Feeds

US officials confirm Stuxnet was a joint US-Israeli op

Well, sure ... so why are you telling us, Mr President?

Boost IT visibility and business value

Cyberattacks on Iranian nuclear program were a US-Israel effort started under the Bush administration and continued by President Obama, The New York Times reports.

The confirmation from Obama-administration officials that Stuxnet was a joint US-operation comes from extracts from a forthcoming book, Confront and Conceal: Obama's Secret Wars and Surprising Use of American Power, by David Sanger that's due to be published next week.

The NYT teaser piece reports that Operation Olympic Games was devised as a means to throw sand in the works of Iran's controversial nuclear program. It was initially embarked upon in 2006 without much enthusiasm, as a preferable alternative to withdrawing objections against an Israeli air strike against Iran's nuclear facilities. There was little faith that either diplomacy or tougher economic sanction would work, especially since the international community might be expected to regard warning about another country developing weapons of mass destruction with extreme scepticism after the Iraq War debacle.

General James E Cartwright, head of a small cyberoperation inside the United States Strategic Command, developed the plan to create Stuxnet. The first stage involved planting code that extracted maps of the air-gapped computer networks that supported nuclear labs and reprocessing plants in Iran.

Development of the payload came next and involved enlisting the help of Unit 8200 – the Israeli Defence Force's Intelligence Corps unit – which had "deep intelligence about operations at Natanz", and the NSA. Bringing the Israelis on board was important not just for their technical skills but as a means to discourage a pre-emptive strike by Israel against Iranian nuclear facilities.

Keeping the Israelis on-side involved persuading them that the electronic sabotage by "the bug", as it was known, stood a good chance of succeeding. This involved destructive testing against P1 high-speed centrifuges, surrendered by the the former Libyan government of General Gaddafi when it abandoned its own nuclear programme back in 2003. Iran also used the same P-1 centrifuges, sourced from a Pakistani black market dealer.

Small scale tests were a great success, prompting a decision to plant the worm in Natanz using spies and unwitting accomplices (from engineers to maintenance workers) with physical access to the plant, around four years ago in 2008.

Operation Olympic Games proved successful at infecting industrial control systems and sabotaging high-speed centrifuges while getting the Iranians to blame themselves or their suppliers for the problems.

Obama allowed the operation to continue even after the Stuxnet code escaped from Iran’s Natanz plant back in 2010, via an engineer's computer, allowing the code to begin replicating across the net, something only possible due to a design mistake. Obama gave the go-ahead for the continuation of the scheme, with the development of fresh version of Stuxnet, after hearing the the malware was still causing destruction.

Sanger's account of the joint US-Israeli effort to develop Stuxnet is based on interviews with current and former US, European and Israeli officials involved in the (still secret) program.

The US government only recently admitted the existence of programs to develop offensive cyberweapons, and has never admitted using them. There's was discussion about using electronic attacks against Libyan air defence systems in the run-up to NATO-led air attack against the Gaddafi regime last year but that option was rejected.

The US relies more heavily on technology than almost any other country in the world and is much more vulnerable to cyber-weapons than most. Using cyber-weapons, even if they were narrowly targeted and closely controlled, could enable hostile government or hackers to justify electronic attacks against US interests.

Stuxnet is back in the news because of this week's publicity about the Flame worm, a cyber espionage toolkit that infected computers in Iran and elsewhere in the Middle East. US officials told Sanger that Flame was not part of Olympic Games, while declining to say whether or not the US was behind the headline-grabbing attack.

Industry experts had long speculated that Stuxnet, which involved the use of zero-day exploits and knowledge of industrial control systems, was a state-sponsored project highly unlikely to have been the work of criminal hackers. A US-Israeli joint project was widely rumoured to have led to the creation of Stuxnet.

Sanger's research is more evidence in support of this theory and the only real question is why officials have begun talking about the secret spy op.

The reasons could be political, security experts speculate.

"Obama wanted to get credit for Stuxnet, as that makes him look tough against Iran," said Mikko Hypponen, chief research officer at F-Secure. "And he needs that as Presidential elections are coming." ®

Gartner critical capabilities for enterprise endpoint backup

More from The Register

next story
Microsoft: We plan to CLEAN UP this here Windows Store town
Paid-for apps that provide free downloads? Really
Snowden on NSA's MonsterMind TERROR: It may trigger cyberwar
Plus: Syria's internet going down? That was a US cock-up
Who needs hackers? 'Password1' opens a third of all biz doors
GPU-powered pen test yields more bad news about defences and passwords
e-Borders fiasco: Brits stung for £224m after US IT giant sues UK govt
Defeat to Raytheon branded 'catastrophic result'
Hear ye, young cyber warriors of the realm: GCHQ wants you
Get involved, get a job and then never discuss work ever again
Chinese hackers spied on investigators of Flight MH370 - report
Classified data on flight's disappearance pinched
Microsoft cries UNINSTALL in the wake of Blue Screens of Death™
Cache crash causes contained choloric calamity
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
7 Elements of Radically Simple OS Migration
Avoid the typical headaches of OS migration during your next project by learning about 7 elements of radically simple OS migration.
BYOD's dark side: Data protection
An endpoint data protection solution that adds value to the user and the organization so it can protect itself from data loss as well as leverage corporate data.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?