Feeds

US officials confirm Stuxnet was a joint US-Israeli op

Well, sure ... so why are you telling us, Mr President?

5 things you didn’t know about cloud backup

Cyberattacks on Iranian nuclear program were a US-Israel effort started under the Bush administration and continued by President Obama, The New York Times reports.

The confirmation from Obama-administration officials that Stuxnet was a joint US-operation comes from extracts from a forthcoming book, Confront and Conceal: Obama's Secret Wars and Surprising Use of American Power, by David Sanger that's due to be published next week.

The NYT teaser piece reports that Operation Olympic Games was devised as a means to throw sand in the works of Iran's controversial nuclear program. It was initially embarked upon in 2006 without much enthusiasm, as a preferable alternative to withdrawing objections against an Israeli air strike against Iran's nuclear facilities. There was little faith that either diplomacy or tougher economic sanction would work, especially since the international community might be expected to regard warning about another country developing weapons of mass destruction with extreme scepticism after the Iraq War debacle.

General James E Cartwright, head of a small cyberoperation inside the United States Strategic Command, developed the plan to create Stuxnet. The first stage involved planting code that extracted maps of the air-gapped computer networks that supported nuclear labs and reprocessing plants in Iran.

Development of the payload came next and involved enlisting the help of Unit 8200 – the Israeli Defence Force's Intelligence Corps unit – which had "deep intelligence about operations at Natanz", and the NSA. Bringing the Israelis on board was important not just for their technical skills but as a means to discourage a pre-emptive strike by Israel against Iranian nuclear facilities.

Keeping the Israelis on-side involved persuading them that the electronic sabotage by "the bug", as it was known, stood a good chance of succeeding. This involved destructive testing against P1 high-speed centrifuges, surrendered by the the former Libyan government of General Gaddafi when it abandoned its own nuclear programme back in 2003. Iran also used the same P-1 centrifuges, sourced from a Pakistani black market dealer.

Small scale tests were a great success, prompting a decision to plant the worm in Natanz using spies and unwitting accomplices (from engineers to maintenance workers) with physical access to the plant, around four years ago in 2008.

Operation Olympic Games proved successful at infecting industrial control systems and sabotaging high-speed centrifuges while getting the Iranians to blame themselves or their suppliers for the problems.

Obama allowed the operation to continue even after the Stuxnet code escaped from Iran’s Natanz plant back in 2010, via an engineer's computer, allowing the code to begin replicating across the net, something only possible due to a design mistake. Obama gave the go-ahead for the continuation of the scheme, with the development of fresh version of Stuxnet, after hearing the the malware was still causing destruction.

Sanger's account of the joint US-Israeli effort to develop Stuxnet is based on interviews with current and former US, European and Israeli officials involved in the (still secret) program.

The US government only recently admitted the existence of programs to develop offensive cyberweapons, and has never admitted using them. There's was discussion about using electronic attacks against Libyan air defence systems in the run-up to NATO-led air attack against the Gaddafi regime last year but that option was rejected.

The US relies more heavily on technology than almost any other country in the world and is much more vulnerable to cyber-weapons than most. Using cyber-weapons, even if they were narrowly targeted and closely controlled, could enable hostile government or hackers to justify electronic attacks against US interests.

Stuxnet is back in the news because of this week's publicity about the Flame worm, a cyber espionage toolkit that infected computers in Iran and elsewhere in the Middle East. US officials told Sanger that Flame was not part of Olympic Games, while declining to say whether or not the US was behind the headline-grabbing attack.

Industry experts had long speculated that Stuxnet, which involved the use of zero-day exploits and knowledge of industrial control systems, was a state-sponsored project highly unlikely to have been the work of criminal hackers. A US-Israeli joint project was widely rumoured to have led to the creation of Stuxnet.

Sanger's research is more evidence in support of this theory and the only real question is why officials have begun talking about the secret spy op.

The reasons could be political, security experts speculate.

"Obama wanted to get credit for Stuxnet, as that makes him look tough against Iran," said Mikko Hypponen, chief research officer at F-Secure. "And he needs that as Presidential elections are coming." ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
Ice cream headache as black hat hacks sack Dairy Queen
I scream, you scream, we all scream 'DATA BREACH'!
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Researchers camouflage haxxor traps with fake application traffic
Honeypots sweetened to resemble actual workloads, complete with 'secure' logins
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
JLaw, Kate Upton exposed in celeb nude pics hack
100 women victimised as Apple iCloud accounts reportedly popped
New Snowden leak: How NSA shared 850-billion-plus metadata records
'Federated search' spaffed info all over Five Eyes chums
Three quarters of South Korea popped in online gaming raids
Records used to plunder game items, sold off to low lifes
Oz fed police in PDF redaction SNAFU
Give us your metadata, we'll publish your data
prev story

Whitepapers

Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Advanced data protection for your virtualized environments
Find a natural fit for optimizing protection for the often resource-constrained data protection process found in virtual environments.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.