We have finally confirmed that the world has moved into the era of state-sponsored cyberwarfare. It’s been confirmed, the Internet-worm Stuxnet caught infected Iranian nuclear material processing centrifuges was produced jointly by the United States and Israel in an attempt to sabotage Iran’s nuclear program. An article published in The New York Times lays out the evidence, the interviews, and the politics behind the production of this rampaging software.
It’s been more than a year since the Internet-worm Stuxnet was first detected and dismantled, and it’s still considered to be a singularly jagged-edged piece of technology developed specifically with the intent of sabotage.
The code emerges from a program started during the Bush administration but continued under the auspex of President Obama; but so did the leak of the virus from its intended target into the Internet at large. Like so many cyberweapons that have a “mind of their own,” Stuxnet was not content to stay put and began to infect other machines.
With this information, and the code in the wild, this meant that antivirus vendors and security experts could dismantle the virus, according to the New York Times article, the President even questioned if the project should continue—the article spins a narrative about a project between the US and Israel that eventually went out of control and brought to question if it should be reined in:
“Should we shut this thing down?” Mr. Obama asked, according to members of the president’s national security team who were in the room.
Told it was unclear how much the Iranians knew about the code, and offered evidence that it was still causing havoc, Mr. Obama decided that the cyberattacks should proceed. In the following weeks, the Natanz plant was hit by a newer version of the computer worm, and then another after that. The last of that series of attacks, a few weeks after Stuxnet was detected around the world, temporarily took out nearly 1,000 of the 5,000 centrifuges Iran had spinning at the time to purify uranium.
This account of the American and Israeli effort to undermine the Iranian nuclear program is based on interviews over the past 18 months with current and former American, European and Israeli officials involved in the program, as well as a range of outside experts. None would allow their names to be used because the effort remains highly classified, and parts of it continue to this day.
Stuxnet may be the first time the United States—or any nation-state on Earth—has attempted to use a virus to disable or sabotage another nation-state’s capabilities or infrastructure. In fact, Stuxnet is still the first example of an Internet-worm designed with such singular disruptive purpose. Most Internet malware and worms are equal-opportunity gremlins with warheads developed to either damage a target for demented jollies or to spy and steal information.
However, it may be the first, but it’s not the last with similar apparent designs. Shortly after the detection and disassembly of Stuxnet, antivirus vendors discovered Duqu—another virus with global implications that exploited Microsoft World and thought to be related to the Stuxnet code. Once in the wild, malware code can be decompiled and examined by both security scholars and malicious developers, meaning that each development in malware cyberwarfare can be improved upon by every interested party in the world.
Recently, even another infection agent has been discovered now named Flame—almost presciently, getting ahead of blame against US and Israel (potentially based on revelations about their involvement in Stuxnet) the two nation-states have sought to shift blame from themselves for this new infectious viral variant. Although Flame has sparked its own controversy as it’s about 20 times larger than either Stuxnet or Duqu and appears to be bloatware moreso than anything as sophisticated; and instead of sabotage, it seems to be an espionage virus and potentially an older cyberwarfare weapon by several years.
The future of state-sponsored cyberwarfare
It would be naïve to expect that first-world countries with programmers, developers, and security experts would not involve themselves in the economics of a cold-war involving the Internet and computers. As more systems are networked, they become vulnerable to tampering not just by malicious insiders; but also outsiders who write code to run on those systems and sabotage them—a la Stuxnet.
Even President Obama has shown an expectation that the United States will continue to proceed with projects that involve this sort of cyberwarfare and cyberespionage against other nations; but he has displayed misgivings about the use and even overuse of such weapons. Hacking itself might be bright on our minds—noting the amount of time we spend blaming China for likely hacks against other nations—it’s easy to forget that every nation with a computer infrastructure or the funds to hire their own teams will be involved in this sort of power struggle.
Stuxnet, Duqu, and Flame are only the tip of the digital-iceberg when it comes to state-sponsored malware developed with political payloads and with the code in the wild, even garden-variety workaday hackers will be able to roll their own.