A Bloomberg interview with Richard Falkenrath, former counter-terrorism official in the Bush administration points specifically to Israel as the most likely source (see 2:04 of this video) of the Stuxnet computer worm:
It is theoretically possible that the U.S. did–that the U.S. government did this. But it’s a very remote possibility. More likely, frankly, is Israel–that Israel did it.
For the U.S. to launch a malware attack like this is a very risky thing to do, because it can’t really be controlled. It can spread beyond the place that’s being targeted.
Which brings us to a critical issue that none of the journalist or bloggers I’ve read who’ve covered this story have mentioned: if Israeli cyberwarriors from Unit 8200 or the Mossad (or both) created Stuxnet, it becomes yet another example of state-sponsored Israeli terrorism running amok. Even if you concede Israel’s right to target Iran’s nuclear facilities in this way (which I’ll concede here only for the sake or argument), you have the problem of the tens, if not hundreds of millions of dollars in damages caused to the industrial systems of at least four countries (Iran, Pakistan, Indian, Indonesia). This map details the infections spread by country.
This is a mirror image of the damage caused by the Mossad to the sovereignty and reputations of all those countries damaged by the Mahmoud al-Mabouh assassination when it forged passport documents in the names of citizens of these nations. One might argue there was some legitimacy in destroying an Iranian nuclear facility possibly designed to create a nuclear weapon. But for a nation like Israel to collaterally damage key production facilities of these other nations is unconscionable. Falkenrath clearly believes this is the reason it is unlikely the U.S. pulled the Stuxnet trigger.
Of course, it will be difficult if not impossible to firmly identify the source of the infection since, unlike physical crimes, this one leaves little traceable evidence. In that sense, Israel or whoever created this menace, has perpetrated almost the perfect cybercrime. But let’s make no mistake: this is a crime especially against those countries victimized by it who were innocent of any involvement in Iran’s nuclear program.
In fact, one of the world’s leading cyber security experts notes the downward slide that Stuxnet represents:
“This malicious program was not designed to steal money, send spam, grab personal data, no, this piece of malware was designed to sabotage plants, to damage industrial systems,” he said.
“I am afraid this is the beginning of a new world. [The] 90’s were a decade of cyber-vandals, 2000’s were a decade of cybercriminals, I am afraid now it is a new era of cyber-wars and cyber-terrorism,” Kaspersky added.
The problem with Israeli moral calculus is that for the Mossad and Israel’s leaders the end of damaging Iran’s nuclear capability justifies any collateral damage. I hope that the world’s cyber security experts and political leaders will make clear that this is not a moral calculus they share. The danger of not taking a strong stand against this is that not only malicious computer hackers will exploit this deadly new development in the history of malware, it will lower the threshhold for other nations who may contemplate deploying such weapons against their own enemies in future. Think of it–what’s to stop an ambitious Islamist hacker from “improving” on Stuxnet and targeting a critical U.S. production facility to wreak havoc on a power plant or even nuclear plant? What’s to stop China from a similar attack against Taiwan? Or Pakistan or India from similarly attacking each other if they were on the verge of war? You can think of any number of possibilities here.
And it could be Israel that has unleashed this escalating menace on the world. It’s leaders should realize that what goes around can come around. While Israel has one of the world’s most sophisticated cyber warfare capability, that does not mean that it is invulnerable. Certainly, it would be a very difficult target. But for every Natanz that Israel may target there is a Dimona. No one should forget that. I am not advocating such an attack. But it stands to reason that a nation injured by Israel might target its own critical facilities in revenge. Is this the sort of cyber brinksmanship that we want to see?
In regard to my speculation that Natanz had to be the target of this attack because of its key role in uranium enrichment, which could lead to an Iranian nuclear weapon if it were pursuing such a goal, another cyber-security expert confirms my thinking:
• Stuxnet appears designed to take over centrifuges’ programmable logic controllers. Natanz has thousands of identical centrifuges and identical programmable logic controllers (PLCs), tiny computers for each centrifuge that oversee the centrifuge’s temperature, control valves, operating speed, and flow of cooling water. Stuxnet’s internal design would allow the malware to take over PLCs one after another, in a cookie-cutter fashion.
“It seems like the parts of Stuxnet dealing with PLCs have been designed to work on multiple nodes at once – which makes it fit well with a centrifuge plant like Natanz,” Rieger says.
While some have argued that Bushehr may’ve been the likely target of Stuxnet since Russian contractors working there originally introduced the worm, it wouldn’t be hard to infect a computer at Natanz once Bushehr was infected. So it could’ve begun in Bushehr and spread to Natanz with the latter being the ultimate target. But Paul does make some interesting arguments that Bushehr might make an attractive target as well. My money is still on Natanz as being the primary goal. I suppose too it’s possible that Israel’s may’ve devised a twofer, infecting and damaging both facilities.
In a follow-up to yesterday’s post about an Iranian report conceding extensive Stuxnet-related damage to its industrial plants, Paul Woodward reports this from Iranian media:
Iran’s Mehr News Agency adds:
The director of the Information Technology Council of the Industries and Mines Ministry has announced that the IP addresses of 30,000 industrial computer systems infected by this malware have been detected, the Mehr New Agency reported on Saturday.
“An electronic war has been launched against Iran,” Mahmoud Liaii added.
“This computer worm is designed to transfer data about production lines from our industrial plants to (locations) outside of the country,” he said.
He also announced that a working group composed of representatives from the Communications and Information Technology Ministry, the Industries and Mines Ministry, and the Passive Defense Organization has been set up to find ways to combat the spyware.
This adds an interesting filip to what I’ve been reporting about the goal and intent of Stuxnet. Till now, reports have speculated the purpose of the infection was to sabotage Iran’s Natanz nuclear plant. But it seems entirely possible that while it was doing that an additional goal was to study the entire industrial process by which Iran was pursuing its nuclear ambitions. This would be a possible goldmine of information for Israel in mapping out Iran’s level of progress and what particular technical avenues it was pursuing. This might allow Israel to discover how close Iran was to nuclear break-out (if it is pursuing a nuclear weapon). It might also enable Israel to prepare defenses against Iran’s nuclear goals or even suggest ways of attacking Iran again somewhere down the line.
The possibilities are endless.
Thanks to Paul Woodward for his stellar analysis, which I’ve in part adopted and in part taken in some slightly different directions. H/t David Ehrens.