Ever since speculation began, suggesting that Israel is the source of the Stuxnet malware, there has been a buzz of excitement in the Zionist corner of the blogosphere. The DEBKAfile — trusted source for pro-Israel fantasists all over the world — declared that if it turns out that millions of Iranian industrial units have been hit, “this cyber weapon attack on Iran would be the greatest ever.”
Glee at such a prospect is not shared by observers who lack the Zionist pathological obsession with Iran.
Stephen Spoonamore, a veteran cybersecurity consultant interviewed by NPR said: “I can think of very few stupider blowback decisions” than to release code that controls most of the worlds’ hydroelectric dams or many of the world’s nuclear plants or many of the world’s electrical switching stations.
The fallout from Stuxnet is clearly going global.
AFP now reports:
The Stuxnet computer worm has wreaked havoc in China, infecting millions of computers around the country, state media reported this week.
Stuxnet is feared by experts around the globe as it can break into computers that control machinery at the heart of industry, allowing an attacker to assume control of critical systems like pumps, motors, alarms and valves.
It could, technically, make factory boilers explode, destroy gas pipelines or even cause a nuclear plant to malfunction.
The virus targets control systems made by German industrial giant Siemens commonly used to manage water supplies, oil rigs, power plants and other industrial facilities.
“This malware is specially designed to sabotage plants and damage industrial systems, instead of stealing personal data,” an engineer surnamed Wang at antivirus service provider Rising International Software told the Global Times.
“Once Stuxnet successfully penetrates factory computers in China, those industries may collapse, which would damage China’s national security,” he added.
Another unnamed expert at Rising International said the attacks had so far infected more than six million individual accounts and nearly 1,000 corporate accounts around the country, the official Xinhua news agency reported.
Jeffrey Carr, author of “Inside Cyber Warfare,” describes what he believes is the first example of Stuxnet’s destructive power: the loss of India’s INSAT-4B communications satellite which shut down in July. The satellite’s control systems use Siemens S7-400 PLC and SIMATIC WinCC software, both of which are targeted by Stuxnet.
If speculation that Stuxnet was created by Israel has been driven by the circumstantial evidence that Israel’s nemesis Iran appears to have been the primary target, there is now some subtle but concrete evidence again pointing in Israel’s direction.
Buried in Stuxnet’s code is a marker with the digits “19790509” that the researchers believe is a “do-not infect” indicator. If the marker equals that value, Stuxnet stops in its tracks, and does not infect the targeted PC.
The researchers — Nicolas Falliere, Liam O Murchu and Eric Chen — speculated that the marker represents a date: May 9, 1979.
“While on May 9, 1979, a variety of historical events occurred, according to Wikipedia “Habib Elghanian was executed by a firing squad in Tehran sending shock waves through the closely knit Iranian Jewish community,” the researchers wrote.
Elghanian, a prominent Jewish-Iranian businessman, was charged with spying for Israel by the then-new revolutionary government of Iran, and executed May 9, 1979.
Earlier, the New York Times reported:
Deep inside the computer worm that some specialists suspect is aimed at slowing Iran’s race for a nuclear weapon lies what could be a fleeting reference to the Book of Esther, the Old Testament tale in which the Jews pre-empt a Persian plot to destroy them.
That use of the word “Myrtus” — which can be read as an allusion to Esther — to name a file inside the code is one of several murky clues that have emerged as computer experts try to trace the origin and purpose of the rogue Stuxnet program, which seeks out a specific kind of command module for industrial equipment.
Not surprisingly, the Israelis are not saying whether Stuxnet has any connection to the secretive cyberwar unit it has built inside Israel’s intelligence service. Nor is the Obama administration, which while talking about cyberdefenses has also rapidly ramped up a broad covert program, inherited from the Bush administration, to undermine Iran’s nuclear program. In interviews in several countries, experts in both cyberwar and nuclear enrichment technology say the Stuxnet mystery may never be solved.
There are many competing explanations for myrtus, which could simply signify myrtle, a plant important to many cultures in the region. But some security experts see the reference as a signature allusion to Esther, a clear warning in a mounting technological and psychological battle as Israel and its allies try to breach Tehran’s most heavily guarded project. Others doubt the Israelis were involved and say the word could have been inserted as deliberate misinformation, to implicate Israel.
The same report cites Shai Blitzblau, the technical director and head of the computer warfare laboratory at Maglan, an Israeli company specializing in information security, who said he was “convinced that Israel had nothing to do with Stuxnet.”
“We did a complete simulation of it and we sliced the code to its deepest level,” he said. “We have studied its protocols and functionality. Our two main suspects for this are high-level industrial espionage against Siemens and a kind of academic experiment.”
Did Blitzblau present his findings at this week’s VB Conference in Vancouver where Stuxnet was the focus of attention? No — which is not surprising given his vacuous claim to have studied the code at its deepest level while other experts say it will take months to penetrate the thousands of lines of code contained in a 500kB piece of software.
As for why Israeli programmers would have inserted clues about about authorship deep inside the malware, the most obvious explanation would be the most prosaic: pride.
Even when the utmost secrecy is called for, there are those who cannot resist the temptation to leave their mark.
As for the significance of another finding — June 24, 2012 is the “kill date” after which the worm will refuse to execute — again, we can only speculate.
Is this the cut-off point for Israel’s campaign of cyber warfare against Iran after which will come the time for real war? Right in the run up to the 2012 US presidential election.