a sudden not only will the Saudis answer the call, but they’ll have enough to replace what the world supply will lose from Iran.  Libya, Iraq (with it’s Shiite majority largely sympathetic to Iran) and Angola will take up the slack.  Oh, and we’ve got to approve the Keystone pipeline too and approve all those new fracking wells that threaten to destroy the water supply for hundreds of thousands of Americans.  If you believe this fairy tale, I’ve got a rusting hulk of a NYC bridge to sell you.

Another alarming intended effect of the new sanctions is to wreck the Iranian economy, which is supposed to be in free-fall.  But this appears to be a game of chicken: who will such a collapse hurt more–the country’s rulers or the tens of millions of ordinary Iranians who will be bankrupted and starved by the destruction of their national economy?  I strongly doubt that the common folk will rise up to smite their rulers because of the impact of these sanctions.  In fact, it’s liable to have precisely the opposite effect.  While we’re playing this game of Russian roulette determining who will lose the most, thousands of Iranian babies will begin dying from lack of basic sustenance and available health care just as happened in Saddam’s Iraq.  Is this really a moral burden Barack Obama wants to shoulder?  Of course, George Bush was happy to do so.  And the Aipac crowd will be happy to do so as well.  But does Obama want to be called the killer of Iranian babies?

Note also how the alleged Iranian plot to assassinate the Saudi ambassador has become real in this passage from Sanger’s report:

…A plot to assassinate the Saudi ambassador to the United States…

Now here I always thought it was the responsibility of the government to prove its claims in a court of law.  How foolish of me.  I didn’t realize reporters could decide for themselves that a government allegation was actually a proven fact.

Tags: , , , ,
Posted in Mideast Peace, Politics & Society | 9 Comments »

The Wages of Stuxnet Are Havoc

Wednesday, February 16th, 2011

While the wages of sin are reputed to be death, the wages of Stuxnet will be unforeseen havoc for years to come.  Several interesting reports out about the cyberweapon, which outgoing Israeli chief of staff Gabi Ashkenazi took credit for in his farewell party yesterday.  Those who read my blog carefully may remember two points I tried to make about Stuxnet at the height of the attack.  First, no matter how much damage was done, the relative impact would be short-term and not severe.  Just to be clear, I wrote this not because I want Iran to have a nuclear weapon, but rather because I thought the idea of sabotaging its nuclear program was wrong in ways moral as well as pragmatic.

Second, I wrote that the model of cyberattack represented by Stuxnet would let loose a whirlwind of potentially destructive attacks against any party responsible for it.  In a way, Stuxnet is like the proverbial gun in a play, about which Chekhov says: if you see a gun in the first act it will be fired by the third.  In other words, the damage wrought by Stuxnet might be confined to Iran’s nuclear program at first, but there is no possible way to prevent that gun from being fired again once you’ve seen it used.

The N.Y. Times published a story a few weeks ago revealing that Israel and the U.S. collaborated on creating Stuxnet.  I’d say that we live in an industrial-technological glass house.  So why we threw that rock at Iran’s nuclear program is beyond me.  Did we think that some smart set of hackers or a foreign intelligence agency might not use the mojo against us sometime?  Do we think that our nuclear power plants, electric grid and industrial systems are so secure that someone might not arrange for our own comeuppance?

Personally, I think whoever originally derived this concept and approved it wasn’t thinking straight.  They were going for immediate, short-term gain (damaging Iran’s nuclear facilities) and giving short-or even no-shrift to the far-range implications.

Returning to my first point above, the Washington Post reveals a new study by the Institute for Science and International Security, which uses video footage compiled by IAEA cameras inside Iran’s nuclear facilities, to confirm that Stuxnet did a relatively small amount of damage overall to Iran’s plants at Bushehr and Natanz.  At most, 10% of the centrifuges were destroyed and these were rapidly replaced.  Iran’s overall output of enriched uranium in 2010 didn’t even decline.  So you remember Meir Dagan crowing about how Iran’s nuclear ambitions had been humbled by his brilliant cyberploy, and the Iranian bomb had been pushed back to 2015?  Forget about it.

While the majority of the ISIS report sounded extremely persuasive to me, this bit of magical thinking didn’t:

…The worm almost certainly exacted a psychological toll, as Iran’s leaders discovered that their most sensitive nuclear facility had been penetrated by a computer worm whose designers possessed highly detailed knowledge of Natanz’s centrifuges and how they are interconnected, said David Albright, a co-author of the report.

“If nothing else, it hit their confidence,” said Albright, ISIS’s president, “and it will make them feel more vulnerable in the future.”

I have no idea why Albright would say this.  While Stuxnet certainly was a crisis for Iran’s nuclear program, given how successfully it defended against the crisis and recovered from it, why would Iranian scientists or security experts be quaking in their boots?  If anything, it will make them even more determined not to allow such a breach in the future.

And on the contrary, I’d say that now it is the U.S. and Israel who will have to be looking over their shoulders knowing they’ve unleashed the god of cyberdestruction on the world.  Iran has already been hit and absorbed the worst of it.  But we haven’t and our security experts should be runnin’ pretty scared I’d think imaging ways in which our own industrial processes could be compromised and the immense damage it could cause us.  This October, 2010 article from the Post delves into some of the ways in which the worm and its descendants could bring us to our knees.

Finally, FoxNews notes that a group of sophisticated computer hackers, angry at a security firm which supposedly attempted to infiltrate its ranks, penetrated the company’s e-mail system and exposed a modified version of Stuxnet, which they promptly unleashed online.  Don’t worry, our electrical power grid is not about the go down.  The version of the worm they released is not an exact duplicate of the real thing and probably can’t do much immediate damage to anyone.  But my point is that once you let this genie out of the bottle you’ll never get him back in it.  You don’t know who will get hold of Stuxnet next and what they might to with it.  And the article makes very clear that there are versions of Stuxnet out there and that some very enterprising hacker or foreign computer intelligence agent will be able to make use of it–someday.  And we’ll have only ourselves to blame because we thought we were being oh so clever when we birthed Stuxnet and bestowed in on our Iranian friends

Remember karma?  What you do comes back to you.  And in ways unforeseen.   Oh, and incidentally, you won’t hear about any of this in Clarion Fund’s new ‘hit’ movie, Iranium…

Tags: , , , , ,
Posted in Blogs-Tech-Science, Mideast Peace, Politics & Society | 9 Comments »

IAEA Inspectors: Stuxnet May’ve Shut Down Iranian Enrichment Program

Monday, November 22nd, 2010
bushehr centrifuges

Turbine inside Bushehr plant. where Stuxnet is alleged to have damaged industrial processes (AP)

Based on interviews with unnamed IAEA inspectors, AP is claiming that virtually all the centrifuge arrays used in the Iranian uranium enrichment program have been temporarily shut down.  The suspicion is that the Israeli Stuxnet attack has caused serious damage not just to Natanz, but to Bushehr as well, which was expected to come online in a month.  Look to an Iranian announcement about Bushehr shortly which should either confirm (if it is further delayed) or contradict (if it comes online as scheduled) the accuracy of this report:

A U.N official close to the IAEA said a complete stop in Iran’s centrifuge operation would be unprecedented to his knowledge but declined to discuss specifics. He, like two senior diplomats from IAEA member countries who told the AP of the incident at Natanz, asked for anonymity because the information was confidential.

Previous reports had indicated serious technical problems regarding these matters and that Stuxnet had caused damage, but this is the first report I’ve read which appears to claim that the entire enrichment program has been halted (albeit temporarily).

The article also explained precisely how the worm might disrupt normal function of the centrifuges and damage or destroy them altogether:

Iran’s enrichment program has come under renewed focus with the conclusion of cyber experts and analysts that the Stuxnet worm that infected Iran’s nuclear program was designed to abruptly change the rotational speeds of motors such as ones used in centrifuges. Such sudden changes can crash centrifuges and damage them beyond repair.

No one has claimed to be behind Stuxnet, but some analysts have speculated that it originated in Israel.

The worm “specifically controls frequency converter drives” that normally run between 807 Herz and 1210 Herz, researcher Eric Chien of the computer security company Symantec, said in an e-mail to the AP. “These are subsequently changed to run at 1410Hz, then 2Hz, and then 1064Hz.”

Iran nuclear expert David Albright said it was impossible to say what would cause a disruption strong enough to idle the centrifuges but “Stuxnet would do just that. “It would send (centrifuge) speeds up and then suddenly drop them,” said Albright of the Washington-based Institute for Science and International Security, which has tracked Iran for signs of covert proliferation.

Albright and a colleague, Andrea Stricker, last week released a study applying Chien’s finding to centrifuges. He said the worm appeared capable of pushing centrifuge speeds above their normal speeds, up to 1,410 Herz, or cycles per second, and then suddenly dropping speeds to 2 cycles per second, disrupting their operations and destroying some in the process.

Separately, another official from an IAEA member country suggested the worm could cause further damage to Iran’s nuclear program. The official also asked for anonymity because his information was privileged. He cited a Western intelligence report suggesting that Stuxnet had infected the control system of Iran’s Bushehr reactor and would be activated once the Russian-built reactor goes on-line in a few months.

Stuxnet would interfere with control of “basic parameters” such as temperature and pressure control and neutron flow, that could result in the meltdown of the reactor, raising the specter of a possible explosion, he said.

…Commenting on Stuxnet Monday, Olli Heinonen, the IAEA’s former point man on Iran, told a Washington audience that the virus could have infected control systems at Bushehr “or elsewhere.”

“It may cause a lot of havoc,” he said.

It should be noted that the Bushehr plant does not use centrifuge arrays (thanks to the commenter below who corrected my original misimpression on this subject) but that Stuxnet reputedly has also damanged computer and industrial processes there.  A engineer well-versed with the Iranian nuclear program wrote explaining how Bushehr works and by implication how Stuxnet could sabotage it with conceivably disastrous results:

The reactor is essentially a nuclear bomb, except that heat is removed quickly and the nuclear reaction proceeds slowly and under control. The heat is removed by passing pressurized water through the reactor that absorbs the heat (if the water is not pressurized, the heat will evaporate the water, the core of the reactor will melt down, and we will have a Chernobyl-type catastrophe).

If all the information and claims above are correct (and it’s possible they aren’t or are only partially true) Stuxnet, from the point of view of Israeli intelligence may be said to be a stunningly successful enterprise, at least in the short-term. But programs like Iran’s when confronted by external sabotage tend to close ranks and rally to the cause. It could be that instead of significantly delaying the Iranian program in the short-term it will spur it to greater, faster growth in the longer term.  The danger is for Israel and the U.S. to underestimate the resourcefulness and skills of their Iranian opponents.  That’s what cockiness does to you and Israel is full of it (literally).

The problem with Israeli intelligence skullduggery is that it tends to have vast and unintended consequences. They kill a “bad guy” to great celebration only to have him replaced by someone (in the case of Hassan Nasrallah) even more proficient than the victim. They sabotage a nuclear program only to have the technicians devise ever more inventive & secure means of attaining its goals.  It could happen.

Related articles

Tags: ,
Posted in Mideast Peace | 28 Comments »

Haaretz’s Melman Suspects Israeli Involvement in Stuxnet

Wednesday, September 29th, 2010

hadassah myrtleThe N.Y. Times offers some intriguing theories and reporting on the Stuxnet worm affair.  Among the tantalizing issues it raises is that the name “Myrtus” (Latin for “myrtle”) has been discovered in the malware’s computer code and may indeed have been the overall name of the project.  Also, one of the code modules was named for Guava, the fruit genus in which the myrtle tree is found.

Those who know their Biblical Hebrew will recall that Queen Esther’s Hebrew name is Hadassah, and that hadas is the myrtle tree.  As John Markoff and David Sanger note in their story, the Book of Esther recounts a preemptive strike by Persian Jews against the rulers of the kingdom who sought to exterminate the country’s Jewish community.  If Israel’s cyber warfare community created this cyber weapon, clearly they would see their efforts in precisely the same vein using computer warfare to preëmpt an Iranian nuclear weapon, which many Israeli leaders have called a method to exterminate not just Israeli, but world Jewry.

The Times story concedes that all this may be a very sophisticated red herring designed to intrigue the world into presuming Israeli involvement.  Along these lines, it’s worth noting that Israelis claiming an affiliation (which I strongly doubt) with that country’s intelligence services offered me what they claimed was the code name of the upcoming attack on Iran: Cyrus the Great.  Again, an intriguing red herring.  But possibly one that Israeli intelligence would like spread around the internet by someone like me as a form of anti-Iran psyops.

The Times story also raises once again, as I have done, the distinct possibility that the IDF cyberwarfare Unit 8200 would be expected to have created this monster if the job was done by Israel.  In an interview with the authors, Haaretz’s respected security correspondent, Yossi Melman, now seems to have adjusted his views and believes that Israel was involved.

infected usb driveOver a year ago, Reuters published a story which clairvoyantly outlined Stuxnet, the Israeli strategy that might’ve created it, and even speculated on the means of delivering the worm which turned out to be prescient:

…Cyberwarfare…is seen by independent experts as the likely new vanguard of Israel’s efforts to foil the nuclear ambitions of its arch-foe Iran.  The appeal of cyber attacks was boosted, Israeli sources say, by the limited feasibility of conventional air strikes on the distant and fortified Iranian atomic facilities, and by US reluctance to countenance another open war in the Middle East.“We came to the conclusion that, for our purposes, a key Iranian vulnerability is in its on-line information,” said one recently retired Israeli security cabinet member, using a generic term for digital networks. “We have acted accordingly.”

Cyberwarfare teams nestle deep within Israel’s spy agencies, which have rich experience in traditional sabotage techniques and are cloaked in official secrecy and censorship. They can draw on the know-how of Israeli commercial firms that are among the world’s hi-tech leaders and whose staff are often veterans of élite military intelligence computer units.

“To judge by my interaction with Israeli experts in various international forums, Israel can definitely be assumed to have advanced cyber-attack capabilities,” said Scott Borg, director of the US Cyber Consequences Unit, which advises various Washington agencies on cyber security.

Technolytics Institute, an American consultancy, last year rated Israel the sixth-biggest “cyber warfare threat,” after China, Russia, Iran, France and “extremist/terrorist groups.”

Asked to speculate about how Israel might target Iran, Borg said malware — a commonly used abbreviation for “malicious software” — could be inserted to corrupt, commandeer or crash the controls of sensitive sites like uranium enrichment plants.Such attacks could be immediate, he said. Or they might be latent, with the malware loitering unseen and awaiting an external trigger, or pre-set to strike automatically when the infected facility reaches a more critical level of activity.

As Iran’s nuclear assets would probably be isolated from outside computers, hackers would be unable to access them directly, Borg said. Israeli agents would have to conceal the malware in software used by the Iranians or discreetly plant it on portable hardware brought in, unknowingly, by technicians.

A contaminated USB stick would be enough,” Borg said.

Now, we can say that either Borg was involved in creating or delivering Stuxnet or else he was prescient.  I choose to believe the latter.  It’s also worth noting that Borg understood Israel’s motivation to do this right around the time Stuxnet was created (it’s first appearance was in 2009, around the time this article was written).  Further, it’s simply astonishing that if an American cybersecurity expert knew in 2009 an infected USB stick could damage Iran’s nuclear plants that no Iranian thought about this and did anything to prevent it.  I would think there might be a few heads rolling in the security offices of Natanz and Bushehr.

An Israeli cyber warfare specialist employed by the Israeli military industry who Markoff and Sanger interview disputes Israel’s involvement.  Frankly, if Israel was involved either this individual or his colleagues, protegés or mentors may’ve played a role in the project, so we have to discount the reliability of his testimony.

The Israeli expert also makes a claim that is disputed by Iranian experts themselves about the behavior of the virus:

Shai Blitzblau, the technical director and head of the computer warfare laboratory at Maglan, an Israeli company specializing in information security, said he was “convinced that Israel had nothing to do with Stuxnet.”

“We did a complete simulation of it and we sliced the code to its deepest level,” he said. “We have studied its protocols and functionality. Our two main suspects for this are high-level industrial espionage against Siemens and a kind of academic experiment.”

Mr. Blitzblau noted that the worm hit India, Indonesia and Russia before it hit Iran, though the worm has been found disproportionately in Iranian computers. He also noted that the Stuxnet worm has no code that reports back the results of the infection it creates. Presumably, a good intelligence agency would like to trace its work.

This strikes me as sophisticated disinformation.  Can any reasonably serious person believe that a project involving scores of programmers working in teams over at least six months aiming to infect Iranian industrial command and control systems was merely “an academic experiment?”  As far as the claim of industrial espionage against Siemens, that too lacks credibility since the worm appears to be benign outside Iran and there are no known cases of real damage outside that country.  Various sources inside Iran have acknowledged such damage (though there are other voices there who dispute this) and we know of apparent sabotaging of Natanz’s centrifuge arrays.

Further, Iranian sources also dispute another claim by Blitzblau, that Stuxnet doesn’t report back its results:

The director of the Information Technology Council of the Industries and Mines Ministry has announced that the IP addresses of 30,000 industrial computer systems infected by this malware have been detected, the Mehr New Agency reported on Saturday.

“An electronic war has been launched against Iran,” Mahmoud Liaii added.

This computer worm is designed to transfer data about production lines from our industrial plants to (locations) outside of the country,” he said.

Also, in the realm of Israeli disinformation, NGO Monitor’s Gerald Steinberg replied, in an e-mail thread that included me that his view is that Vladimir Putin did it!  Yes, I kid you not!

In a rational policy analysis, in which there are no good options, the “least bad” option becomes the policy of choice. If this is indeed a cyberattack undertaken by a government body (Putin’s Russia is also a logical candidate), designed to damage the Iranian nuclear weapons development program, and if this strategy was selected following a careful assessment in which the military as well as other options were deemed to be less likely to achieve core objectives at lower costs (including options expected to have ineffective results — sanctions), and if the side-effects, to the degree that they could be anticipated, including “blow back”, were considered in this assessment, then perhaps this is the “least bad option”, given all the factors and available options.

I almost gagged when I read that.  Russia??  What is the guy smokin’?  First, a Russian contractor is building Bushehr.  Why would Putin want to sabotage the work of his own country’s contractor?  Why would he wish to impede the development of a project to which his country and government have devoted incredible amounts of effort, energy, and national pride?  The entire notion beggars belief and sounds to me like Mossad disinformation. The only question is whether Steinberg says these things because he truly believes them or because Meir Dagan wants him to say them.

Yes, it is true that the infection wormed its way into Iran through an infected USB stick from that same Russian contractor.  But this would mean that either the contractor or someone in the Russian intelligence community deliberately infected Iran’s nuclear facilities and did so in a way that was traceable back to it.  This is something the actual creator of Stuxnet would NEVER have done unless he was very stupid.  And whoever created Stuxnet was NOT stupid.

Tags: , , , , , ,
Posted in Mideast Peace | 21 Comments »

Bush Counter-Terror Official on Stuxnet: ‘Israel Likely Did It’

Sunday, September 26th, 2010


A Bloomberg interview with Richard Falkenrath, former counter-terrorism official in the Bush administration points specifically to Israel as the most likely source (see 2:04 of this video) of the Stuxnet computer worm:

It is theoretically possible that the U.S. did–that the U.S. government did this.  But it’s a very remote possibility.  More likely, frankly, is Israel–that Israel did it.

For the U.S. to launch a malware attack like this is a very risky thing to do, because it can’t really be controlled.  It can spread beyond the place that’s being targeted.

Which brings us to a critical issue that none of the journalist or bloggers I’ve read who’ve covered this story have mentioned: if Israeli cyberwarriors from Unit 8200 or the Mossad (or both) created Stuxnet, it becomes yet another example of state-sponsored Israeli terrorism running amok.  Even if you concede Israel’s right to target Iran’s nuclear facilities in this way (which I’ll concede here only for the sake or argument), you have the problem of the tens, if not hundreds of millions of dollars in damages caused to the industrial systems of at least four countries (Iran, Pakistan, Indian, Indonesia).  This map details the infections spread by country.

This is a mirror image of the damage caused by the Mossad to the sovereignty and reputations of all those countries damaged by the Mahmoud al-Mabouh assassination when it forged passport documents in the names of citizens of these nations.  One might argue there was some legitimacy in destroying an Iranian nuclear facility possibly designed to create a nuclear weapon.  But for a nation like Israel to collaterally damage key production facilities of these other nations is unconscionable.  Falkenrath clearly believes this is the reason it is unlikely the U.S. pulled the Stuxnet trigger.

Of course, it will be difficult if not impossible to firmly identify the source of the infection since, unlike physical crimes, this one leaves little traceable evidence.  In that sense, Israel or whoever created this menace, has perpetrated almost the perfect cybercrime.  But let’s make no mistake: this is a crime especially against those countries victimized by it who were innocent of any involvement in Iran’s nuclear program.

In fact, one of the world’s leading cyber security experts notes the downward slide that Stuxnet represents:

“This malicious program was not designed to steal money, send spam, grab personal data, no, this piece of malware was designed to sabotage plants, to damage industrial systems,” he said.

“I am afraid this is the beginning of a new world. [The] 90’s were a decade of cyber-vandals, 2000’s were a decade of cybercriminals, I am afraid now it is a new era of cyber-wars and cyber-terrorism,” Kaspersky added.

The problem with Israeli moral calculus is that for the Mossad and Israel’s leaders the end of damaging Iran’s nuclear capability justifies any collateral damage.  I hope that the world’s cyber security experts and political leaders will make clear that this is not a moral calculus they share.  The danger of not taking a strong stand against this is that not only malicious computer hackers will exploit this deadly new development in the history of malware, it will lower the threshhold for other nations who may contemplate deploying such weapons against their own enemies in future.  Think of it–what’s to stop an ambitious Islamist hacker from “improving” on Stuxnet and targeting a critical U.S. production facility to wreak havoc on a power plant or even nuclear plant?  What’s to stop China from a similar attack against Taiwan?  Or Pakistan or India from similarly attacking each other if they were on the verge of war?  You can think of any number of possibilities here.

And it could be Israel that has unleashed this escalating menace on the world.  It’s leaders should realize that what goes around can come around.  While Israel has one of the world’s most sophisticated cyber warfare capability, that does not mean that it is invulnerable.  Certainly, it would be a very difficult target.  But for every Natanz that Israel may target there is a Dimona.  No one should forget that.  I am not advocating such an attack.  But it stands to reason that a nation injured by Israel might target its own critical facilities in revenge.  Is this the sort of cyber brinksmanship that we want to see?

In regard to my speculation that Natanz had to be the target of this attack because of its key role in uranium enrichment, which could lead to an Iranian nuclear weapon if it were pursuing such a goal, another cyber-security expert confirms my thinking:

• Stuxnet appears designed to take over centrifuges’ programmable logic controllers. Natanz has thousands of identical centrifuges and identical programmable logic controllers (PLCs), tiny computers for each centrifuge that oversee the centrifuge’s temperature, control valves, operating speed, and flow of cooling water. Stuxnet’s internal design would allow the malware to take over PLCs one after another, in a cookie-cutter fashion.

“It seems like the parts of Stuxnet dealing with PLCs have been designed to work on multiple nodes at once – which makes it fit well with a centrifuge plant like Natanz,” Rieger says.

While some have argued that Bushehr may’ve been the likely target of Stuxnet since Russian contractors working there originally introduced the worm, it wouldn’t be hard to infect a computer at Natanz once Bushehr was infected.  So it could’ve begun in Bushehr and spread to Natanz with the latter being the ultimate target.  But Paul does make some interesting arguments that Bushehr might make an attractive target as well.   My money is still on Natanz as being the primary goal.  I suppose too it’s possible that Israel’s may’ve devised a twofer, infecting and damaging both facilities.

In a follow-up to yesterday’s post about an Iranian report conceding extensive Stuxnet-related damage to its industrial plants, Paul Woodward reports this from Iranian media:

Iran’s Mehr News Agency adds:

The director of the Information Technology Council of the Industries and Mines Ministry has announced that the IP addresses of 30,000 industrial computer systems infected by this malware have been detected, the Mehr New Agency reported on Saturday.

“An electronic war has been launched against Iran,” Mahmoud Liaii added.

This computer worm is designed to transfer data about production lines from our industrial plants to (locations) outside of the country,” he said.

He also announced that a working group composed of representatives from the Communications and Information Technology Ministry, the Industries and Mines Ministry, and the Passive Defense Organization has been set up to find ways to combat the spyware.

This adds an interesting filip to what I’ve been reporting about the goal and intent of Stuxnet.  Till now, reports have speculated the purpose of the infection was to sabotage Iran’s Natanz nuclear plant.  But it seems entirely possible that while it was doing that an additional goal was to study the entire industrial process by which Iran was pursuing its nuclear ambitions.  This would be a possible goldmine of information for Israel in mapping out Iran’s level of progress and what particular technical avenues it was pursuing.  This might allow Israel to discover how close Iran was to nuclear break-out (if it is pursuing a nuclear weapon).  It might also enable Israel to prepare defenses against Iran’s nuclear goals or even suggest ways of attacking Iran again somewhere down the line.

The possibilities are endless.

Thanks to Paul Woodward for his stellar analysis, which I’ve in part adopted and in part taken in some slightly different directions.  H/t David Ehrens.

Tags: , , , , ,
Posted in Mideast Peace, Politics & Society | 106 Comments »

German Cyber-Security Expert: Stuxnet’s Target, Natanz Reactor

Thursday, September 23rd, 2010
natanz nuclear reactor

Did Stuxnet target Iran's Natanz nuclear reactor? (Reuters)

Might Stuxnet have been the preemptive first strike in Israel’s campaign against Iran’s nuclear program?

My post yesterday about Stuxnet noted cybersecurity experts who analyzed the massive computer worm which heavily infected computers in Iran speculated that the likely target was the Bushehr reactor.  But there are several reasons leading away from Bushehr and towards Natanz as the more likely target.  It is Natanz which is using centrifuges to enrich uranium which could potentially be used to create a nuclear weapon.  The centrifuge enrichment process requires precise timing of industrial processes which could easily be disrupted by a worm taking over the factory controls.

Wired reports on this aspect of the story:

Frank Rieger, chief technology officer at Berlin-based security firm GSMK, thinks the more likely target in Iran was a nuclear facility in Natanz. The Bushehr reactor is designed to develop non-weapons-grade atomic energy, while the Natanz facility, a centrifuge plant, is designed to enrich uranium and presents a greater risk for producing nuclear weapons. Rieger backs this claim with a number of seeming coincidences.

The Stuxnet malware appears to have begun infecting systems in January 2009. In July of that year…WikiLeaks posted an announcement saying that an anonymous source had disclosed that a “serious” nuclear incident had recently occurred at Natanz… The site decided to publish the tip after news agencies began reporting that the head of Iran’s atomic energy organization had abruptly resigned for unknown reasons after 12 years on the job.

There’s speculation his resignation may have been due to the controversial 2009 presidential elections in Iran that sparked public protests — the head of the atomic agency had also once been deputy to the losing presidential candidate. But information published by the Federation of American Scientists in the U.S. indicates that something may indeed have occurred to Iran’s nuclear program. Statistics from 2009 show that the number of enriched centrifuges operational in Iran mysteriously declined from about 4,700 to about 3,900 beginning around the time the nuclear incident WikiLeaks mentioned would have occurred.

The same German security expert attempts to explain the fact that computers outside the target country were infected as well, by noting the Russian contractor building Bushehr had lax security and the worm could’ve spread both to its Iranian clients and ones in other countries as well like India and Pakistan.  Though it’s true that the Russian contractor was working only on Bushehr and not Natanz, it’s entirely possible that the worm infected a computer at Bushehr and then was transferred to the Natanz system.

A correction to a point I made yesterday.  Two digital certificates were used as part of the attack, but they weren’t forged as I reported.  They were actually legitimate certificates stolen from two Taiwanese companies, which likely required a physical presence in Taiwan to do so.  Again, this could easily have involved the Mossad or even Chinese intelligence (though that takes us in an entirely different direction).

Tags: , , ,
Posted in Mideast Peace | 7 Comments »

Federal Court Overturns Ruling Barring Ramadan from U.S.

Friday, July 17th, 2009
Tariq Ramadans campaign to undo yet another travesty of the Bush era (Graham Morrison/NYT)

Tariq Ramadan's campaign to undo yet another travesty of the Bush era (Graham Morrison/NYT)

The ACLU and Tariq Ramadan won a major legal victory in their campaign to allow Ramadan entry to the U.S., where he had been appointed a tenured professor at Notre Dame University.  The Bush administration argued successfully that it was entitled to bar Ramadan because he had given a donation to a Muslim charity which funneled some of the funds to Hamas.  The government’s argument was that Hamas was a designated terror organization and Ramadan’s support marked him as a supporter of terror.  The Muslim spiritual leader argued that Hamas was not yet an official terror group when he made his donation and he had no idea that his gift would be transferred from the charity to Hamas.

The federal court ruled that Ramadan had the right to an opportunity to explain the circumstances of his gift in an attempt to satisfy the government’s concerns.  It sent the case back to the lower court for rehearing on this issue.

The ACLU is hoping the Obama administration will reopen the entire case and find a way to permit Ramadan entry to the U.S.  In addition, scores of other foreign academics have been excluded for ideological reasons.  In one case I wrote about here an Anglo-Indian musicologist was denied entry for no discernible reason, since she had no political or ideological affiliations.

Though this ruling does not fully resolve the issue, it at least provides a way to undo the harm of the Bush era Islamophobic/xenophobic approach to intellectual exchange.

Ramadan told the N.Y. Times about the work he hopes to do here in the U.S. when he is allowed entry:

Professor Ramadan, who in the past had frequently visited the United States, lecturing and attending conferences, said he was eager to “engage once again with Americans in the kinds of face-to-face exchanges” which were “crucial to bridging cultural divides.”

“I hope to be able to come back to the States and resume my work with scholars,” he said later by phone. “This is what I want.”

I would urge you to e mail Attorney General Eric Holder and tell him you don’t find Tariq Ramadan a danger to this country and that you welcome hearing what he has to say here.

Tags: ,
Posted in Mideast Peace, Politics & Society | 1 Comment »

Clinton-Bush Love Fest at $150K a Pop

Monday, June 1st, 2009

Bill Clinton and George Bush Jr. spoke in Canada yesterday, each earning more than $150K for the gig. Frankly, I can’t imagine anyone possessing enough wisdom to be worth paying such a sum to them for dispensing it. But I guess enough people are star struck that they (or their employer) is prepared to pay a max of $2,500 a pop.

But this interchange between Clinton and Bozo Bush really put the entire proceeding in perspective.  Who needs to hear a friggin’ presidential love fest between these two:

When Mr. Clinton said one of his biggest regrets was the lack of United States action during the mass killings in Rwanda, saying “I have no defense,” Mr. Bush responded, “I think you’re being a little tough on yourself.”

This is the guy responsible for making a mess out of Hurricane Katrina, Iraq, the war on Al Qaeda (including the failure to capture Osama bin Laden), the U.S. Constitution (Abu Graibh, Guantanamo, extraordinary rendition, waterboarding, military tribunals, NSA warrantess wiretaps), the economic meltdown, among others, and he has the balls to tell Clinton not to fret about Rwanda, and that the killing of 800,000 human beings wasn’t something he should lose any sleep over??

The unmitigated chutzpah!

Tags: ,
Posted in Politics & Society | No Comments »

« Older Entries
Performance Optimization WordPress Plugins by W3 EDGE