The N.Y. Times offers some intriguing theories and reporting on the Stuxnet worm affair. Among the tantalizing issues it raises is that the name “Myrtus” (Latin for “myrtle”) has been discovered in the malware’s computer code and may indeed have been the overall name of the project. Also, one of the code modules was named for Guava, the fruit genus in which the myrtle tree is found.
Those who know their Biblical Hebrew will recall that Queen Esther’s Hebrew name is Hadassah, and that hadas is the myrtle tree. As John Markoff and David Sanger note in their story, the Book of Esther recounts a preemptive strike by Persian Jews against the rulers of the kingdom who sought to exterminate the country’s Jewish community. If Israel’s cyber warfare community created this cyber weapon, clearly they would see their efforts in precisely the same vein using computer warfare to preëmpt an Iranian nuclear weapon, which many Israeli leaders have called a method to exterminate not just Israeli, but world Jewry.
The Times story concedes that all this may be a very sophisticated red herring designed to intrigue the world into presuming Israeli involvement. Along these lines, it’s worth noting that Israelis claiming an affiliation (which I strongly doubt) with that country’s intelligence services offered me what they claimed was the code name of the upcoming attack on Iran: Cyrus the Great. Again, an intriguing red herring. But possibly one that Israeli intelligence would like spread around the internet by someone like me as a form of anti-Iran psyops.
The Times story also raises once again, as I have done, the distinct possibility that the IDF cyberwarfare Unit 8200 would be expected to have created this monster if the job was done by Israel. In an interview with the authors, Haaretz’s respected security correspondent, Yossi Melman, now seems to have adjusted his views and believes that Israel was involved.
Over a year ago, Reuters published a story which clairvoyantly outlined Stuxnet, the Israeli strategy that might’ve created it, and even speculated on the means of delivering the worm which turned out to be prescient:
…Cyberwarfare…is seen by independent experts as the likely new vanguard of Israel’s efforts to foil the nuclear ambitions of its arch-foe Iran. The appeal of cyber attacks was boosted, Israeli sources say, by the limited feasibility of conventional air strikes on the distant and fortified Iranian atomic facilities, and by US reluctance to countenance another open war in the Middle East.“We came to the conclusion that, for our purposes, a key Iranian vulnerability is in its on-line information,” said one recently retired Israeli security cabinet member, using a generic term for digital networks. “We have acted accordingly.”
Cyberwarfare teams nestle deep within Israel’s spy agencies, which have rich experience in traditional sabotage techniques and are cloaked in official secrecy and censorship. They can draw on the know-how of Israeli commercial firms that are among the world’s hi-tech leaders and whose staff are often veterans of élite military intelligence computer units.
“To judge by my interaction with Israeli experts in various international forums, Israel can definitely be assumed to have advanced cyber-attack capabilities,” said Scott Borg, director of the US Cyber Consequences Unit, which advises various Washington agencies on cyber security.
Technolytics Institute, an American consultancy, last year rated Israel the sixth-biggest “cyber warfare threat,” after China, Russia, Iran, France and “extremist/terrorist groups.”
Asked to speculate about how Israel might target Iran, Borg said malware — a commonly used abbreviation for “malicious software” — could be inserted to corrupt, commandeer or crash the controls of sensitive sites like uranium enrichment plants.Such attacks could be immediate, he said. Or they might be latent, with the malware loitering unseen and awaiting an external trigger, or pre-set to strike automatically when the infected facility reaches a more critical level of activity.
As Iran’s nuclear assets would probably be isolated from outside computers, hackers would be unable to access them directly, Borg said. Israeli agents would have to conceal the malware in software used by the Iranians or discreetly plant it on portable hardware brought in, unknowingly, by technicians.
“A contaminated USB stick would be enough,” Borg said.
Now, we can say that either Borg was involved in creating or delivering Stuxnet or else he was prescient. I choose to believe the latter. It’s also worth noting that Borg understood Israel’s motivation to do this right around the time Stuxnet was created (it’s first appearance was in 2009, around the time this article was written). Further, it’s simply astonishing that if an American cybersecurity expert knew in 2009 an infected USB stick could damage Iran’s nuclear plants that no Iranian thought about this and did anything to prevent it. I would think there might be a few heads rolling in the security offices of Natanz and Bushehr.
An Israeli cyber warfare specialist employed by the Israeli military industry who Markoff and Sanger interview disputes Israel’s involvement. Frankly, if Israel was involved either this individual or his colleagues, protegés or mentors may’ve played a role in the project, so we have to discount the reliability of his testimony.
The Israeli expert also makes a claim that is disputed by Iranian experts themselves about the behavior of the virus:
Shai Blitzblau, the technical director and head of the computer warfare laboratory at Maglan, an Israeli company specializing in information security, said he was “convinced that Israel had nothing to do with Stuxnet.”
“We did a complete simulation of it and we sliced the code to its deepest level,” he said. “We have studied its protocols and functionality. Our two main suspects for this are high-level industrial espionage against Siemens and a kind of academic experiment.”
Mr. Blitzblau noted that the worm hit India, Indonesia and Russia before it hit Iran, though the worm has been found disproportionately in Iranian computers. He also noted that the Stuxnet worm has no code that reports back the results of the infection it creates. Presumably, a good intelligence agency would like to trace its work.
This strikes me as sophisticated disinformation. Can any reasonably serious person believe that a project involving scores of programmers working in teams over at least six months aiming to infect Iranian industrial command and control systems was merely “an academic experiment?” As far as the claim of industrial espionage against Siemens, that too lacks credibility since the worm appears to be benign outside Iran and there are no known cases of real damage outside that country. Various sources inside Iran have acknowledged such damage (though there are other voices there who dispute this) and we know of apparent sabotaging of Natanz’s centrifuge arrays.
Further, Iranian sources also dispute another claim by Blitzblau, that Stuxnet doesn’t report back its results:
The director of the Information Technology Council of the Industries and Mines Ministry has announced that the IP addresses of 30,000 industrial computer systems infected by this malware have been detected, the Mehr New Agency reported on Saturday.
“An electronic war has been launched against Iran,” Mahmoud Liaii added.
“This computer worm is designed to transfer data about production lines from our industrial plants to (locations) outside of the country,” he said.
Also, in the realm of Israeli disinformation, NGO Monitor’s Gerald Steinberg replied, in an e-mail thread that included me that his view is that Vladimir Putin did it! Yes, I kid you not!
In a rational policy analysis, in which there are no good options, the “least bad” option becomes the policy of choice. If this is indeed a cyberattack undertaken by a government body (Putin’s Russia is also a logical candidate), designed to damage the Iranian nuclear weapons development program, and if this strategy was selected following a careful assessment in which the military as well as other options were deemed to be less likely to achieve core objectives at lower costs (including options expected to have ineffective results — sanctions), and if the side-effects, to the degree that they could be anticipated, including “blow back”, were considered in this assessment, then perhaps this is the “least bad option”, given all the factors and available options.
I almost gagged when I read that. Russia?? What is the guy smokin’? First, a Russian contractor is building Bushehr. Why would Putin want to sabotage the work of his own country’s contractor? Why would he wish to impede the development of a project to which his country and government have devoted incredible amounts of effort, energy, and national pride? The entire notion beggars belief and sounds to me like Mossad disinformation. The only question is whether Steinberg says these things because he truly believes them or because Meir Dagan wants him to say them.
Yes, it is true that the infection wormed its way into Iran through an infected USB stick from that same Russian contractor. But this would mean that either the contractor or someone in the Russian intelligence community deliberately infected Iran’s nuclear facilities and did so in a way that was traceable back to it. This is something the actual creator of Stuxnet would NEVER have done unless he was very stupid. And whoever created Stuxnet was NOT stupid.