Skip to main content

SpyvsSpy
[Originally published to Enformable.com]

On June 1st of this year the New York Times reported that President Obama himself participated in the "Stuxnet" cyberattack against Iran's nuclear ambitions, beginning very shortly after he took over the executive reins of the U.S. government from ex-President George W. Bush. It was under Bush that American and Israeli intelligence agencies got together on the project, code named Olympic Games.

The Times article set off a wave of criticism, leading to the June 5th announcement from the Senate Armed Services Committee that closed hearings will be held to examine the apparent authorized release of classified information that Senators John McCain and Saxby Chambliss claim to have damaged U.S. national security. McCain further charged that the revelations were designed "to enhance President Obama's image as a tough guy for the elections."

Why the Senate suddenly believes that a POTUS cannot release classified information when he sees fit is a mystery, as under the last administration the Vice President of the United States leaked the classified identity of a covert CIA counterproliferation agent to the New York Times (which duly reported the information) as a way to publicly punish that agent's ambassador husband for debunking an aspect of Bush administration's excuse for invading Iraq. As reported at the time, Vice President Dick Cheney maintained that he had the power to declassify government secrets at will by virtue of an executive order issued by Bush. The Senate apparently believed that at the time, so it's difficult to pinpoint why things should be any different now.

Thus it is doubtful that release of purportedly 'classified' information about either the commando raid last year that killed Osama bin Laden in Pakistan, or past and present White House involvement in developing and deploying the Stuxnet computer worm can constitute a breach of executive power. Administrations have a long and storied history of using the press as a tool of propaganda to advance policies and positions. As well as for planting carefully crafted lies that may affect relations with other nations. The press both here and abroad has been more than willing to do its part, as exemplified by the recent Wall Street Journal revelation that Matsutaro Shoriki, head of the Yomiuri Shimbun, had worked closely with the CIA to promote nuclear power in Japan back in the 1950s…

Mr. Shoriki was many things: a Class A war criminal, the head of the Yomiuri Shimbun (Japan’s biggest-selling and most influential newspaper) and the founder of both the country’s first commercial broadcaster and the Tokyo Giants baseball team. Less well known, according to Mr. Arima, was that the media mogul worked with the CIA to promote nuclear power.
Apparently, Obama's admission that the U.S. government was responsible along with Israel for the Stuxnet worm has some in the Senate very upset. That could come down to questions of liability for damage once the worm escaped in the summer of 2010. It might have to do with the danger that Iran's new cyberwarfare initiative (in response to Stuxnet) could present. Or it might come down to concerns that could be raised about the U.S. strategic relationship with Israel highlighted by the Olympic Games project. The Times article provides details from a number of attendees of a tense Situation Room meeting just days after the worm escaped from Iran's Natanz uranium enrichment plant to infect computers worldwide via the internet…
An error in the code, they said, had led it to spread to an engineer’s computer when it was hooked up to the centrifuges. When the engineer left Natanz and connected the computer to the Internet, the American- and Israeli-made bug failed to recognize that its environment had changed. It began replicating itself all around the world. Suddenly, the code was exposed, though its intent would not be clear, at least to ordinary computer users.

“We think there was a modification done by the Israelis,” one of the briefers told the president, “and we don’t know if we were part of that activity.”

Mr. Obama, according to officials in the room, asked a series of questions, fearful that the code could do damage outside the plant. The answers came back in hedged terms. Mr. Biden fumed. “It’s got to be the Israelis,” he said. “They went too far.”

Obama decided at that meeting to keep going with the Olympic Games operation, and over the next weeks the Natanz plant was hit by newer versions of the worm, eventually destroying nearly 1,000 of 5,000 centrifuges (or closer to 2,000 centrifuges, depending on who you ask).

Meanwhile, internet computer sleuths and security experts were busy cracking the Stuxnet code, and quickly discovered its nature, target and likely origins. The above-mentioned Yomiuri Shinbun reported in October of 2010 that the worm, designed to infect German energy giant Siemens' widely used energy industry computer control and monitoring software [Simatic WinCC Step7], had been confirmed to have infected at least 63 computers in Japan. By January of 2011 the IAEA was hot on the case, as Reuters reported serious concerns about nuclear plant safety

Russia has urged NATO to investigate last year's Stuxnet attack on the Russian-built Bushehr nuclear plant in Iran, saying it could have triggered a disaster on the scale of the Chernobyl reactor explosion in Ukraine in 1986.

"Stuxnet, or cyber attack as a whole, could be quite detrimental to the safety of nuclear facilities and operations," [IAEA director general Yukiya] Amano, a soft-spoken veteran Japanese diplomat, said in an interview in his 28th-floor office in Vienna.

He acknowledged the IAEA had only limited knowledge about the computer worm, which some experts have described as a first-of-its-kind guided cyber missile.

The original Stuxnet worm was so targeted that it took industrial control system PLC [Programmable Logic Controller] engineers in Germany with extensive knowledge of Siemen's products to crack the "what does Stuxnet do?" question posted by the Symantec crew on their blog. It only took them three weeks to conclude that the worm had been created to target a single facility, rather than to silently wreak havoc in any industrial control system it infected…
"I was expecting some dumb DoS type of attack against any Siemens PLC," Langner later recalled. "So this was absolutely freaking. To see that somebody built such a sophisticated piece of malware - using four zero-day vulnerabilities, using two stolen certificates - to attack one single installation? That's unbelievable."
One of the German engineers, Ralph Langner, pinpointed the Iranian nuclear power plant at Bushehr as the target, not the now admitted (by Obama administration spokespersons) target of the centrifuge array at Iran's Natanz uranium enrichment plant. Nuclear power plants, even in Iran, do not do on-site uranium enrichment or fuel fabrication. It is unclear whether this finding reflects changes to the program added by the Israeli end of Olympic Games, but that does seem likely.

The "call home" aspect of the worm once it managed to infect a system meant that those on the receiving end could override the specificity of the original targeting if they so desired, and insert commands designed to take control of physical systems and monitoring at ANY facility the worm infiltrated. It seems apparent in the NYTimes article that there came a point in the game where the Americans 'lost control' to their partners in Israel, who had their own plans and goals for using the powerful weapon they'd helped to create.

This would help to explain IAEA director general Yukiya Amano's statement in early 2011 that the Stuxnet worm posed a threat to the safety of nuclear facilities in general and mentioning Bushehr in particular while saying nothing about the Natanz site.

As can be seen from the very excellent Wired article about cracking and tracking the Stuxnet worm, the computer systems security experts quickly surmised from the sophistication and specificity of the malware they were examining that they had stumbled upon some kind of super-secret state-sponsored cyberweapon. In fact, the Symantec investigators tracked file names embedded in the code that indicated Israel's involvement. Given Israel's involvement, it was a short leap of logic to surmise that U.S. clandestine agencies were likely involved as well. Still, their professional loyalties were to their customers scattered all over the world, so they published their results anyway…

Although the researchers didn't really believe their lives were at risk for exposing Stuxnet, they laughed nervously as they recalled the paranoia and dark humor that crept into their conversations at the time. O Murchu began noticing weird clicking noises on his phone, and one Friday told Chien and Falliere, "If I turn up dead and I committed suicide on Monday, I just want to tell you guys, I'm not suicidal."

The day news of the assassination plots broke, Chien joked to his colleagues that if a motorcycle ever pulled alongside his car, he'd take out the driver with a quick swerve of his wheels. When he left work that day and stopped at the first intersection, he was shaken - just for a moment - as he glanced in the rear-view mirror and saw a motorcycle pull up behind him.

In the end, the researchers discovered that there was an ending date embedded in the Stuxnet code, reminiscent of the "countdown" embedding discovered by Jeff Goldblum's character in the movie Independence Day. The worm was programmed to go dormant on June 24, 2012.

Thus it would seem that given the computer security world's now-common knowledge of the Stuxnet worm, their success in devising and distributing protections against it, their reverse engineering discoveries fairly pinpointing the responsible parties (Israel and the U.S.), and the self-termination code dated for later this month, bent noses in the U.S. Senate amount to a tempest in a teapot.

The truly important revelation in all this - the one that does speak loudly to the vulnerability of both computer-dependent national infrastructure and Fukushima-demonstrated dangers of reliance upon nuclear power generation - is that the Stuxnet worm is just the first wave of a whole new type of security challenge in the modern world, one that should inform us in no uncertain terms that earthquakes and tsunamis, "operator error" and lousy design/engineering are not the only threats we face.

One thing has not changed in the past ~60 years: nuclear technology is as much a desirable target of enemies as it is a desirable perk of power. The danger to populations and territory that we now know nuclear disasters present is reason enough to re-think our energy commitments for the future.

EMAIL TO A FRIEND X
Your Email has been sent.
You must add at least one tag to this diary before publishing it.

Add keywords that describe this diary. Separate multiple keywords with commas.
Tagging tips - Search For Tags - Browse For Tags

?

More Tagging tips:

A tag is a way to search for this diary. If someone is searching for "Barack Obama," is this a diary they'd be trying to find?

Use a person's full name, without any title. Senator Obama may become President Obama, and Michelle Obama might run for office.

If your diary covers an election or elected official, use election tags, which are generally the state abbreviation followed by the office. CA-01 is the first district House seat. CA-Sen covers both senate races. NY-GOV covers the New York governor's race.

Tags do not compound: that is, "education reform" is a completely different tag from "education". A tag like "reform" alone is probably not meaningful.

Consider if one or more of these tags fits your diary: Civil Rights, Community, Congress, Culture, Economy, Education, Elections, Energy, Environment, Health Care, International, Labor, Law, Media, Meta, National Security, Science, Transportation, or White House. If your diary is specific to a state, consider adding the state (California, Texas, etc). Keep in mind, though, that there are many wonderful and important diaries that don't fit in any of these tags. Don't worry if yours doesn't.

You can add a private note to this diary when hotlisting it:
Are you sure you want to remove this diary from your hotlist?
Are you sure you want to remove your recommendation? You can only recommend a diary once, so you will not be able to re-recommend it afterwards.
Rescue this diary, and add a note:
Are you sure you want to remove this diary from Rescue?
Choose where to republish this diary. The diary will be added to the queue for that group. Publish it from the queue to make it appear.

You must be a member of a group to use this feature.

Add a quick update to your diary without changing the diary itself:
Are you sure you want to remove this diary?
(The diary will be removed from the site and returned to your drafts for further editing.)
(The diary will be removed.)
Are you sure you want to save these changes to the published diary?

Comment Preferences

  •  Obama is tagging his work. (2+ / 0-)
    Recommended by:
    Joieau, kurt

    He is telling his world leader counterparts - this is my doing, and I'll do it to you if you don't watch out. It is his decision as to whether the declassifying of the action is in our best interests.  Congress doesn't seem to think that this particular president is a real president, with full presidential powers.

    •  That would be exceedingly stupid of Obama (3+ / 0-)
      Recommended by:
      Joieau, semiot, kurt

      since the U.S. has many more facilities using PLCs than any other country.

      •  I saw that (4+ / 0-)
        Recommended by:
        blueoasis, semiot, Sandino, kurt

        in the excellent - but very lengthy - Wired article. Which honestly reads like a Ludlum novel (and I loved Robert Ludlum). There was a sort of undercurrent of the bug getting away from them, something the U.S. end had not planned to occur. The confusion of targets from Natanz to Bushehr seems to have been the signal. And Joe Biden thought it was the Israelis, who had  managed to install themselves a 'back door' the American contingent didn't catch.

        Once it did get loose and the cyber-sleuths had figured out that it had to be state-sponsored, was there any good reason not to admit it? Patches and protections were deployed as quickly as that corner of the intertoobs could produce them, but with a back door that managed to get past the NSA, there could be no guarantee it wouldn't be used by its designers (or someone else who was aware of it) for more nefarious purposes, against all sorts of targets - and the U.S. is, as doc2 notes - is target-rich.

        Almost as if the allies in that project turned out not to be as trustworthy as first hoped, and our vulnerabilities made it necessary to 'out' the situation. But then again, Wired had already 'outed' it quite effectively...

        Might as well take credit, eh?

        •  Admit it, just maybe. Use it as a threat, stupid. (2+ / 0-)
          Recommended by:
          Joieau, kurt

          People who live in glass houses shouldn't throw rocks.

          •  The threat of cyberwarfare (2+ / 0-)
            Recommended by:
            Sandino, kurt

            is clear and present - hell, we are the ones who launched first. Analysis that suggests it was a way to prevent Israel from launching an Osirak-like attack on Natanz/Bushehr look to me to be grabbing at explanatory straws after the fact.

            That Iran (or any other rival in the world) could launch against us at any time is a given, whether or not the public is aware of the threat. Or knew anything about our own involvement in honing that threat. Stuxnet is the blueprint, and I don't doubt it has been duly analyzed and logged by everyone.

            These days the 'gub likes to let us believe China is a "Most Favored Nation," a big change from the red-baiting Cold War past. Yet the greatest number of cyber-fingers that get into our sensitive systems (related to NS) come from China. A lot of cyber-spooking also comes from Russia/Ukraine, but that's mostly for-profit mafia type crap. They're in it for the money these days...

  •  Bush and cyber attacks (6+ / 0-)
    Recommended by:
    Joieau, blueoasis, semiot, Hey338Too, Sandino, kurt

    Little noticed was this January 2012 article from Reuters. Almost six months earlier.

    US launched cyber attacks on other nations

    Mike McConnell, the former director of national intelligence at the National Security Agency under George W Bush, tells Reuters this week that cyber war is more than a distant possibility. According to the current vice chairman at Booz Allen Hamilton, the US has already launched attacks on the computer networks of other nations.

    McConnell did not add any input as to what countries have been hit with American cyber warfare in the past, but he did confirm that the US has already used the ability. When asked by Reuters if the United States had the capability to destroy the computer system of an adversary, McConnell responded “Yes.” When asked if it worked, he confirmed “yes” as well.

    It is possible to read the history of this country as one long struggle to extend the liberties established in our Constitution to everyone in America. - Molly Ivins

    by se portland on Wed Jun 27, 2012 at 06:31:18 AM PDT

  •  thanks for Wired link - great yarn! NT (3+ / 0-)
    Recommended by:
    Hey338Too, Joieau, kurt

    If you didn't like the news today, go out and make some of your own.

    by jgnyc on Wed Jun 27, 2012 at 07:49:13 AM PDT

    •  It truly is a great yarn, (1+ / 0-)
      Recommended by:
      kurt

      isn't it? I think the (possibly) most interesting part is when the Siemens experts got into the game, after the Symantec guys hit their knowledge wall. The Symantec guys did find the "call home" feature - it became one of their protective patches - but it took the Germans to trace that back to Israel. Note that it didn't trace back to NSA. Heck, I suspect the best our guys could do was nowhere near as sophisticated as what the Israelis managed, and that's why they missed the back door...

      What a delightfully twisted plotline! Or, it would be if Ludlum had written it. The fact that it's real is a little more worrisome. I'm thinking that the back door could as easily defeat the countdown, which expired three days ago. I surely wouldn't lay odds on it really being dead at this point...

  •  obama himself (1+ / 0-)
    Recommended by:
    Joieau

    wow, he's also a brilliant hacker, in addition to all the other brilliant things...

    lol

  •  Perhaps the problem is (2+ / 0-)
    Recommended by:
    Joieau, kurt

    If you are going declare war on cyber warfare while waging it, and all the double-think and double-talk that goes along with it.

    What about my Daughter's future?

    by koNko on Wed Jun 27, 2012 at 09:01:17 AM PDT

  •  Nothing like melting down an enemy's nukes (1+ / 0-)
    Recommended by:
    Joieau

    to deliver an atomic attack without fingerprints.

  •  Apparently the Democrat POTUS can't be (1+ / 0-)
    Recommended by:
    Joieau

    allowed to be POTUS without prior approval by Republicans. ?

    Are all Republicans idiotic or just some?

    McCain further charged that the revelations were designed "to enhance President Obama's image as a tough guy for the elections."
    Better than wearing a codpiece and flying onto an aircraft carrier like another potus I remember (Not My President).
  •  Flash: Obama Broke the Internet (1+ / 0-)
    Recommended by:
    Joieau

    That will be the FOX take on it after they make the story digestible for their viewers by running it through their patented Spin-O-Matic pablum excreting machine.

    Disclaimer: Weapons of Mass Destruction and terrorists may vary according to region, definition, and purpose. Belief systems pandered separately.

    by BlackBandFedora on Wed Jun 27, 2012 at 10:07:27 AM PDT

  •  I recall that the Clinton Administration (0+ / 0-)

    declassified the exact figures on the U and Pu inventory of one of the vaults at Argonne West. Both figures were in tonnes. Both figures were immediately reclassified a few weeks later. So even though I remember to maybe 500 kg what the figures were, I can't mention them anymore. Funny how that works, isn't it.

    Moderation in most things.

    by billmosby on Thu Jun 28, 2012 at 07:28:52 AM PDT

Subscribe or Donate to support Daily Kos.

Click here for the mobile view of the site