Super Stuxnet?

Richard Sale, author of Clinton’s Secret Wars, has written an article outlining the escalation of the joint U.S.-Israeli cyber attack on Iran’s nuclear program. A new malware, apparently built off of the Stuxnet worm used against Iran’s centrifuge systems between 2009 and 2010, is in development:

According to former and serving US intelligence officials, leaders of the three major software companies, Sergey Brin at Google, Steve Ballmer at Microsoft and Larry Ellison at Oracle have been working with Israel’s top cyber warriors and have now come up with a new version of a Stuxnet-like worm that can bring down Iran’s entire software networks if the Iranian regime gets too close to breakout, according to US intelligence sources.”

[Snip]

“This new Stuxnet worm is being advanced by administration and intelligence officials as a more powerful tool with a stronger range and capability than the previous version. Officials want this new cyber capability to derail any military action that could result in a regional war.”

You have to ask, if it’s that good, why stop at deterrence when you can aim for preemption? It would be far easier for Israeli, U.S. and UK warplanes to operate over Iran in the event of an attack if this “Super Stuxnet” scrambled Iran’s air defense systems, rendering early warning and interception systems impotent. It opens up new scenarios for U.S. action – covert or overt – vis a vis Iran’s nuclear program.

Surely the UK military, which has committed to reinforcing the U.S. naval presence in the Gulf and whose officials spoke at length in the Guardian on what might be used to take out Iran’s nuclear assets (Tomohawk cruise missile, airstrikes, commandos) will welcome this new tool.

Far from being a deterrent, this new malware has the potential to be the software equivalent of the Strategic Defense Initiative.

Yet while “Super Stuxnet” might turn into a U.S.-Israeli trump card, it also has the potential to become the electronic equivalent of Operation Fast and Furious.

Stuxnet, which entered the world wide web as early as 2009 and was discovered at work in Iran the next year, was built under U.S.-Israeli government auspicies using stolen Taiwanese software certificates so that it could infect a widely-used “industrial control system made by the German conglomerate Siemens that was used to program controllers that drive motors, valves and switches,” – i.e., Iranian centrifuge components. According to Wired magazine, the sophistication of the device and it’s target befuddled security experts because no one could initially figure out why a hacker would want to sabotage these systems (the answer was that the hackers were government-backed cyber warfare experts).

Then again, this avenue of attack is not new. If certain Cold Warriors are to be believed, the U.S. has a thing for valve sabotage. Thomas C. Reed, a former Secretary of the Air Force and Reagan-era advisor affiliated with the nuclear-warhead manufacturer Lawrence Livermore National Laboratory, contends that in the 1980s, the U.S. discovered a KGB network that existed solely to steal and reverse-engineer Western computer technology. Rather than expose the network, the U.S. used information from a KGB double agent’s papers (the “Farewell” Dossier) to determine what companies the KGB was stealing from. The U.S. then slipped all manner of cyber ordinance into their products. One such “logic bomb” allegedly destroyed a key Soviet pipeline by scrambling the software that controlled the pressure and flow of oil. The story of this sabotage effort was publicized by William Safire in 2004, and by the CIA itself in 2007.

Programming valves and motors to malfunction? Now doesn’t that sound familiar . . .

If this “Super Stuxnet” does exist, then it represents a comprehensive sabotage plan with far grander goals than the original Stuxnet, or even the “Farewell” Dossier, which, for all it’s defense applications (launch silo shutters unable to be opened or closed due to a bug?) was only targeted at the Soviet economy. It essentially amounts to an internet kill switch + EMP that can be activated remotely – or is already capable of activating itself at a preprogrammed time.

Iran, like the USSR in the 1980s, presumably has no advanced cyber warfare capacity to retaliate with, despite it’s attempts to play up its own cyber warfare capacity. The USSR could not identify or isolate the eletronic weapons used against it in the 1980s. Iran today would likely have a tough time doing anything more with “Super Stuxnet” than enduring it’s machinations.

But Iran has some friends who might be more adept at turning “Super Stuxnet” on its handlers.

Russia, of course, comes to mind. Revenge for “Farewell”? Poetic, but not pragmatic. Instead, Russia would presumably be interested in both the original and the new Stuxnets because of their security applications. Defensively, seeing how these worms work would help Russia enhance protection of its own nuclear production assets and protect its communications systems from being scrambled during a military action. Offensively, we saw Russia use cyber warfare in the 2008 Georgian conflict, targeting civilian, government and military internet tools. For all Russia’s financial and technical problems, she does endeavor to stay on the cutting edge in every military arm.

The cutting edge is very important for Russia not just because of NATO, but because Russia shares a very long border with another cyber warfare aspirant, the People’s Republic of China – who also happen to be friends of Tehran’s.

China’s interests in seeing how the Stuxnets work are basically similar to Russia’s, with the added goal of surpassing the U.S.’s own cyber warfare capabilities as soon as possible The People’s Liberation is Army is tailoring cyber warfare assets towards an “Integrated Network Electronic Warfare” that can target U.S. civilian and military infrastructure, from satellites to stop lights.

So, whatever success or deterence “Super Stuxnet” brings Tel Aviv and Washington, I’d like to ask its creators what they think the Iranians did with the original Stuxnet-contaminated hardware after removing it?

A. Dumped it in an electronic graveyard
B. Locked it in a heavily-guarded warehouse
C. Passed it onto the People’s Republic of China and/or Russia

Of course, this presumes China and Russia have normal diplomatic relations with Iran, the kind of relations in which countries with some shared strategic objectives – securing energy access, increasing their regional influence, undermining American hyperpower – exchange military, financial and diplomatic support on a semi-regular basis . . .

It doesn’t take much. One flash drive, a laptop or two. Maybe a server. All bundled off to bunkers in Moscow or Shanghai c/o the Iranian Revolutionary Guard.

As Richard Sale quotes an unnamed U.S. official saying in his article, cyber weapons are essentially electronic bioweapons. And when you want to see how your opponent’s bioweapons work, you need infected tissue samples – both to make a cure, and then to engineer your own, superior version.

About Paul Mutter

Paul Mutter is a contributor to Mondoweiss, Foreign Policy in Focus and the Arabist.
Posted in Israel/Palestine

{ 10 comments... read them below or add one }

  1. seafoid says:

    Super analysis

    The US has the same issue with drones. It will be a scary day for the US when the enemy gets the video game technology that allows it to kill Americans by remote control.

    link to nybooks.com

  2. BillM says:

    Thanks for covering this. Stuxnet is a perfect example of extremely short-term thinking. Regarding Iran:

    1) It damaged some centrifuges. However, the bottleneck for a nuclear weapon was never the centrifuges, Iran has more than enough to process a bomb’s worth of uranium in weeks. The bottleneck is weaponization and getting it small enough to stick on a missile. Hence, this attack didn’t really slow down the program (never mind the fact that US intelligence says no such weapons program exists).

    2) It caused Iran to stop using international systems and just develop their own centrifuges and control systems. This makes the Iranian program that much more difficult to track.

    Hence, Stuxnet had no practical effect on the Iranian nuclear program except to drive it underground. Meanwhile, it showed how easy SCADA systems, which are used in basically every industrial facility in the US (many major facilities using Siemens products in particular), are to target and damage, it guaranteed that others will use this tactic. Integrated and high-tech societies such as the US are the most vulnerable to this type of attack.

    Stuxnet was an incredibly stupid move that will have blowback for many years.

  3. Don’t forget 3 things:

    Stuxnet infected not only Iranian installations, but companies around the world.

    Stuxnet interferes in nuclear reactors, increasing the possibility of system failures.

    This means that your nuclear reactor in America, Europe etc. might blow up because Israel with its 300 nukes is afraid of the mere spectre if Iranian nuclear capability. Somewhere in an Israeli bunker, a general decided it was okay to put civilians everywhere near a nuclear reactor into danger, for the sake of Israeli nuclear supremacy in the wider region.

    • RoHa says:

      There is a lot of speculation that Stuxnet was one of the factors involved in the failure of the Fukushima reactors. I’m not an expert, so I can’t evaluate how likely it is.

  4. pabelmont says:

    “leaders of the three major software companies, Sergey Brin at Google, Steve Ballmer at Microsoft and Larry Ellison at Oracle have been working with Israel’”

    Is this an accusation of these three guys (and their companies) or praise? If Iran (or the next by-USA-called-bad-guy out there) wonders which people and which companies to attack, they’ve got a good list here.

  5. Kathleen says:

    If Israel and the US have “Stuxnet” and “super Stuxnet” one would assume Iran has some form of “super Stuxnet”. These are acts of war. Iran would have every right to follow Israel’s example.

    I have always wondered just which nation infiltrated Israel’s data mining capabilities “though a backdoor” mentioned in Fox News reporter Carl Camerons four part series on Israeli private communication systems having access to 95% of Americans phone calls etc
    link to informationclearinghouse.info

    link to informationclearinghouse.info

  6. Kathleen says:

    No one talks about Israel being pressured to sign the non proliferation treaty. How Iran might relax a bit if Israel would be pressured to play by the same rules that Iran has signed onto?

    Israel should sign the NPT. Open up to international inspections.

    • Remax says:

      I wish Israel would get rid of the damn things, but if that’s not going to happen I would feel safer if Iran had a few, besides conjoint disarmament would seem more achievable than unilateral disarmament. Can anyone seriously imagine Israel disarming else?

  7. pabelmont says:

    What does NPT say? That it’s OK to keep ‘em if you’ve got ‘em? But not to pass technology along to others (as Israel did to South Africa during SA’s apartheid period)?

    And did they say that 0.1% of Americans control 80% of the wealth? And 5% of the nations control 100% of the nukes?

    Geeze.

  8. manfromatlan says:

    It’s bad enough that Google and Microsft infects us with malware, they want to get Iran? ;)