A USB memory stick carrying the Stuxnet malware is believed to have provided intruders with access to Iran’s nuclear program. The same technique was used in November 2008 to break into CENTCOM, providing a foreign government with unfiltered access to the Pentagon’s command of the wars in Iraq and Afghanistan. Did both attacks come from the same source?
Earlier this week, Reuters reported:
Cyber warfare has quietly grown into a central pillar of Israel’s strategic planning, with a new military intelligence unit set up to incorporate high-tech hacking tactics, Israeli security sources said on Tuesday.
Israel’s pursuit of options for sabotaging the core computers of foes like Iran, along with mechanisms to protect its own sensitive systems, were unveiled last year by the military intelligence chief, Major-General Amos Yadlin.
The government of Prime Minister Benjamin Netanyahu has since set cyber warfare as a national priority, “up there with missile shields and preparing the homefront to withstand a future missile war”, a senior source said on condition of anonymity.
Back in 1997, when the US did not overtly support political assassinations, President Clinton intervened to save the life of Khalid Meshaal. The Hamas political bureau chief had been poisoned by Mossad operatives (carrying stolen Canadian passports) on the streets of Jordan’s capital, Amman.
Clinton wasn’t trying to help Hamas but knew that a peace treaty he had helped broker between Israel and Jordan would be in jeopardy if Prime Minister Netanyahu thought he could disregard the sovereignty of Jordan and carry out assassinations with impunity. Likewise, neither King Hussein nor the Canadian government believed that Israeli actions showing a flagrant disregard for the authority of their respective governments could go unanswered.
Netanyahu would probably have found Clinton’s pressure unpersuasive were it not for the fact that the Israeli operatives had already been arrested. In exchange for their release, the Israelis supplied the antidote that saved Meshaal’s life while also releasing the Hamas spiritual leader Sheikh Ahmed Yassin.
Then came 9/11.
Before long, Yassin had been assassinated, the US was using Israeli methods of torture in its campaign against an amorphous Islamic threat, Israel’s own war crimes were sanctioned by the US in the name of the war on terrorism, and the use of stolen foreign passports by Mossad agents committing murder on foreign soil provoked nothing more than a diplomatic slap on the wrists.
When suspected Israeli agents were reported this week to be conducting surveillance on the NSA in Utah, the national security breach did not provoke a murmur in the national media — even though a string of similar incidents prior to 9/11 raised questions about whether Israel could have had foreknowledge of the attacks.
The willingness of this and the previous administration to allow Israel to disregard international law shows that even if the Israel lobby can no longer flourish like a night flower, its power is barely diminished. Even so, the appearance of the Stuxnet malware should be a wake-up call to every government around the world that refuses to place Israel’s national interests above its own.
In its conception, Stuxnet can be viewed very much like a targeted killing — but one designed to attack silently and leave no trace of its origin.
It’s creators understood that they had designed an exceedingly dangerous weapon and so they made sure its damage could be contained. But it seems not to have worked according to plan and so caution got tossed out of the window. Apparently, Israel did what it has done so many times before: pursued what it regarded as its own interests with an utter disregard for the international consequences.
Computerworld reports:
The original infection method, which relied on infected USB drives, included a counter that limited the spread to just three PCs, said [Liam] O Murchu [operations manager with Symantec’s security response]. “It’s clear that the attackers did not want Stuxnet to spread very far,” he said. “They wanted it to remain close to the original infection point.”
O Murchu’s research also found a 21-day propagation window; in other words, the worm would migrate to other machines in a network only for three weeks before calling it quits.
Those anti-propagation measures notwithstanding, Stuxnet has spread widely. Why?
Kaspersky’s [Roel] Schouwenberg [a senior antivirus researcher] believes it’s because the initial attack, which relied on infected USB drives, failed to do what Stuxnet’s makers wanted.
“My guess is that the first variant didn’t achieve its target,” said Schouwenberg, referring to the worm’s 2009 version that lacked the more aggressive propagation mechanisms, including multiple Windows zero-day vulnerabilities. “So they went on to create a more sophisticated version to reach their target.”
That more complex edition, which O Murchu said was developed in March of this year, was the one that “got all the attention,” according to Schouwenberg. But the earlier edition had already been at work for months by then — and even longer before a little-known antivirus vendor from Belarus first found it in June. “The first version didn’t spread enough, and so Stuxnet’s creators took a gamble, and abandoned the idea of making it stealthy,” said Schouwenberg.
In Schouwenberg’s theory, Stuxnet’s developers realized their first attempt had failed to penetrate the intended target or targets, and rather than simply repeat the attack, decided to raise the ante.
“They spent a lot of time and money on Stuxnet,” Schouwenberg said. “They could try again [with the USB-only vector] and maybe fail again, or they could take the risk of it spreading by adding more functionality to the worm.”
O Murchu agreed that it was possible the worm’s creators had failed to infect, and thus gain control, of the industrial systems running at their objective(s), but said the code itself didn’t provide clear clues.
What is clear, O Murchu said in a news conference Friday morning, is that Stuxnet evolved over time, adding new ways to spread on networks in the hope of finding specific PLCs (programming logic control) hardware to hijack. “It’s possible that [the attackers] didn’t manage to get to all of their targets [with the earlier version],” O Murchu said. “The increased sophistication of Stuxnet in 2010 may indicate that they had not reached their target.”
With the proliferation of Stuxnet, Schouwenberg said that the country or countries that created the worm may have themselves been impacted by its spread. But that was likely a calculated risk the worm’s developers gladly took.
And that risk may have been quite small. “Perhaps they knew that their own critical infrastructure wouldn’t be affected by Stuxnet because it’s not using Siemens PLCs,” Schouwenberg said.
The danger now posed by Stuxnet is not simply through its direct proliferation but by virtue of the fact that it provides a blueprint that can be adapted by other parties who would otherwise lack the resources to create malware this sophisticated from scratch.
What might have been conceived as a tool to prevent the creation of a weapon of mass destruction could itself be turned into a WMD.
The Washington Post reports:
“Stuxnet opened Pandora’s box,” said Ralph Langner, a German researcher whose early analysis of the worm’s ability to target control systems raised public awareness of the threat. “We don’t need to be concerned about Stuxnet, but about the next-generation malware we will see after Stuxnet.”
Sean McGurk, director of the U.S. National Cybersecurity and Communications Integration Center at the Department of Homeland Security, said that the department posted its first report to industry recommending steps to mitigate the effects of Stuxnet on July 15. But “not even two days later,” he said, a hacker Web site posted the code so that others could use it to exploit the vulnerabilities in Microsoft.
“So we know that once the information is out in the wild, people are taking it and they’re modifying it,” he said.
In other words, what started as an Israeli cyber attack on nuclear installations in Iran could end up crashing the US powergrid or causing havoc anywhere else on the globe.
Even before Stuxnet loomed over the horizon, serious warnings were being issued about the United States’ vulnerability to a crippling cyber attack, yet thus far none of those raising the alarm have pointed to the ways in which Israel’s cyber warfare capabilities may now indirectly or directly threaten the United States and its interests.
– – –
Late last year, 60 Minutes reported on America’s vulnerability to a major cyber attack.
We keep giving Israel enough rope to hang us.
I still have a hard time realizing the US congress isn’t really a congress for the US.
keep a pencil and a piece of paper handy
’cause when that- emp- goes off
that’s all you will have left
maybe it wasn’t the best idea
to hang everything on
electromagnetic vibrations
The obsession Israel seems to have with its “enemy, Iran”, who has attacked no country in hundreds of years and certainly is not suicidal enough to touch dear little Israel, may have led it to dangerous overextension of its response.
Be interesting to see if the CIA, NSA, and other “intelligence” agencies are sufficiently free of the Israeli thumb-on-the-scales to complain loudly enough about the Stuxnet (and earlier) threats to US military and infrastructure (nuclear plants, etc.) and commerce to make themselves heard.
If they do speak up, and if President Obama could “hear” them, then perhaps something could be got done to clip the wings of THE LOBBY and get Congress to abandon its 43 year un-American trance of my-country-(Israel)-right-or-wrong-ism.
ON THE OTHER HAND, Israel may have been blackmailing the USA for years using nuclear blackmail (for example), and now they may have an even more potent means of blackmail. KEEP TUNED.
Hmmm? How much of this is controlled media hype, with the purpose of softening up the global audience to the next and immanent 9/11 orchestrated epesode and at the same time providing the necessary credible deniability and perhaps even a new and more realistic patsy for the real perpetrators?
I was amazed that the “60 minutes” guy points at the Chinese, but not a mention of Israel, while just this week the US administration has rolled over and made to assumed the position yet again for PM Netanyahu, even after offering everything less the kitchen sink for just another 60 days of the “partial building moratorium” in the illegally occupied Palestinian territories.
You have to wonder, who in the world sees the rest of humanity as less than cattle to serve their ends of power?
BTW “rosemerry” it has very little to do with Iran directly, I feel. The Iran nuclear issue is a hyperbolic subterfuge. The Iranian regime is just another (defiant) piece on the chess board. Of course Israel knows there exists no threat other than that which they say exists.
We are all Palestinians now!
It would be interesting to know in which countries the malware isn’t found.
pabelmont October 2, 2010 at 8:07 pm
ON THE OTHER HAND, Israel may have been blackmailing the USA for years using nuclear blackmail (for example), and now they may have an even more potent means of blackmail. KEEP TUNED.
>>>>>>>>>>>>>>>>>>
Actually Israel has used the nuke blackmail on the US constantly….mostly to secure conventional weapons for their wars and to ensure continuing US military aid $’s.
You can find discussion of this among the Presidential paper in various Presidential Libraries. This has been going on regulary from the cold war period up to Desert Storm and continuing. The Presidential libraries are the source if one wants real proof of this tactic, but here is a US War College paper that hits the highlights of the Israel Nuke program and how they use it.
http://www.fas.org/nuke/guide/israel/nuke/farr.htm
“Thus started the subtle, opaque use of the Israeli bomb to ensure that the United States kept its pledge to maintain Israel’s conventional weapons edge over its foes.[65] There is significant evidence that Henry Kissinger told President of Egypt, Anwar Sadat, that the reason for the U.S. airlift was that the Israelis were close to “going nuclear.”[66]
One other purpose of Israeli nuclear weapons, not often stated, but obvious, is their “use” on the United States. America does not want Israel’s nuclear profile raised.[144] They have been used in the past to ensure America does not desert Israel under increased Arab, or oil embargo, pressure and have forced the United States to support Israeli diplomatically against the Soviet Union. Israel used their existence to guarantee a continuing supply of American conventional weapons, a policy likely to continue.[145]
Bravo Woodward! Note that without ~$10/year from many American aid sources Israel could never be in a position to engage in global crime from nuclearizing and arming apatheid South Africa (HERE’S A REAL NUCLEAR PROLIFERATOR) to disabling the computers-dependent DoD. And now they want Pollard released as proof that they take care of their own….They didn’t cry much over Franklin. Just a thought about the significance of blind support with more money per Israeli than many Americans make in a year.
Israel is acting in its own best intrest..not the United States. The pressure they use to get the military material they want from the united states is well know. There are a number of jewish groups whose sole purpose is to get israel what they need from America. I saw figures where for each israel gets 30,000 dollars per person per year in american aid. They copy our latest missle technology that we give them and sell it on the world market, mostly to china.
This worm probably is from israel, it makes the perfect tool. Everytime there is a induatrial disaster in iran, we will think that israel was clever enough to cause it.
Israel will come out of this as one of, if not the premier cyberwarfare nations in the world.
Osama Bin Laden made good on his threat to attack the United States. The USA was tragically passive about it. The cost is still rising and will for a long time apparently. Iran has threatened repeatedly to wipe Israel and the USA off the map. Israel, unlike the USA, is not being passive about it. Because of their geographic size and lack of friends they must always be pro-active. The times they have been passive they have paid with the spilled blood of women and children. If they are passive they die, the world celebrates, Islam abounds even more. If they are pro-active the world points the finger, not at the bad guys, the ones who are threatening Israel’s annihilation, but Israel, the one who simply wants to be a thriving tiny little nation the size of Vancouver Island, Canada. One last note. Who was the first nation on the scene with viable relief when the earthquake struck Haiti? It was Israel.
When you say “it provides a blueprint that can be adapted by other parties who would otherwise lack the resources to create malware this sophisticated from scratch” you come closer than any other article I have read to stating the danger the people who released this virus have presented to our infrastructure, but you still understate it. Stuxnet is not merely a blueprint, It contains a root kit that allows the take over of the Siemans controller, not the blueprint to build the the kit, the actual root kit. It contains a mechanism for distribution and installation The only thing you need to write is the code that targets the specific function you want to disrupt. It is like the difference between supplying a blueprint for a nuclear bomb, and supplying all of the materials ready to assemble in addition to the blueprint. Stuxnet is the latter. THIS IS VERY BAD!!! Whoever built this had no regard for the safety of anyone but themselves.
I think it’s wonderful that Israel temporarily stopped the Jihadist beasts in Teheran from having access to nukes. They are brilliant. This buys time for not only Israel but all the Arab states who, no doubt , will be blackmailed by the Jihadist beasts in Iran once they have their own nukes . Bravo Israel !!!