The N.Y. Times offers some intriguing theories and reporting on the Stuxnet worm affair. Among the tantalizing issues it raises is that the name “Myrtus” (Latin for “myrtle”) has been discovered in the malware’s computer code and may indeed have been the overall name of the project. Also, one of the code modules was named for Guava, the fruit genus in which the myrtle tree is found.
Those who know their Biblical Hebrew will recall that Queen Esther’s Hebrew name is Hadassah, and that hadas is the myrtle tree. As John Markoff and David Sanger note in their story, the Book of Esther recounts a preemptive strike by Persian Jews against the rulers of the kingdom who sought to exterminate the country’s Jewish community. If Israel’s cyber warfare community created this cyber weapon, clearly they would see their efforts in precisely the same vein using computer warfare to preëmpt an Iranian nuclear weapon, which many Israeli leaders have called a method to exterminate not just Israeli, but world Jewry.
The Times story concedes that all this may be a very sophisticated red herring designed to intrigue the world into presuming Israeli involvement. Along these lines, it’s worth noting that Israelis claiming an affiliation (which I strongly doubt) with that country’s intelligence services offered me what they claimed was the code name of the upcoming attack on Iran: Cyrus the Great. Again, an intriguing red herring. But possibly one that Israeli intelligence would like spread around the internet by someone like me as a form of anti-Iran psyops.
The Times story also raises once again, as I have done, the distinct possibility that the IDF cyberwarfare Unit 8200 would be expected to have created this monster if the job was done by Israel. In an interview with the authors, Haaretz’s respected security correspondent, Yossi Melman, now seems to have adjusted his views and believes that Israel was involved.
Over a year ago, Reuters published a story which clairvoyantly outlined Stuxnet, the Israeli strategy that might’ve created it, and even speculated on the means of delivering the worm which turned out to be prescient:
…Cyberwarfare…is seen by independent experts as the likely new vanguard of Israel’s efforts to foil the nuclear ambitions of its arch-foe Iran. The appeal of cyber attacks was boosted, Israeli sources say, by the limited feasibility of conventional air strikes on the distant and fortified Iranian atomic facilities, and by US reluctance to countenance another open war in the Middle East.“We came to the conclusion that, for our purposes, a key Iranian vulnerability is in its on-line information,” said one recently retired Israeli security cabinet member, using a generic term for digital networks. “We have acted accordingly.”
Cyberwarfare teams nestle deep within Israel’s spy agencies, which have rich experience in traditional sabotage techniques and are cloaked in official secrecy and censorship. They can draw on the know-how of Israeli commercial firms that are among the world’s hi-tech leaders and whose staff are often veterans of élite military intelligence computer units.
“To judge by my interaction with Israeli experts in various international forums, Israel can definitely be assumed to have advanced cyber-attack capabilities,” said Scott Borg, director of the US Cyber Consequences Unit, which advises various Washington agencies on cyber security.
Technolytics Institute, an American consultancy, last year rated Israel the sixth-biggest “cyber warfare threat,” after China, Russia, Iran, France and “extremist/terrorist groups.”
Asked to speculate about how Israel might target Iran, Borg said malware — a commonly used abbreviation for “malicious software” — could be inserted to corrupt, commandeer or crash the controls of sensitive sites like uranium enrichment plants.Such attacks could be immediate, he said. Or they might be latent, with the malware loitering unseen and awaiting an external trigger, or pre-set to strike automatically when the infected facility reaches a more critical level of activity.
As Iran’s nuclear assets would probably be isolated from outside computers, hackers would be unable to access them directly, Borg said. Israeli agents would have to conceal the malware in software used by the Iranians or discreetly plant it on portable hardware brought in, unknowingly, by technicians.
“A contaminated USB stick would be enough,” Borg said.
Now, we can say that either Borg was involved in creating or delivering Stuxnet or else he was prescient. I choose to believe the latter. It’s also worth noting that Borg understood Israel’s motivation to do this right around the time Stuxnet was created (it’s first appearance was in 2009, around the time this article was written). Further, it’s simply astonishing that if an American cybersecurity expert knew in 2009 an infected USB stick could damage Iran’s nuclear plants that no Iranian thought about this and did anything to prevent it. I would think there might be a few heads rolling in the security offices of Natanz and Bushehr.
An Israeli cyber warfare specialist employed by the Israeli military industry who Markoff and Sanger interview disputes Israel’s involvement. Frankly, if Israel was involved either this individual or his colleagues, protegés or mentors may’ve played a role in the project, so we have to discount the reliability of his testimony.
The Israeli expert also makes a claim that is disputed by Iranian experts themselves about the behavior of the virus:
Shai Blitzblau, the technical director and head of the computer warfare laboratory at Maglan, an Israeli company specializing in information security, said he was “convinced that Israel had nothing to do with Stuxnet.”
“We did a complete simulation of it and we sliced the code to its deepest level,” he said. “We have studied its protocols and functionality. Our two main suspects for this are high-level industrial espionage against Siemens and a kind of academic experiment.”
Mr. Blitzblau noted that the worm hit India, Indonesia and Russia before it hit Iran, though the worm has been found disproportionately in Iranian computers. He also noted that the Stuxnet worm has no code that reports back the results of the infection it creates. Presumably, a good intelligence agency would like to trace its work.
This strikes me as sophisticated disinformation. Can any reasonably serious person believe that a project involving scores of programmers working in teams over at least six months aiming to infect Iranian industrial command and control systems was merely “an academic experiment?” As far as the claim of industrial espionage against Siemens, that too lacks credibility since the worm appears to be benign outside Iran and there are no known cases of real damage outside that country. Various sources inside Iran have acknowledged such damage (though there are other voices there who dispute this) and we know of apparent sabotaging of Natanz’s centrifuge arrays.
Further, Iranian sources also dispute another claim by Blitzblau, that Stuxnet doesn’t report back its results:
The director of the Information Technology Council of the Industries and Mines Ministry has announced that the IP addresses of 30,000 industrial computer systems infected by this malware have been detected, the Mehr New Agency reported on Saturday.
“An electronic war has been launched against Iran,” Mahmoud Liaii added.
“This computer worm is designed to transfer data about production lines from our industrial plants to (locations) outside of the country,” he said.
Also, in the realm of Israeli disinformation, NGO Monitor’s Gerald Steinberg replied, in an e-mail thread that included me that his view is that Vladimir Putin did it! Yes, I kid you not!
In a rational policy analysis, in which there are no good options, the “least bad” option becomes the policy of choice. If this is indeed a cyberattack undertaken by a government body (Putin’s Russia is also a logical candidate), designed to damage the Iranian nuclear weapons development program, and if this strategy was selected following a careful assessment in which the military as well as other options were deemed to be less likely to achieve core objectives at lower costs (including options expected to have ineffective results — sanctions), and if the side-effects, to the degree that they could be anticipated, including “blow back”, were considered in this assessment, then perhaps this is the “least bad option”, given all the factors and available options.
I almost gagged when I read that. Russia?? What is the guy smokin’? First, a Russian contractor is building Bushehr. Why would Putin want to sabotage the work of his own country’s contractor? Why would he wish to impede the development of a project to which his country and government have devoted incredible amounts of effort, energy, and national pride? The entire notion beggars belief and sounds to me like Mossad disinformation. The only question is whether Steinberg says these things because he truly believes them or because Meir Dagan wants him to say them.
Yes, it is true that the infection wormed its way into Iran through an infected USB stick from that same Russian contractor. But this would mean that either the contractor or someone in the Russian intelligence community deliberately infected Iran’s nuclear facilities and did so in a way that was traceable back to it. This is something the actual creator of Stuxnet would NEVER have done unless he was very stupid. And whoever created Stuxnet was NOT stupid.
Mr Silverstein – the book of Esther is not about a pre-emptive strike at all. If you read the story you will see that on a certain day the Jews were destined to be exterminated by royal decree at the hands of the masses. All the Jews acheived in the story was gaining permission to fight back and defend themselves “valaamod al nafsham”. Previous to the granting of permission they were supposed to accept the decree “lying down” without bearing arms.
The Jews fought back (not preemptive) and won.
You don’t know what you’re talking about. There was a decree to kill the Jews on a certain day. The Jews arose the day before and killed their enemies first. Hence, pre-emption.
Lighten up on the guy. If one follows Maimonides’ advice to get so drunk during the telling of the megilah that he cannot tell the different between Haman and Mordechai, this would be an easy mistake to make.
“You don’t know what you’re talking about. There was a decree to kill the Jews on a certain day. The Jews arose the day before and killed their enemies first. Hence, pre-emption.”
Actually I do know what I’m talking about, and in this case you got it absolutely wrong. Absolutely no preemptive strike, pure self defence against those (and only those) who attack the Jews, and on the exact day that the attack against the Jews was decreed, the 13th of adar. Purim is celebrated the next day when all was quiet.
The original decree:
Esther 3:13 “…to destroy, kill and wipe out all the Jews young old babes and women on one day the 13th of the 12th month the month of adar and to take all the spoil”
And the permission to defend:
Esther 8:11 – 13 “..the king allowed the Jews…to gather together and stand up for themselves and to ..kill.. any army people or town who attacks them…on one day …the 13th of the 12th month that is adar”
I’m done arguing with you. At any rate, yr argument is with Sanger & Markoff who first used the word pre-emptive strike to describe the Jews attack in ancient Persia.
BTW, no one attacked the Jews since they had the element of surprise & no Jews were killed by Haman’s forces. It was a bloody massacre & the Jews wiped out Haman & all his sons. Is that what you hope Esther (i.e. the IDF) does in latter day Persia?
You are done on this subject.
Have you seen this? http://www.notes.co.il/shai/69689.asp
He contends that when you type STUX in Hebrew you get דאוס (transcribed into English as Deus or DeOS, I’m not sure qhich is more chilling). He says that this happens to be the name of an Israeli children’s story playing on TV, where hackers develop a program named Deus which takes over the world.
SF TV series as a clue for cyberwarfare? ick. It is in such bad taste!
The notion that is rapidly becoming received wisdom, that the IDF is behind the Stuxnet worm, is simply speculation which started as somebody’s opinion.
What’s to say that it didn’t originate froma MUCH more populaced and more reckless entity that Israel? Such as?
Such as opponents of nuclear power, regressionist environmentalists, or anti-globalization protesters who try to prop up their fragile world-view by looking for interconnections between any of the ideas promoted by people who have some irredeemable complaint against modernity? After all, the places where it DID strike didn’t impress me as the states that have the best managed high-tech security.
In fact the source for this kind of thing is likely going to be either a UNABOMBer type, or from an underdeveloped society which the conspirator would assume is immune to the effect of the worm, because their power stations don’t run Siemens’ SCADA system.
Shunra: as for leaving a trail of clues, an intelligence operation would make every attempt to avoid leaving conspiracy nuts a trail of crumbs. Crackpots though, will invent them anyway if they can’t find anything.
Pls. don’t repeat arguments already made & rebutted by me & others. So again, it wasn’t “speculation” started as “somebody’s” opinion. Somebody in these cases consists of some of the world’s foremost experts in cyberwarfare, a Bush era counterterror official, & a Haaretz security correspondent. What’re your bona fides?
Frankly, I can’t think of any. Israel is pretty much off the charts for recklessness. Blaming Stuxnet on environmentalists shows how little homework you’ve done not even bothering to read the posts in which I’ve distilled the expert opinion on this that only a nation state could’ve done this complex job. Pls. don’t waste our time due to yr laziness & sloppiness.
Richard, if there was a decree to kill all the jews, and the jews retaliated then it is not a preemptive strike, if the jews were to act prior to the time the decree was written that would have been a preemptive strike.
as for the worm, no one knows. everyone including you are speculating, the worm was found all over the world from Indonesia to the US, and let me remind you that few years ago a power network was taken down in the US.
someone may be trying to cause actual damage, or someone may be trying to hide something else.
in my opinion it’s the latest, the worm was exposed in 2009, there was a lot of time for the Iranian or anyone else to develop countermeasures.
but if you want to add to your conspiracy theory, since the development of windows XP, Microsoft research center in Haifa has taken a role in actually writing the windows kernel which means the knowledge was right there in israel. a lot of these hi-tech engineers, served in 8200 or other units.
you should read this:
http://www.jpost.com/Magazine/Features/Article.aspx?id=189617
NO. It wasn’t discovered until a few months ago. After it was discovered they traced back the first known instance of it they could find anywhere to 2009. Precision is a good thing, the lack of it not so good. It makes you look sloppy.
An interesting article until the end.
“I almost gagged when I read that. Russia?? What is the guy smokin’? First, a Russian contractor is building Bushehr. Why would Putin want to sabotage the work of his own country’s contractor?”
The last thing the Russians want is a Muslim neighbor with nuclear weapons, and what better way to milk Iran for cash than to undermine its program, something which Russia has been doing for several years.
Is the author of the article really so naive that the above isn’t obvious?
Russia is a huge trading partner with Iran, not to mention builder of its nuclear facilities. Further, I’ve never heard of any tension whatsoever bet. Iran & Russia in terms of a Muslim threat. Nice try, but you struck out.
No, the obvious is not only NOT obvious, it’s ludicrous. But congratulations that you & Gerald Steinberg agree. May you be very happy w. ea. other.
Shai Blitzblau is, apart from disputed from outside, contradicting himself. Shai first offers explanations by “industrial espionage” and “academic experiment”. Shai then also says that Stuxnet does “[not] report[s] back the results”. Whether this is statement correct or not, not reporting back is making “espionage” and “experiment” useless.
The status quo becomes more surreal each day. Carte blanche to kill at will, anyone, anywhere, anytime – for any reason.
Carte blanche to kill on land, on the high seas, in international waters, by bullet, bomb, missile, phosphorus, tank, plane, helicopter or unmanned drone.
Carte blanche to construct and disseminate viruses to sabotage computer systems in other states worldwide. The entire world potentially held to ransom by the only undeclared nuclear state on the planet.
Is it surreal? Is it really possible that the US, the EU and the UN are powerless under these threats. It wouldn’t make a movie script! Yet it’s actually for real.
The myrtus association is very pretty. To me however it is just much more convincing that Israel has been on the front lines in the past with attacks on nuclear power plants. I remember handwringing last year in the Washington Post about whether the US would support or at least not push against an Israeli strike on Natanz, and whether such a strike could be effective. A cyber attack makes much more sense.
It is also known that the US leans on Russia for support in containing the Iranian nuclear effort, resulting in various types of slowdowns in work on the Bushehir plant. Russian cover for a cyber attack would be very handy; the current trend seems to suggest that the Russian contractors were victimized, which is consistent with the attacks in other countries.
There was also an Economist article a few months ago calling in general terms for international accords on cyberwarfare; I think this would have been after Stuxnet became more known after June of 2010, though it was not named in the article.
Of the several articles I’ve read about this incident, none have mentioned how may facilities in Israel have been hit. We’ve heard about several other countries being hit, but why not Israel with its highly technical businesses, etc.? And if so, to what levels, serious installations or minor, non-governmental places?
What a great question. That’s why I have a comment thread! Thanks. I’ll ask Yossi Melman, see what he thinks.
I also hope we did it and to be sure: This was the smartest thing to do in a situation where Obama looses it and accepts the anti-Israel atomic bomb made in Iran while intimidating us to not defend ourselves in a classical military strike – even leftist and Obama-friend Ehud Barak says in a fox interview “History will judge this [Obama] administration” (http://www.israelnationalnews.com/News/News.aspx/139733)
So this was a great choice and it is working since the Iranians have to postpone the Bushehr run and have so far no solution for the virus…
I just don’t know how long we can keep fighting only cyber. Anyway on October 13th Ahmadinejad will be around on his own to throw a stone on us from Lebanon, which he himself calls the “Iranian border with Israel”.
Good luck Israel!
What utter stupidity. You want to be provocative? Gei gesunt. Now, you’re moderated. Your rant was full of lies. THere is no Iranian bomb let alone one that is “anti-Israel.”
Barak, “leftist?” For a settler supporter like you, sure. For the rest of the normal people of the world…not a chance.
Bushehr has nothing to do with bomb making since it doesn’t enrich uranium. You’re a total ignoramus. But thank God, our opponents on the right should all be as stupid as you.
I’ve been to Israel and whilst the IDF forces are just dumb smucks, the suited variety who haunt the corridors of “power” in the beaurocracy play for keeps.
My understanding is that stuxnet has been found in several countries, including five installations in Germany, but has done no harm there because it is looking for a _specific_ _individual_ installation.