This country is clearly engaged in active digital warfare.

That is by launching Cyber Atacks against another nation, we have effectively declared a digital war against that nation.  This is reinforced as according to Secretary of Defense Leon Panneta, “A crippling Cyber Attack would be ‘Act of War’”, echoing a similar statement made by the Pentagon.  So it is that the U.S. is now seemingly acknowledging or rather, not denying that the country led and collaborated on the development and deployment of the Stuxnet and Flame virus efforts. Hardly a revelation at this point, yet the story has reared its head again, with significant details throughout. An article posted June 19 from the Washington Post goes through the history and details as we know them to this point.  It is not surprising that the U.S. is behind this effort, as one would expect us to be engaged in this kind of technological effort; many have suspected that the government has been able to monitor and control more than they are willing to admit, and others have called for this kind of response for years.

The original story came from the New York Times way back on June 1.  The article describes the involvement of President Obama and the development of the cyberattacks against Iran.  Conspiracies at that point had brought up, then it was quickly discovered just how sophisticated the Flame virus was and a whole mess of supporting information has followed. A little later on, the research turned up some of the underlying mechanisms within such as the fake Windows update component.  And on and on the revelations have come.

As covered in Arstechnica, the Flame virus was found to contain sophisticated mathematical components that marked breakthroughs in cryptographic technology. Then the Stuxnet and Flame viruses were then also linked as “Parallel Projects”.  This forms quite the body of investigation since the initial NYT article.   There were a couple of further articles that described further sophistication and the type of effort, down to the cost of the datacenter it would take to compose the virus.  Pretty compelling stuff.  Pretty obvious it wasn’t some rogues in a third world country.  Pretty obvious this was state-sponsored.  Pretty obvious it was the U.S., but it still wasn’t anything confirmed, and it never should have been.  The NYT article was a de facto admission and that is pretty inexcusable.  This is not information we as a country, or as a technical community actually needed.  Who does it benefit?  Let’s visit:

The question remains of where the original information came from. The information is reportedly, as one would expect, highly classified.

“This account of the American and Israeli effort to undermine the Iranian nuclear program is based on interviews over the past 18 months with current and former American, European and Israeli officials involved in the program, as well as a range of outside experts. None would allow their names to be used because the effort remains highly classified, and parts of it continue to this day.”

If the information is highly classified, what is its origin? Reading back over that excerpt is particularly telling, an 18 month effort of interviewing sources from American, European and Israeli officials. It is very hard to believe this information was not somehow traceable from the White House itself. If that is true, what is it the White House wants the people to know? Could this part of a campaign? It is no secret that this is an election year and it is anticipated that this will be a hard-fought election.  The question has to be asked – Does releasing this type of information does benefit the incumbent administration?  If this is the case, it is incredibly hard to digest – this is National Security information. Before anyone goes assuming that the U.S. was already assumed to be behind this, let me correct that notion. Since the beginning of the Stuxnet stories, which we have covered here extensively there have been countless theories and an outright mystery about who was behind the attack. Some blamed the Chinese, some obviously pointed to Israel, and still other theories included internal anti-government Iranian factions – nothing was ever confirmed but I guess now they know where it’s coming from.

Did Israel develop Stuxnet and Flame alone?

If you don’t follow that, then follow this report that claims the cyber-weapon was not developed in joint faction between the U.S. and Israel, but by Israel’s Mossad alone initially. It was only through difficult convincing that Israel was able to get the U.S. to consider this a joint operation.

“Israeli intelligence that began, a few years earlier, a cyberspace campaign to damage and slow down Iran’s nuclear intentions. And only later they managed to convince the USA to consider a joint operation — which, at the time, was unheard of.”

Further allegations state that what essentially amounts to claimed credit by the U.S. is an effort to boost Obama’s re-election campaign.

“Yet my Israeli sources understand the sensitivity and the timing of the issue and are not going to be dragged into a battle over taking credit. “We know that it is the presidential election season,” one Israeli added, ”and don’t want to spoil the party for President Obama and his officials, who shared in a twisted and manipulated way some of the behind-the-scenes secrets of the success of cyberwar.”

If these allegations are rooted in truth in some way, or completely true, it paints an ugly picture.  Nobody likes a credit hog.

OBAMA the CyberWarrior and Hack-Ninja

Perhaps that’s a little harsh but if you read back through the original NYT piece, you will find it is rife with copious amounts of celebratory praise and phrasing for the bold president in his role in the cyber attack. Here are a pair of examples, among many:

“What he did not say then was that he was also learning the arts of cyberwar. “
“ Sometimes it was a strike riskier and bolder than what had been tried previously.”

Wow – “the arts of cyberwar”  Sounds like Jedi-training.  He most definitely sounds like the general and shot-caller throughout the whole thing.  The Washington Post article to be fair, does not have that element to it.  Yet here we are again with public focus on deep national security secrets on full display and it all started with the New York Times.

Classified information – not so classified?

We have a pattern of leaking top National Security information, dating back to my most recent memory of how the makers of a movie detailing the killing of Osama Bin Laden have privy to top secret classified details of how the raid went down. Also a NYT story, but in the linked article it describes how they’re getting down to the bottom of how the information was accessed.  I’m sure classified information leaks happen somewhat regularly, possibly more than any of us would be comfortable with, but never to my recollection with such significant stakes and implications.

If active classified information is indeed being released for campaign benefit, then this is as significant as any other element in this story, to say the least. The New York Times did not have to publish this, but it seems that they have effectively acted as a public relations outlet for the White House. This leak and others are impacting our intelligence capabilities. Will there be a movie made about this conquest?

Retaliations?

Obama is also clearly aware of what acknowledging this attack could mean.

“Mr. Obama, .. was acutely aware that with every attack he was pushing the United States into new territory, ..He repeatedly expressed concerns that any American acknowledgment that it was using cyberweapons — even under the most careful and limited circumstances — could enable other countries, terrorists or hackers to justify their own attacks.”

We have heard over and over again how our infrastructure is vulnerable.  Our stock market is vulnerable.  Our power grids are vulnerable, and on and on.  We have also seen sophisticated attacks against government contractors and even the Pentagon.  Given these concerns, have we justified further attacks against us?  Is there another level of secret security technology that will defend us?  I hope so.  In the private sector, especially those that are technology based in Silicon Valley, readiness should be a continued concern given these developments.

Blame here must partially point at the NYT for being a campaign outlet, or at the very least be culpable in publicizing secret strategy and technology information.  A good portion of the blame must also be place on the so called “leakers” who appear to have been in loose disclosure mode, if not in full cooperation with the NYT.  The not-so-subtle information in the initial article, and the numerous news items that have followed, certainly indicate that at the cost of security, the benefit goes to incumbent campaign efforts because this bold technology effort is now something the public is now aware of.   Our job as commentators is to stand back and discuss the technical background and implications of the cyberattacks, however that cannot go without analyzing where this information is coming from, and why it is available.