Danger, USB! Was Israel Behind Stuxnet or Not?
Peter Robinson recently suggested that Israel deserves at the very least a crate of champagne for managing to disrupt the Iranian nuclear program, an accomplishment that has eluded Barack Obama, Hillary Clinton, the EU, and the IAEA — and all without a single plane sent into harm’s way, a single bomb dropped, or a single shot fired in anger. Israel (if it was she) has apparently not only slowed things down at the Bushehr nuclear reactor, but also seriously compromised the enrichment of uranium at Natanz -- a facility that is eight meters underground and covered with reinforced concrete and earth, making it a tough hit. Natanz seems to have been brought to a near-standstill by the worm, which was likely brought in initially on an infected USB stick.
Think back to the summer, before news of the cyber-attack hit the front pages. There was much discussion, and had been for some time, on the likelihood of an Israeli air strike to take out, or at least seriously damage, Iran’s nuclear program. Speculation on timeframes had been rife for months, with zero hour shifting from spring to summer to autumn as dates passed with no action. Knowledgeable individuals far and wide weighed in on the gravity of the danger Iran’s program poses to Israel and to the world and the necessity that action be taken soon, a concern often coupled with anxiety over the perceived unwillingness of the American administration to step up. The question asked was rarely “should Israel strike?” or even “will Israel strike?” It was instead: “Will the Israeli strike take place with our without American permission?”
But an Israeli air strike didn’t happen. Why not?
Here's a theory. Israel didn't send in the air force because she knew something the punditry didn’t, something that threw conventional wisdom about the imminence of Iran’s nuclear capability out the window. That knowledge was secure enough to preclude the necessity, at least in the short term, of a physical strike. Israel knew that Iran’s nuclear program was about to be seriously disrupted — and so it was, by the Stuxnet virus.
Okay, sounds reasonable. But did Israel do it?
I think it’s likely -- and there may well have been cooperation between the Israelis (Unit 8200?) and the Americans (USCYBERCOM, hitting the ground running?), although don't wear yourself out looking for confirmation. The scale of the attack would have required two things that seem to discount rogue hackers in their bedrooms: substantial, coordinated manpower and “the resources of a nation-state”, according to a discussion of the virus on CNet. Computerworld consulted Liam O Murchu, manager of operations with Symantec's security response team, and Roel Schouwenberg, a senior antivirus researcher at Kaspersky Lab, both of whom concur with CNet's supposition:
"There are so many different types of execution needs that it's clear this is a team of people with varied backgrounds, from the rootkit side to the database side to writing exploits," [O Murchu] said.
The malware, which weighed in at nearly half a megabyte -- an astounding size, said Schouwenberg -- was written in multiple languages, including C, C++ and other object-oriented languages…
"And from the SCADA [the Siemens supervisory system that was vulnerable to the virus - JL.] side of things, which is a very specialized area, they would have needed the actual physical hardware for testing, and [they would have had to] know how the specific factory floor works," said O Murchu.
"Someone had to sit down and say, 'I want to be able to control something on the factory floor, I want it to spread quietly, I need to have several zero-days [security gaps - JL.],’” O Murchu continued. "And then pull together all these resources. It was a big, big project."
The Economist agrees that there was a major investment here:
Normally, anyone who discovers a new zero-day exploit can expect to sell it for a handsome fee to hackers who can then make use of it. Whoever built Stuxnet, however, was prepared to pay for four such exploits, which cannot have been cheap, to boost its chances of success. They also had deep knowledge of particular control systems. So it seems to be an expensive piece of software aimed at one specific facility.
The Christian Science Monitor puts it this way: “Stuxnet is essentially a precision, military-grade cyber missile deployed…to seek out and destroy one real-world target of high importance.” Michael Assante, former chief of industrial control systems cyber security research at the US Department of Energy's Idaho National Laboratory, calls Stuxnet “the first direct example of weaponized software, highly customized and designed to find a particular target." The object was not the theft of data or the ransoming of systems. It was destruction.
I’d say the evidence is compelling that a nation was behind Stuxnet, and since we’re the nation Ahmadinejad has rhapsodized about wiping off the face of the earth, we’re a likely suspect. And Israel has made no secret of its commitment to cyber defense and warfare, which is believed to have shut down Syria's defense infrastructure as long ago as 2007, when Israel took out its budding nuclear weapons development program in a night air raid. This past February, Maj. Gen. Amos Yadlin said that "Using computer networks for espionage is as important to warfare today as the advent of air support was to warfare in the 20th century."
There has been much feverish discussion about two alleged clues suggesting the long arm of Israeli hackers in the code: the word “MYRTUS” and the number string 19790509. “Myrtus” could refer to the myrtle tree, and myrtle in Hebrew is Hadassah — the original name of Biblical Queen Esther, who rescued the Jews of Persia from extermination. The number string could refer to May 9, 1979, on which date Iran executed a prominent Jewish philanthropist, Habib Elghanian, for spying.
I'd advise caution here. It seems a little counterintuitive for Israel to go to great trouble to conceal her agency and then plant such heavy-handed clues. Of course, the clues could be misdirection to prompt exactly that reaction. And Israel does relish the well-placed message. In 1967, for example, when Israel wiped out Egypt’s air force before it could take off, the IAF left Egypt’s dummy planes intact on the tarmac, just to freak them out a little. The clues in Stuxnet's code are far from conclusive, but I wouldn’t put it past the Israelis to give the enemy a little something to keep them guessing. If Israel was behind Stuxnet, I imagine her object was not only to slow down Iran’s nuclear progress, but to make a statement as well: that she is watching, she knows what Iran is up to, and if they get too far out of line, she’ll come calling.
Peter, I wish I could confirm that Israel deserves that champagne. (Or perhaps I don’t.) In any event, I’m pretty sure that even hackers love Bollinger. Just please make sure it gets here before June 24, 2012. That's Stuxnet’s built-in kill date, and there's no telling what’s in store after that.
[For those who would like more detail on Stuxnet, Symantec has published an exhaustive dossier, and there’s more analysis here. Symantec also published a short breakdown of the various theories about its origin (lone wolf or state-sponsored espionage?). And if you’d like to read an interesting debunking that culminates in a pretty zany theory, look here.]
- Comment (14)
- · Quote
- · UnfollowFollow (1)
Comments:
Jul '10
Re: Danger, USB! Was Israel Behind Stuxnet or Not?
My guess is that given the Israeli suspicion of the man in the White House this was a unilateral operation. And knowing how Washington leaks like a sieve and always has -- the British were aware of this as far back as WWII -- they probably didn't give us a heads up until the centrifuges began wobbling. If then. Maybe the White House found out the way the rest of us did, from internet stories that began appearing days before the dozy MSM began running its first articles.
Aug '10
Re: Danger, USB! Was Israel Behind Stuxnet or Not?
Now we get the news that Iran has suspended uranium enrichment for "unknown reasons":
http://www.newsbcm.com/doc/481
To top it off, Iran's Parliament is attacking Achmadinajihad:
http://www.sanfranciscosentinel.com/?p=96111
I think you're spot on, Judith. Israel pulled off an ingenious act of sabotage. Proving once again they're endowed by God with finer minds than their enemies and a legacy of ultimate victory.
Jun '10
Re: Danger, USB! Was Israel Behind Stuxnet or Not?
If this is true ,whether Israel alone or in conjunction with the USA, it is astounding and wonderful and one more reason to be thankful as we approach our holiday of Thanksgiving.
May '10
Re: Danger, USB! Was Israel Behind Stuxnet or Not?
I strongly suspect that the US was indeed involved, and probably also implemented covert prophylactic countermeasures in any US control systems made by Siemens.
Aug '10
Re: Danger, USB! Was Israel Behind Stuxnet or Not?
Peter
Make that a '75 Dom. This was masterful, but we should expect nothing less from the strongest fortress of belief and thought that exists. We all have an obligation to protect them. Failing that, to respect their efforts at self-defense. I sincerely hoped that the United States did all they could to help in the Stuxnet gambit.
And for Mahmoud- up yours sport !
Sep '10
Re: Danger, USB! Was Israel Behind Stuxnet or Not?
Knowing next to nothing about this kind of technology, I have a question. Would it be possible for an aggressor to take out a nation's defense grid via a cyber-attack just prior to launching an air attack? Wouldn't that then make attacking a power like Iran like shooting fish in a barrel?
Just wondering.
Re: Danger, USB! Was Israel Behind Stuxnet or Not?
Standfast, it's believed that that's exactly what the Israelis did in 2007 when they hit the Syrian early-stage nuclear facility. The word is that Syrian radar showed clear skies while the IAF was actually inside Syrian airspace. The success of the strike is thought to have been the product in part (not by any means entirely) of a prior cyber attack.
Re: Danger, USB! Was Israel Behind Stuxnet or Not?
That, Judith, is incomparably the most readable and comprehensive overview I've seen. And although you don't put it quite this way, you've built an almost insurmountable case for Occam's Razor: the simplest explanation, said Occam, is always to be preferred; and in this case the simplest explanations is that Israel done did it.
On the other hand, as you note, we lack proof certain. Which means? That it's up to you and me to drink that champagne. Here's looking at you, Judith!
Re: Danger, USB! Was Israel Behind Stuxnet or Not?
Cheers!
Sep '10
Re: Danger, USB! Was Israel Behind Stuxnet or Not?
Judith,
I have always leaned toward the debunking hypothesis when it comes to MSM feeding frenzies with respect to viruses (many are hoaxes hyped by the industry to boost sales), but I agree with Peter that your summary is without peer. Now, if I can just pull Peter over and explain to him that per Richard Weaver, he shouldn't be praising the father of nominalism in the West without extensive qualifiers.
Jun '10
Re: Danger, USB! Was Israel Behind Stuxnet or Not?
Why is it that when we see magic, we want proof? You can choose to watch the hand the magician shows you or you can choose to watch the hand he hides behind the motion of the hand he shows or you can sit back and applaud the trick. Ladies and gentlemen let's hear it for. . .
May '10
Re: Danger, USB! Was Israel Behind Stuxnet or Not?
Judith, I don't think anyone's mentioned it yet, so I'll just say - nice reference to the old series "Danger UXB" about a British bomb-disposal squad in WWII.
Watched it on PBS many years ago, and again recently via Netflix. It's very well done.
Sep '10
Re: Danger, USB! Was Israel Behind Stuxnet or Not?
Thank you, Judith, for the response to my question. So how vulnerable are we to the same kind of attack? Who is capable, outside of the US and Israel, of a cyber attack?
Re: Danger, USB! Was Israel Behind Stuxnet or Not?
Matthew -- Yes! Glad you caught that. I was psyched when I thought of it.
Standfast, that right there is the zillion-dollar question. Any bad guy worth his salt will be working on this stuff. Doing it right requires brains, money and initiative. Cyber defense as well as offense has to be a top priority for everyone now.