New theory: Stuxnet was actually created by … China?

posted at 9:55 pm on December 15, 2010 by Allahpundit

Darned compelling, and darned depressing. Not only because it snatches away our vicarious pride in U.S./Israeli ingenuity, but it feeds into western jitters about Chinese omnicompetence. Why, I’ll bet it was those Shanghai teens who cooked this thing up. During recess.

The circumstantial evidence is impressive. Just one question: Why would China do it?

China has an intimate knowledge of Iran’s centrifuges since, according to one source quoted above, they’re of Chinese design.

China has better access than any other country to manufacturing plans for the Vacon frequency converter drive made by Vacon’s Suzhou facility and specifically targeted by the Stuxnet worm (along with an Iranian company’s drive). Furthermore, in March 2010, China’s Customs ministry started an audit at Vacon’s Suzhou facility and took two employees into custody thereby providing further access to Vacon’s manufacturing specifications under cover of an active investigation.

China has better access than any other country to RealTek’s digital certificates through it’s Realsil office in Suzhou and, secondarily, to JMicron’s office in Taiwan.

China has direct access to Windows source code, which would explain how a malware team could create 4 key zero day vulnerabilities for Windows when most hackers find it challenging to develop even one.

That’s four pieces of evidence. Read the whole story and you’ll see that there’s more; plus, and needless to say, when it comes to cyberwar hijinks in the past few years, the Chinese are usually a safe bet as the culprits. As for the motive, the author speculates that this was China’s way of hedging its bets, supporting Iran publicly in the west’s drive for sanctions while secretly decapitating its potentially worrisome nuclear ambitions. That would also explain why the worm inexplicably became detectable by cybersecurity experts even though it was designed to be invisible. China, the theory goes, wanted the worm to be discovered because it knew the U.S. and Israel would be blamed. Why not stir up a little extra antagonism in the Muslim world towards the west by letting people draw the obvious, yet wrong, conclusion?

So why doubt that it was China? Well, remember, it supposedly took up to 10,000 days of labor for the Stuxnet team to put this together. The U.S. and (especially) Israel have a motive to invest that kind of time to stop Iran, but the Chinese really don’t. On the contrary, as unpredictable as a nuclear Iran would be, it’s a safe bet that its antagonism would be directed towards the west, which could be a useful distraction to the Chinese down the road when they need American attention drawn elsewhere. Plus, if the Chinese really are so far advanced in cyberwarfare that they’re capable of building a superworm that the U.S. and Israelis aren’t — one which allegedly has set Iran back at least two years — why on earth would they show their cards by attacking an ostensible ally? Iran’s small potatoes for a superweapon like that. Better to keep their trade secrets secret for use later against, oh, I don’t know, say … American infrastructure?

The only credible scenario I can come up with for why China might have done it (or at least participated in a secret international program) is if they truly feared that either the U.S. or Israel was about to attack Iran, which would mean all hell breaking loose in the Middle East and god knows what happening to oil supplies. Could western governments have used that threat to pressure them into providing the sort of information described above in the excerpt? Or, as I’ve long suspected, was this indeed the handiwork of cyborg time travelers sent from the future to save us from Iranian nuclear armageddon? All theories welcome.


Related Posts:

Breaking on Hot Air

Blowback

Note from Hot Air management: This section is for comments from Hot Air's community of registered readers. Please don't assume that Hot Air management agrees with or otherwise endorses any particular comment just because we let it stand. A reminder: Anyone who fails to comply with our terms of use may lose their posting privilege.

Trackbacks/Pings

Trackback URL

Comments

China delays WW3! … (For two years).

Ya hear that, muzzies? The Chicoms are messin’ with you guys. I think you should focus all of your energy on them!

Tony737 on December 15, 2010 at 10:01 PM

My money is still on the Russians. They sold the crap to Iran. The most profitable part of selling electronics? Selling the stuff that fixes what you sold them to begin with.

Rocks on December 15, 2010 at 10:01 PM

yeah…well, so maybe they made the Stuxnet worm but who the hell made the sticky bombs that blew that physicist all to hell, now thems some skills!!@!/

BTW, this is compelling as hell.

ted c on December 15, 2010 at 10:02 PM

China needs oil. End of story.

SouthernGent on December 15, 2010 at 10:05 PM

Oil OIL OIL

China is obsessed with tying down resources. They will pay through the nose if the Persian Gulf is shut down.

KW64 on December 15, 2010 at 10:07 PM

Furthermore, in March 2010, China’s Customs ministry started an audit at Vacon’s Suzhou facility and took two employees into custody

Here’s another against: the worm has been screwing them up for a little less than two years, not since March.

Coincidentally, an Iranian nuclear scientist defected to the US early in 2009, but went back in June. He would have most, if not all of that same information about the centrifuges. Not quite a match, but pretty close. And we have the zero-day information, too.

JeffWeimer on December 15, 2010 at 10:08 PM

the author speculates that this was China’s way of hedging its bets, supporting Iran publicly in the west’s drive for sanctions while secretly decapitating its potentially worrisome nuclear ambitions.

Maybe its a way to keep Iran strung up by the short n’ curlies (and maybe a lesson to the US *yikes*). If the Chinese pushed the pause button on the Iranian nuke program for two years, that’s they’re way of saying “not yet” to Iran’s ambitions which may not align with the Chinese timeline (ie, until its Navy is more operational). China is working fast and furiously and may, by proxy, be controlling the stakes in the Middle East and isn’t ready for a full-up arms race when they can’t deal with it nautically (yet).

The lesson to the US is that China owns all its sh!t, the Panama Canal, and is regularly bumping the Pentagon cyber networks and might have the capability to down satellites as well so *not so fast on anything US*. If the Chinese bump us hard, blind our satellite networks x 24 hours, and foment a simultaneous economic doom, then count it baby, you better start learning how to read up and down on the pages, cuz we’re scroomed.

ted c on December 15, 2010 at 10:09 PM

Why would China do it?

Because the Chinese like to play with their food…

Seven Percent Solution on December 15, 2010 at 10:10 PM

When you say that China doesn’t have any reason to fear an Iranian bomb, you’re taking too short and narrow a view.

First, China has its own Muslim insurgency.

Second, if Iran gets the bomb, it could lead to a wholesale abandonment of international efforts to prevent proliferation. If there’s a rush by smaller nations to develop their own bombs, then Taiwan will be one of the early success stories.

Iran’s bomb program is a threat to the whole world, in the long run. China is part of the world. QED.

Steven Den Beste on December 15, 2010 at 10:11 PM

Forgive me, but….

isn’t this just really US?

I assumed all these “China! Russia! EU!” rumors were just rumors designed to freak out the Iranians and spread the blame around. I assumed all along (and even now) that yes, it’s actually the good old US-of-A doing the same dirty work we’ve secretly done against all our enemies covertly…. we did the same sort of sabotage against the USSR for years, and blamed other ‘rouge elements’.

My money is on our military.

Our government? No way. But our military? Yes way.

picklesgap on December 15, 2010 at 10:11 PM

face it Iran. You beotches are getting used. Your scientists are getting thwacked, your centrifuges are junked, and the dude in the well, he ain’t coming out anytime soon….

aw.

ted c on December 15, 2010 at 10:13 PM

Bill Gates and Michael Dell did it. Scrap all the machines and sell Winders 8.2,big cash cow, good ROI and the cyborgs get the blame along with the Humpbot who has not been seen for weeks.
Option two ,the kids at recess is probably not as funny as it sounds given the current lack of education in the states.

Col.John Wm. Reed on December 15, 2010 at 10:15 PM

I do think Russia is involved. They want to go through Georgia again and may be acting to pressure China to keep Iran under their thumb. Apparently, Iran is so unstable that Russia may not be able to directly influence Iran as to her intentions and is acting through China to do so???

ted c on December 15, 2010 at 10:16 PM

A nuclear Iran is bad news for everybody. China knows that Obama is an incompetent when it comes to anything of importance. Nice to see (if it’s true) that the ChiComms can do something useful for the world.

Tommy_G on December 15, 2010 at 10:18 PM

good thing our Congress has the development of such cyberweapons on the forefront of its work on the military….oh wait. they’re looking to push a social agenda…I’m sure the Chinese are really impressed../

ted c on December 15, 2010 at 10:18 PM

Iran was the testing ground for their cyber-warfare group. As noted, Stuxnet can be modified to attack U.S. facilities and equipment. But they needed a proof-of-concept first. Now that they know it works….

nukemhill on December 15, 2010 at 10:19 PM

Seems like it fails the Occam’s Razor to me. Why would China impede Iran’s pursuit of the bomb but let the Norks run loose? It would seem to me that the DPRK is much more of an existential issue for China than Iran.

My money’s still on some kind of US/IDF collaboration.

Purple Fury on December 15, 2010 at 10:20 PM

Most interesting. Our very own J E Dyer, back in September, suggested that it might have been the Chinese.

Of the nations that could have pulled this off, however, there is one that might have a reason to target the three most-infected countries in particular, and that’s China.

audiculous on December 15, 2010 at 10:22 PM

if they truly feared that either the U.S. or Israel was about to attack Iran, which would mean all hell breaking loose in the Middle East and god knows what happening to oil supplies.

No one can afford an interruption of Mideastern oil as evidenced by the Wests near decade old kabuki play of The Great War On WTF?. The oil ticks and Islam are like a tumor on a major valve of the worlds economic life force. It has been deemed inoperative but able to be appeased.

The Chinese are pragmatic and are probably also behind the Climategate data spill. The world is an odd an interesting nut house. I love the Lords black sense of humor too.

BL@KBIRD on December 15, 2010 at 10:28 PM

..that totally explains the 10,000 man hours…

runner on December 15, 2010 at 10:32 PM

Not surprising. Iran is a pimple on the arse on the World Stage. China? Not a quite the pimple… It’s a goiter.

Key West Reader on December 15, 2010 at 10:33 PM

China has better access than any other country to RealTek’s digital certificates through it’s Realsil office in Suzhou and, secondarily, to JMicron’s office in Taiwan.

Why would China have great access to certificates in Taiwan? Taiwan is hardly likely to cooperate with the Chinese. Credibility takes a huge hit right there.

AZfederalist on December 15, 2010 at 10:35 PM

Are there MicroSoft experts in China?

I seem to remember reading that these programs are controlled by MS programs. I know MS has huge holes, but this is more than just a good hacker with programming skills.

Kini on December 15, 2010 at 10:36 PM

Oil OIL OIL

China is obsessed with tying down resources. They will pay through the nose if the Persian Gulf is shut down.

KW64 on December 15, 2010 at 10:07 PM

Correctamundo. Red China’s economy is very dependent on ME oil, and their navy is in no shape to go and get it if the Arabian Gulf is closed.

Re the 10,000 man-days, that’s only twenty people working a year or two, it’s just not a big deal. Red China likely has many thousands deeply involved in cyberwarfare, and have for the last ten years or so.

Re the March 2010 audit in China, that’s way too late to be relevant. The Stuxnet first surfaced in Summer of 2009. One of the virus companies went back through archives and found it in material from that date, though at the time it was not recognized for what it was. That means the project was started mid-2008, earliest.

slickwillie2001 on December 15, 2010 at 10:37 PM

Strategically they THINK they have the world by teh nutz. Financially they are going to go bust. Militarily they have no strength against the Forces of the USA.

Watch Russia and do NOT ratify START. That is just foolish, like our whatchamacallit that reads the daily teleprompter.

Key West Reader on December 15, 2010 at 10:40 PM

not the Russians by the way, the are the ones who unraveled the whole thing…bastards

runner on December 15, 2010 at 10:41 PM

*they are*

runner on December 15, 2010 at 10:41 PM

Kini on December 15, 2010 at 10:36 PM

Allegedly, they attacked our power grid this past summer. For some odd reason, I fail to believe it because … uh… Media Matters said we’re supposed to be aware that China attacked our power grid and we are supposed to be afraid of China, and Dag Nabbit we must be afraid of China.

/Cower in fear …. Now! You farking peasants! Cower! Now! In Fear!\

Poor Soros is sharting in his diaper because we have failed to cower in fear.. Fear, I tells you!

Key West Reader on December 15, 2010 at 10:45 PM

If Steve McGerret,Hawaii 5 0 show,old school,
he would have the codes,and the goons,and Wo
Fat would be pissed!!

Oh crap,it was a computerlas era,ah screw it,close enough!
(snark).

canopfor on December 15, 2010 at 10:47 PM

IF China is the author, I suggest the target may have been North Korea. Because the NKs are helping Iran build its nuclear program, they unknowingly infected Iran. Iran only discovered Stuxnet through the help of a bright IT analyst from Belarus. The nuclear programs of NK and Iran are likely identical. The NKs are not bright enough to find it, and may still be in the dark. The infection records that show countries vs incidents is meaningless wrt a backward country like NK.

Red China likes having NK to keep the USA occupied, but they are not so foolish to want them armed with real deployable nuclear weapons.

Evidence to the contrary -the US is not in a full panic over this, from what we see. If Red China did this, it is really bad for us. Either we did it or we know that Israel did it.

slickwillie2001 on December 15, 2010 at 10:48 PM

Just one question: Why would China do it?

Because they can….

China could still have done this to Iran for a test run.
Letting the so called “cat out of the bag” does not mean we could stop it…..
….and this cyber war technique could be used as leverage between super powers just like a weapons system is.

Baxter Greene on December 15, 2010 at 10:48 PM

Oh crap,it was a computerlas era,ah screw it,close enough!
(snark).

canopfor on December 15, 2010 at 10:47 PM

McGyver already fixed that shart with a rubber band, paper clip and a straw from The McDonalds Corporation. Which got an Evil Corporate I Hate Black People and I make Fat People Hate Black People waiver from the Unconstitutional ObamaCare Unconstitutional Grab Yer Constitution for a refrence Health Plan Care!

/

Key West Reader on December 15, 2010 at 10:51 PM

….and this cyber war technique could be used as leverage between super powers just like a weapons system is.

Baxter Greene on December 15, 2010 at 10:48 PM

Meh… It’s all a bunch of shiite. China is still a poor country with a monetary system that is blinding the rest of the world to the truth.

We’re broke. It’s because of the Unions. We’ll abolish the Unions and we’ll end up with street fights and burning green-cars, and then we’ll win and everyone will remember how the Unions tried to destroy societies, continents, economies, middle class people, lower class people, schools, fire departments, police departments, cities, counties, towns and States.

And there will come a day when we will realize that when Al Capone died, Unions became legalized organized crime.

And all will be well with our world. Amen.

Key West Reader on December 15, 2010 at 10:58 PM

canopfor on December 15, 2010 at 10:47 PM
===============================
McGyver already fixed that shart with a rubber band, paper clip and a straw from The McDonalds Corporation. Which got an Evil Corporate I Hate Black People and I make Fat People Hate Black People waiver from the Unconstitutional ObamaCare Unconstitutional Grab Yer Constitution for a refrence Health Plan Care!

/

Key West Reader on December 15, 2010 at 10:51 PM

Key West Reader:Thats a helluva plot liner,into Hopeys
Criminal HealthCare Adventure,haha!:)

canopfor on December 15, 2010 at 11:11 PM

So then,its the Chinese Super Stealth Weapon System that
was hovering over the Missile silos shutting them down,
and opening the concrete silo cover thingys!!
(sarc).

canopfor on December 15, 2010 at 11:14 PM

I don’t buy that the Chinese did it for a minute.

I fully believe that’s disinformation. From what I’ve read, the Chinese are good, but the US owns the most capable offense, at least for now and the near future (we are not, however, much able to defend ourselves . . .).

BLOC on December 15, 2010 at 11:24 PM

The flaw in the circumstantial “China wanted to blame the West” argument is that it cuts both ways. It makes just as much sense to say that Israel/US made took pains to ensure that all the vulnerabilities could plausibly be linked to China, so that if Stuxnet was exposed they would have plausible deniability. That’s the problem with conspiracy theories: by definition accounting for everything allows you to spin disproof as proof.

The tie-breaker should be geopolitical interest, and in that case Israel/US had a huge motive while China – per AP’s post – would benefit by sowing a little instability in Central Asia and distracting the US. Plus China could be confident that Iran would never interfere in _it’s_ sphere of influence, since the Chicoms play by different rules than the US and the Brits.

omriceren on December 15, 2010 at 11:24 PM

Dunno who did it, but Stuxnet is way cool-this is like watching a James Bond in real life…but I’m with AP on this, my money is on Israel maybe in collaboration with the US.

Frankly I don’t think it goes far enough, Iran’s nuke program needs to be taken out and more importantly their psychotic regime-Iranians will thank us and the world will be a better place. In fact take out all the radical Islamic supremacists for global peace.

thinkagain on December 16, 2010 at 12:16 AM

*movie

thinkagain on December 16, 2010 at 12:17 AM

and more importantly their psychotic regime-Iranians will thank us and the world will be a better place

think again, thinkagain.

I remember a big bunch of ignorant fools and/or liars telling us how the Iraqis were going to thank us for invading their country and taking out that psycho regime.
Not much thanks from them, so thinkagain, when you think that the Iranians will thank us, think again.

The vile Iranian theocrats are a blight on the world, but it’s not our job to go into their country and “take them out” at this point.

audiculous on December 16, 2010 at 12:31 AM

Well duh. These days China eats lightning and craps rainbows. Just ask Friedman and friends.

Grayson on December 16, 2010 at 12:57 AM

Not buying it.

China has been a pain the ass with their cyber attacks for sure, but the motives don’t compete with Israel.

Anyone who’s been reading the Jerusalem Post or any Israeli publication since 2004, knows that Israel has a major investment with Iran.

Unit 8200 is ridiculous. On par, or better than the NSA – and I don’t say that lightly. If anyone has been working on a project to f*ck up the Iranian nuclear program, it’s been the Israelis.

You-Eh-Vee on December 16, 2010 at 1:08 AM

It wasn’t China. It was us. That’s why we haven’t bombed them. We knew the worm was there. Knew. Our intelligence agencies are too crappy. If we were relying on intelligence alone, we’d have bombed them.

trigon on December 16, 2010 at 2:29 AM

Its not USA. We don’t have those kinda smarts or desire anymore. Look at the crap we have running this place. Do you think for one minute that Mr. Erkel would authorize this?

UncleZeb on December 16, 2010 at 2:59 AM

For all we know, it was a joint Chinese-Israeli operation. China has a pragmatic view of geopolitics, and the Jews love Chinese take-out – it’s just a natural pairing.

Hard to imagine Obama authorizing US involvement in such a plan, assuming anyone would mention it to him.

Adjoran on December 16, 2010 at 6:30 AM

Iran was an A/B test. NDA in place, project timeline verified, scoping complete, deal closed let’s go to Shanghai for hookers and blow!

Alden Pyle on December 16, 2010 at 6:38 AM

Somebody, remind me again, of the wisdom of having China manufacture avionic components used in American military aircraft?

bloviator on December 16, 2010 at 8:35 AM

Just one question: Why would China do it?

1) China is interested in getting rich. Getting Iranian oil money via nuclear technology that not many else would sell them is a great way to get lots of money.

2) China really doesn’t want a nuclear armed Iran. Why?
Because of Muslim fundamentalism in the Balkans and Chechnya. Whatever the origins of those conflicts, radical Muslims have joined up with them. And China has its own Muslim issue — the Uyghurs. It’s a very dangerous game, but China has a 5,000 year history.

rbj on December 16, 2010 at 8:48 AM

Meh… It’s all a bunch of shiite. China is still a poor country with a monetary system that is blinding the rest of the world to the truth.

Key West Reader on December 15, 2010 at 10:58 PM

Come visit us in Shanghai and you might go home with a different view. It’s not all dirt-poor peasants anymore.

DarkCurrent on December 16, 2010 at 8:53 AM

It was just an actual accidental glitch in the softwar. They should get a refund at Comp USA.

seven on December 16, 2010 at 9:08 AM

The final piece of the Stuxnet strategy is to make sure the blame gets fixed on one of your enemies….

moc23 on December 16, 2010 at 9:16 AM

Why haven’t they called the Geek Squad?

Yoop on December 16, 2010 at 9:18 AM

An ad for “D-List, the gay social network”?

Great.

Is there no escaping these people?

greggriffith on December 16, 2010 at 9:19 AM

The final piece of the Stuxnet strategy is to make sure the blame gets fixed on one of your enemies….

Exactly. People smart enough to pull off this awesome project are smart enough to point the blame elsewhere. I’m thinking more likely Israel’s Mossad, but very likely with covert US assistance. Israel has the most immanent danger from a nuclear Iran.

swede7 on December 16, 2010 at 10:02 AM

If this virus as good as it seems then the builders let it be found,and in fixing it, the virus actually spreads version 2 so that it can morph and launch again.
We best get the US power grid a way to disconnect fast so that we are not the next country that is hit.We may have to actually go back to something from the late 19th early 20th century,something not taught in the Ivy League or colleges anymore.
STATIONARY ENGINEERS.

Col.John Wm. Reed on December 16, 2010 at 10:34 AM

While I am not anti-technology, I was a nuclear and fossil power plant startup engineer, we have placed too much of our infrastructure under total control of technology; technology fairly easily taken out of service by computer viruses or other types of sabotage. We are evermore removing the ability to bypass technology to operate facilities, probably because of cost, and at the same time those who have “MacGyver” capabilities, like me, are become few and far between. I have seen cascading events at power plants that shut them down without operators (now reduced in number due to automation/labor costs) being able to bypass the failed component(s) to allow manual control and continued operation of the facility. Our entire country is becoming the same way. Look around your house and see what depends on electricity. Heck, the towel dispensers and faucets in restaurants are becoming electricity dependent.

Take a home’s gas kitchen stove as a simple example. Very relievable and those operating off of propane are independent of our infrastructure as long as there is enough liquid propane in the bottled to provide gas for a flame. Or is it. The new stoves require electricity to light the flame. Oh, well just use a match. Well many do not smoke anymore so who has a stock pile of matches or lighters and fluid. Well use a small generator to provide electricity, but how many have those and gasoline would quickly be in short supply and gas station pumps require electrical power too. And the matches today are mostly the NOT strike on any surface type for PC safety reasons and those matches deteriorate fairly fast in a non-controlled environment. So even if you have a propane stove you shouldn’t feel too secure unless you have the other “things” necessary to support it. A gas/propane home heater has similar problems. Just saying.

amr on December 16, 2010 at 11:08 AM

Heres another reason:

When China delays or “sets Iran back 2 years” – guess who gets the next order???

China.

On one hand – publically support Iran, while behind the scenes, srew with them, take the heat off of you – then resell the same tech your designed worm destroyed.

Rinse and repeat.

I also believe the “it wasnt the person who you thought it was, but rather a non antagonistic appearing person within the story line” has been used ad nauseum by Hollywood movies, books, TV shows, etc. etc.

Odie1941 on December 16, 2010 at 11:11 AM

It was developed by gay Chinese soldiers. We must repeal DADT to close the ever widening “Gay Gap”! Gays, is there anything they can’t do?

Mason on December 16, 2010 at 11:52 AM

Oil OIL OIL

China is obsessed with tying down resources. They will pay through the nose if the Persian Gulf is shut down.

KW64 on December 15, 2010 at 10:07 PM

Bingo.

Iran without nukes means that the ME is “relatively” peaceful and spurting out large quantities of OIL.

Iran with nukes means that the ME is controlled by religious fanatics who can dictate who gets oil where, when and by how (much).

BowHuntingTexas on December 16, 2010 at 12:36 PM

Eh, not feeling it. If Israel was destroyed by an Iranian nuclear attack, it would be horrific, but that would weaken the US and thus be a desirable outcome for China. They’ve already starved and murdered millions of their own people throughout history, why should the Chinese government care about a few million Jews?

“But what about when the Islamists turn those nukes on the Chinese?”

Hey, I don’t take it for granted that these guys are thinking that far ahead, or even that they’re really all that smart. I think that’s what snags a lot of conspiracy theorists–they underestimate the stupidity of the human race as a whole, and its tendency to succumb to pure and simple bad luck. China’s efforts to aid and abet Iran’s nuclear ambitions could be the dumbest mistake their leaders have ever made, and they won’t realize it until it’s far too late to do anything about it.

And anyway, what, did China do that hit on those Iranian scientists, too? Sure they did.

R. Waher on December 16, 2010 at 9:53 PM

Don’t know if anyone has mentioned this already, but…
10,000 man-days are small fries.

10000 divided by a year … let’s say 250 work days, equals 40, meaning that it was a team of 40 people working for a year. Sounds about right for a normal medium-sized project.

As for Allahpundit’s analysis why it might or might not be China, compelling reasoning but all the pro/con speculation cancels each other out.

Ultimately it was still the US/Israel/Europe responsible because even if China did execute this, the only reason they did it is because of the West’s insistence that Iran won’t be allowed to do continue its nuke program.

AlexB on December 17, 2010 at 10:43 AM

not likely…we would not give china a new weapon

georgealbert on June 3, 2011 at 12:39 PM