Stuxnet And America’s New Cyberwarriors

The first shots have been fired in cyberspace. How will it end?

It’s long been rumored that Stuxnet, the mysterious computer virus that disabled nearly 1,000 of Iran’s nuclear centerfuges but also managed to work itself into computer systems around the world, was the work of American and Israeli computer programmers and part of a broader Cyber-Warfare effort by both countries. Until now, though, there’s been no real confirmation of this, and the recent discovery of a new form of malware called Flame has led many to wonder if there isn’t a war being conducted in secret on the Internet. Today in The New York Times, though, there’s a fascniating longish piece that provides some of the details behind the story, and seems to confirm that our nation is indeed waging wars in cyberspace:

WASHINGTON — From his first months in office, President Obama secretly ordered increasingly sophisticated attacks on the computer systems that run Iran’s main nuclear enrichment facilities, significantly expanding America’s first sustained use of cyberweapons, according to participants in the program.

Mr. Obama decided to accelerate the attacks — begun in the Bush administration and code-named Olympic Games — even after an element of the program accidentally became public in the summer of 2010 because of a programming error that allowed it to escape Iran’s Natanz plant and sent it around the world on the Internet. Computer security experts who began studying the worm, which had been developed by the United States and Israel, gave it a name: Stuxnet.

At a tense meeting in the White House Situation Room within days of the worm’s “escape,” Mr. Obama, Vice President Joseph R. Biden Jr. and the director of the Central Intelligence Agency at the time, Leon E. Panetta, considered whether America’s most ambitious attempt to slow the progress of Iran’s nuclear efforts had been fatally compromised.

“Should we shut this thing down?” Mr. Obama asked, according to members of the president’s national security team who were in the room.

Told it was unclear how much the Iranians knew about the code, and offered evidence that it was still causing havoc, Mr. Obama decided that the cyberattacks should proceed. In the following weeks, the Natanz plant was hit by a newer version of the computer worm, and then another after that. The last of that series of attacks, a few weeks after Stuxnet was detected around the world, temporarily took out nearly 1,000 of the 5,000 centrifuges Iran had spinning at the time to purify uranium.

The article then goes on to describe the process that gave birth to Stuxnet, how it got into the Iranian plant at Natanz, and how it managed to escape into the wider world. It’s an effort that actually goes all the way back to 2006 and the Bush Administration when, after the mission was authorized by the President, American and Israeli programmers began working on what ended up being a necessary first step in the process, developing a program that would infiltrate the plant and record necessary information about it’s operation and physical make-up that programmers would need to design a program that would be able to not only cause the centerfuges to malfunction, but to make the Iranians think that it was their fault. That particular part of the operation is particularly interesting:

The first attacks were small, and when the centrifuges began spinning out of control in 2008, the Iranians were mystified about the cause, according to intercepts that the United States later picked up. “The thinking was that the Iranians would blame bad parts, or bad engineering, or just incompetence,” one of the architects of the early attack said.

The Iranians were confused partly because no two attacks were exactly alike. Moreover, the code would lurk inside the plant for weeks, recording normal operations; when it attacked, it sent signals to the Natanz control room indicating that everything downstairs was operating normally. “This may have been the most brilliant part of the code,” one American official said.

Later, word circulated through the International Atomic Energy Agency, the Vienna-based nuclear watchdog, that the Iranians had grown so distrustful of their own instruments that they had assigned people to sit in the plant and radio back what they saw.

“The intent was that the failures should make them feel they were stupid, which is what happened,” the participant in the attacks said. When a few centrifuges failed, the Iranians would close down whole “stands” that linked 164 machines, looking for signs of sabotage in all of them. “They overreacted,” one official said. “We soon discovered they fired people.”

Imagery recovered by nuclear inspectors from cameras at Natanz — which the nuclear agency uses to keep track of what happens between visits — showed the results. There was some evidence of wreckage, but it was clear that the Iranians had also carted away centrifuges that had previously appeared to be working well.

It wasn’t until after President Obama took office, though, and the Stuxnet code was again upgraded that the United States was able to unleash the damage that really set the Iranian program back. Unfortunately, that was also when the program almost got discovered when an engineer at the planet hooked his personal computer into the plant’s network, and then took it home and connected to the Internet. Before long, Stuxnet was on the loose, and the rest is history.

It seems fairly certain that Stuxnet isn’t the only CyberWar that America is conducting. Indeed, the Flame virus that I wrote about earlier this week seems to be so sophisticated, and so specifically targeted, that it logically only could come from the United States and/or its allies (although as I noted, Flame is different from Stuxnet in that its job is surveillance, not sabotage). Of course, this likely means that nations not entirely friendly to us, as well as terrorist organizations, have things like this in mind as well. We’ve already heard stories in recent years of U.S. Government systems being attacked and infiltrated by Chinese hackers, and the shadowy hacker organization Anonymous is a fairly apt demonstration of the fact that you don’t necessarily need to have the resources of a major government behind you to cause damage in cyberspace.  That’s why I found this part of the article interesting:

Mr. Obama, according to participants in the many Situation Room meetings on Olympic Games, was acutely aware that with every attack he was pushing the United States into new territory, much as his predecessors had with the first use of atomic weapons in the 1940s, of intercontinental missiles in the 1950s and of drones in the past decade. He repeatedly expressed concerns that any American acknowledgment that it was using cyberweapons — even under the most careful and limited circumstances — could enable other countries, terrorists or hackers to justify their own attacks.

“We discussed the irony, more than once,” one of his aides said. Another said that the administration was resistant to developing a “grand theory for a weapon whose possibilities they were still discovering.” Yet Mr. Obama concluded that when it came to stopping Iran, the United States had no other choice.

It was inevitable that some President would make the decision to cross this particular Rubicon, actually. The strategic and tactical advantages of these kinds of attacks is simply too compelling to pass up. If the United States could stop or delay the Iranian program remotely, then it could possibly stop or delay the Israelis from unleashing a military attack that would threaten to drag the entire region, and many of the world’s powers, into a conflict that few people would be able to control effectively. And, of course, like nuclear weapons and all other forms of military technology, it’s also inevitable that other nations are going to go down this road as well. We can only hope that our defenses against such attacks are sufficient, and far more sophisticated than the Iranians. Because, one day, we could very well wake up and find ourselves in the middle of a digital 9/11.

And, a closing thought. In what respect are the electronic attacks that we and the Israelis have unleashed on the Iranian nuclear program not an act of war? This is not to say that they aren’t justified. After all, sabotage has been a military tactic since time immemorial. However, I don’t think we should mischaracterize what we’ve done here, or the can of worms that we’ve opened. I hope we’re ready.

FILED UNDER: Intelligence, Middle East, Military Affairs, National Security, Science & Technology, US Politics, World Politics, , , , , , , , ,
Doug Mataconis
About Doug Mataconis
Doug Mataconis held a B.A. in Political Science from Rutgers University and J.D. from George Mason University School of Law. He joined the staff of OTB in May 2010 and contributed a staggering 16,483 posts before his retirement in January 2020. He passed far too young in July 2021.

Comments

  1. mantis says:

    The first shots have been fired in cyberspace. How will it end?

    Keanu will save us.

  2. Tsar Nicholas says:

    Good blog post.

    As for how the cyberwars will end, well, obviously, we hope it’ll be in defeat for them and in victory for us. Towards that end perhaps we should be spending a lot more federal tax dollars subsidizing computer science, programming and related degrees, at the likes of Cal Tech, MIT and Georgia Tech, and a lot fewer federal dollars subsidizing big thinking philosophers, sociologists and humanities majors, at the likes of the Univ. of Loopyville. A lot more H1-B visas for stellar computer tech people from allied nations also would be worthwhile.

  3. Elise McMann says:

    I wait with bated breath the intellectual property suit filed by Jacques Rogge and the IOC against the United States for unauthorized use of the phrase “Olympic Games.”

    After all, non-sponsors of the Games who use the words London, medals, sponsors, summer, gold, silver or bronze are going to face civil action to prevent such usage.