News

11:41 AM
Connect Directly
RSS
E-Mail
50%
50%

Stuxnet Launched By United States And Israel

White House officials confirmed that the Stuxnet virus was a joint project between the two countries, designed to set back Iran's ability to create weapons-grade uranium.

The pioneering Stuxnet virus that attacked Iran was built just as many security experts had predicted: In a joint effort by the governments of the United States and Israel.

Those revelations surfaced Friday in The New York Times, in a story written by David Sanger, who had been conducting research for his forthcoming book, Confront and Conceal: Obama's Secret Wars and Surprising Use of American Power.

"This account of the American and Israeli effort to undermine the Iranian nuclear program is based on interviews over the past 18 months with current and former American, European, and Israeli officials involved in the program, as well as a range of outside experts," reported Sanger. "None would allow their names to be used because the effort remains highly classified, and parts of it continue to this day."

[ What do we know about the Flame malware? Read Flame FAQ: 11 Facts About Complex Malware. ]

Officials said that Stuxnet was developed as part of a classified program codenamed "Olympic Games," which was begun under President Bush, and which Obama ordered to be accelerated. As part of that program, malware was developed to first create a blueprint of an Iranian nuclear facility at Natanz. As fears of Israel launching an airstrike against Iranian facilities increased, the administration opted to make Israel part of the Olympic Games program. The Israelis worked with the National Security Agency to design Stuxnet, which was introduced into the Natanz facility via USB drives by spies and unwitting employees.

But in 2010, reported Sanger, an error in the code led to the virus spreading outside of the Natanz facility, at which point it began infecting PCs worldwide.

Stuxnet broke new malware ground because the complex application was designed for the sole purpose of sabotaging the high-frequency convertor drives used by the uranium enrichment facility at Natanz. That made it the first known virus to disable physical equipment. The virus managed to disable 1,000 of the 5,000 such drives Iran had in use at the time, delaying its uranium-enrichment program by 18 months to 2 years, according to internal Obama administration estimates. Outside experts, however, believed the resulting delays to be less substantial.

Security experts, of course, are now trying to unravel the mysteries of the Flame malware. The espionage and information-gathering virus, first detailed publicly on Monday, has predominantly been aimed at targets in the Middle East and Eastern Europe.

In the wake of the Stuxnet revelations, the next logical question is: Did the U.S. government also commission Flame?

U.S. officials told Sanger that Flame was not part of the Olympic Games program, although they declined to comment on whether the malware had been built by the United States. But based on code reviews, security experts already believe that Flame was commissioned by whomever ordered Stuxnet, although it was apparently built by a different group of developers.

Why are the revelations over who commissioned the Stuxnet program coming to light now, given that the virus was discovered back in June 2010? "Obama wanted to get credit for Stuxnet as that makes him look tough against Iran. And he needs that as Presidential elections are coming," tweeted Mikko Hypponen, chief research officer at F-Secure.

Furthermore, Stuxnet has arguably already served its purpose. "Stuxnet is old news. Even the recently discovered (and much hyped) Flame malware isn't an effective weapon today," said Graham Cluley, senior technology consultant at Sophos, in a blog post.

But for every Stuxnet, Flame, or Duqu, how many other pieces of espionage malware are now in circulation? "There seems little doubt that state-sponsored cyber-weapons (if that is indeed what Stuxnet was) continue to be developed--and chances are that it's not just the U.S.A. and Israel who are developing them, but other developed countries," Cluley said.

Hacktivist and cybercriminal threats concern IT teams most, our first Federal Government Cybersecurity Survey reveals. Here's how they're fighting back. Also in the new, all-digital Top Federal IT Threats issue of InformationWeek Government: Why federal efforts to cut IT costs don't go far enough, and how the State Department is enhancing security. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Michael Schenck
50%
50%
Michael Schenck,
User Rank: Apprentice
7/18/2012 | 3:34:27 PM
re: Stuxnet Launched By United States And Israel
Computer malware - at this time at least - does not exceed it's programming. Meaning, if they do "mutate" it was preplanned, or someone altered the source code.
davesg
50%
50%
davesg,
User Rank: Apprentice
6/4/2012 | 6:34:22 PM
re: Stuxnet Launched By United States And Israel
True! Real environments almost always bring out some crazy suprising things that a test environment didn't consider.

It's kind of like winning the lottery in reverse.
davesg
50%
50%
davesg,
User Rank: Apprentice
6/4/2012 | 6:26:07 PM
re: Stuxnet Launched By United States And Israel
Yes, it was inevitable.

Wasn't the excuse, attempting to stop or slow a dangerous nuclear program was the "excuse".

Yeah could have killed civillians. There is always that risk no matter what situation.

Is it ok? That is subjective. And yes I'm sure there was a "oh wow lets modify our systems so that can't be done to us" moment that helped us out.

Viruses mutate? stuxnet != skynet? lol
MyW0r1d
50%
50%
MyW0r1d,
User Rank: Apprentice
6/2/2012 | 10:33:16 PM
re: Stuxnet Launched By United States And Israel
I have worked all over the EMEA region both in government and civilian roles. It does not matter what the country, morality has never been a decision point heavily weighted (except in humanitarian agencies which sometimes make a lesser of two evils decision). Governments and private enterprise seek competitive advantage period and testing in a controlled environment is never reproducing an operational environment exactly. They now have information missed or overlooked in other testing. I understand humberger972's points, I just believe that it reflects a reality that unfortunately I have not encountered. One difference, not all nation states would admit responsibility under the same circumstances.
humberger972
50%
50%
humberger972,
User Rank: Apprentice
6/1/2012 | 10:30:25 PM
re: Stuxnet Launched By United States And Israel
I don't except that the only alternative is bombing - what a 50's attitude, bullying the world is not working in our current wars and it is not going to solve anything in the future.... and since it only delayed Iran's program by a year possibly two...that implies it didn't solve anything. But it did let a virus capable of taking down cities power, water, communications, oil and gas lines down, including ours get out for the entire world to see and replicate. It was a war crime, just like deliberately letting a strand of small pox into an enemy population would be.
humberger972
50%
50%
humberger972,
User Rank: Apprentice
6/1/2012 | 10:26:04 PM
re: Stuxnet Launched By United States And Israel
It was inevitable,,, that is the excuse that makes it ok to create a virus that killed someone? That could have killed a lot civilians, and still might? Really what you are saying it is ok that we did it, and hopefully doing it will protect us from someone doing it to us.

Virus mutate... bio or computer you let it into the wild it will come back, and take out your civilians.... we are a global economy - we are all using the same technology for our power systems, communications, oil, and yeah nuclear plants.... glad I don't live near one now.
jwallace80301
50%
50%
jwallace80301,
User Rank: Apprentice
6/1/2012 | 6:26:48 PM
re: Stuxnet Launched By United States And Israel
Yes, there's substantial collateral damage with all of this. But if the alternative is bombing a nuclear weapons facility with the likely radioactive fallout that was deliberately placed in Homs, a large city that is also a major Islamic religious center, to delay Iran from having nuclear weapons, then it is the far lesser of two evils.

The reality is that there has been an undeclared cyberwar that has been going on for many years if not decades. Look at all the damage the Chinese are doing in their infiltration of American defense sites, public companies, etc., etc. Cyberwar is the continuation of politics by other means.

It would a nice world if human beings and the nations, religions, ethnic groups, etc. that they aggregate in didn't fight each other, that everyone was reasonable and sang the same songs in perfect harmony.

But these aggregations result in different shared realities, different morals, different grievances, and different justifications for hurting people outside of their group. This is the nature of human beings and to think that we are otherwise is to be idiotically naive.

Despite occasional lapses, human beings are not nice animals. We are, for the time being at least, the most successful predators on the planet. The Iranians are predators, the Chinese are predators, the Russians are predators, the Syrians are predators, and of course, Americans are predators. The world today is the result of predators doing what predators do.

davesg
50%
50%
davesg,
User Rank: Apprentice
6/1/2012 | 6:01:23 PM
re: Stuxnet Launched By United States And Israel
It was inevitable. Someone was going to make something like stuxnet. Hopefully the ideas and knowledge gained in developing it helps us defend against similar attacks from other sources. Also hopefully in the future safeguards will be built in mitigating collateral damage. Not bad for round one if you ask me, considering the alternatives.
humberger972
50%
50%
humberger972,
User Rank: Apprentice
6/1/2012 | 5:21:40 PM
re: Stuxnet Launched By United States And Israel
This is just stupid and immoral. We stopped creating bio weapons, because it is not just the target that gets sick, it is all the people they meet, and eventually it comes home to your own population.

Stuxnet didn't just hit its target, but the contractors working at that facility also accidently spread it to the power plant - if the plant had been operational at the time - thousands, possibly millions of civilians would have been exposed to a nuclear power plant melt down in their city.

The same contractors went home to Russia, where the virus is implicated in a pipe line explosion that had causalities ... so now we are murdering Russian civilians? What about the other equipment in a growing number of countries that have been impacted, causing millions of dollars of damage -- how much money do we owe India now? Also with the code out there now, it is easier for others to make their own version... how long before it hits our shores? This was immoral and stupid -- just like bio warfare. We owe a big apology to a growing number of countries that are being damaged by this virus ... because it didn't stay in the target country....and anyone with a brain would know the virus would travel
Slideshows
Cartoon
Audio Interviews
Archived Audio Interviews
Jeremy Schulman, founder of Schprockits, a network automation startup operating in stealth mode, joins us to explore whether networking professionals all need to learn programming in order to remain employed.
White Papers
Register for Network Computing Newsletters
Current Issue
Research: 2014 State of the Data Center
Research: 2014 State of the Data Center
Our latest survey shows growing demand, fixed budgets, and good reason why resellers and vendors must fight to remain relevant. One thing's for sure: The data center is poised for a wild ride, and no one wants to be left behind.
Video
Twitter Feed