Monday, January 17, 2011

NY Times: US involved in Stuxnet

As far as I can see, the NY Times is burying the lead in this story.  I think the most important news is:
Though American and Israeli officials refuse to talk publicly about what goes on at Dimona, the operations there, as well as related efforts in the United States, are among the newest and strongest clues suggesting that the virus was designed as an American-Israeli project to sabotage the Iranian program.

In recent days, the retiring chief of Israel’s Mossad intelligence agency, Meir Dagan, and Secretary of State Hillary Rodham Clinton separately announced that they believed Iran’s efforts had been set back by several years. Mrs. Clinton cited American-led sanctions, which have hurt Iran’s ability to buy components and do business around the world.

The gruff Mr. Dagan, whose organization has been accused by Iran of being behind the deaths of several Iranian scientists, told the Israeli Knesset in recent days that Iran had run into technological difficulties that could delay a bomb until 2015. That represented a sharp reversal from Israel’s long-held argument that Iran was on the cusp of success.

The biggest single factor in putting time on the nuclear clock appears to be Stuxnet, the most sophisticated cyberweapon ever deployed.

In interviews over the past three months in the United States and Europe, experts who have picked apart the computer worm describe it as far more complex — and ingenious — than anything they had imagined when it began circulating around the world, unexplained, in mid-2009.

Many mysteries remain, chief among them, exactly who constructed a computer worm that appears to have several authors on several continents. But the digital trail is littered with intriguing bits of evidence.

In early 2008 the German company Siemens cooperated with one of the United States’ premier national laboratories, in Idaho, to identify the vulnerabilities of computer controllers that the company sells to operate industrial machinery around the world — and that American intelligence agencies have identified as key equipment in Iran’s enrichment facilities.

Seimens says that program was part of routine efforts to secure its products against cyberattacks. Nonetheless, it gave the Idaho National Laboratory — which is part of the Energy Department, responsible for America’s nuclear arms — the chance to identify well-hidden holes in the Siemens systems that were exploited the next year by Stuxnet.
The whole thing is very well worth reading to get a sense of what's involved in a serious nation-state level cyber-attack.  If the NYT's sources are correct, it's unfortunate that the American role has become public. People living in glass houses shouldn't throw stones. If they insist on doing so, they should at least do it in the dead of night and be very careful not to get caught.

1 comment:

kjmclark said...

The alternative was missile/air strikes. Talk about throwing stones.

Nobody in the Middle East (except Iran) wants Iran to get the bomb. And it's not really a secret that axis-of-evil Iran is considered an unfriendly nation. Iran would have, and will, retaliate regardless of how we or the Israelis set back their weapons program. But it's an open secret at this point that we or Israel did it, and that it was effective. No one besides Iran seems to be too upset about it.

As you're alluding to, the problem for us is that we've now demonstrated how to make a surgical cyberattack work. Let's just hope the Chinese or Russians don't have a reason to show us the other edge of that scalpel soon.