NYT: Yep, Stuxnet is a joint U.S./Israeli project — ordered by Bush

posted at 4:33 pm on January 17, 2011 by Allahpundit

Greenlit by Dubya, accelerated by Obama. Or at least, that’s what the cyborg time travelers who brought the worm back from the future would have you believe.

The evidence is only circumstantial, but … there’s an awful lot of it.

Behind Dimona’s barbed wire, the experts say, Israel has spun nuclear centrifuges virtually identical to Iran’s at Natanz, where Iranian scientists are struggling to enrich uranium. They say Dimona tested the effectiveness of the Stuxnet computer worm, a destructive program that appears to have wiped out roughly a fifth of Iran’s nuclear centrifuges and helped delay, though not destroy, Tehran’s ability to make its first nuclear arms.

“To check out the worm, you have to know the machines,” said an American expert on nuclear intelligence. “The reason the worm has been effective is that the Israelis tried it out.”…

The worm itself now appears to have included two major components. One was designed to send Iran’s nuclear centrifuges spinning wildly out of control. Another seems right out of the movies: The computer program also secretly recorded what normal operations at the nuclear plant looked like, then played those readings back to plant operators, like a pre-recorded security tape in a bank heist, so that it would appear that everything was operating normally while the centrifuges were actually tearing themselves apart.

The attacks were not fully successful: Some parts of Iran’s operations ground to a halt, while others survived, according to the reports of international nuclear inspectors. Nor is it clear the attacks are over: Some experts who have examined the code believe it contains the seeds for yet more versions and assaults

The project’s political origins can be found in the last months of the Bush administration. In January 2009, The New York Times reported that Mr. Bush authorized a covert program to undermine the electrical and computer systems around Natanz, Iran’s major enrichment center. President Obama, first briefed on the program even before taking office, sped it up, according to officials familiar with the administration’s Iran strategy. So did the Israelis, other officials said.

News stories on Stuxnet are typically so rich in fascinating cloak-and-dagger detail that there’s no way to blockquote all the key parts, and this one’s no exception. Read all of it, please, and take note of how the U.S. allegedly was first clued in to the critical vulnerabilities in Siemens’s centrifuge-controlling computer code. Theories about that have kicked around for awhile — including the possibility that Siemens is willingly cooperating in making its systems exploitable — but if you believe the Times, the U.S. was apparently approached by Siemens in 2008 for advice on how to make its system … more secure. I find that hard to believe just because the timing’s a bit too perfect: At the precise moment that America and Israel are scrambling for non-military means to disable the Iranian nuclear program, the company that holds the digital key to Iran’s enrichment facility comes knocking on our door for help on improving their code? Seriously?

As for the part linked in the blockquote, I had no idea that the Times or anyone else had reported in the past on any secret U.S. projects to target Iran’s centrifuges. To be sure, there were vague stories about unspecified covert action being taken, but in the past that typically meant targeting black-market suppliers of nuclear equipment and/or physically tampering with the goods while they were in transit to Iran. The cyberwar angle was something new and unexpected, but it was there long ago if you were paying attention. Spencer Ackerman of Danger Room flags this NYT report from all the way back on April 27, 2009, just three months after Obama was sworn in. Quote: “When President George W. Bush ordered new ways to slow Iran’s progress toward a nuclear bomb last year, he approved a plan for an experimental covert program — its results still unclear — to bore into their computers and undermine the project.” (emphasis mine) It’s no mystery who’s responsible for Stuxnet, in other words; the facts are hiding in plain sight, which is why I didn’t understand when a little current of outrage swept through Twitter yesterday at the Times for publishing this story. The U.S. and Israel are probably the only two countries with the means and the motive to drop this cyber-nuke on Iran (other colorful theories notwithstanding), so they’ll naturally be blamed — in which case, why hide it? In fact, at this point, the higher Stuxnet’s international profile becomes, the more useful it is to other nations as an excuse not to deal with Iran. Russia, for instance, is now insisting that it can’t proceed with its work on Iran’s nuclear power plant at Bushehr in case there’s some sort of Stuxnet infection in the system there too that might cause “another Chernobyl.” That makes no sense in light of the Times piece — the whole point about Stuxnet is that it’s very precisely targeted to disable centrifuges, not to mess with a nuclear power system — but it provides a handy excuse for Russia to back off.

Exit question: I’ve asked this before but I’m still mystified by it. If one of the two goals of Stuxnet was to hide its sabotage by making centrifuge operators believe that everything was running smoothly, why was it so easily discovered by cybersecurity experts? Ideally, this thing should have run on Iranian computer networks for years and years, spinning its centrifuges into oblivion at every turn until Iran simply gave up in utter befuddlement at what the problem might be. Instead, it looks as though it ran for about a year (maybe less) before being detected. Is that … deliberate? If so, why? If not, why weren’t stronger measures taken to keep the worm invisible? Surely if they could build something so ingenious as to commandeer Iranian centrifuges, they could build it to be undetectable by standard cybersecurity measures.


Related Posts:

Breaking on Hot Air

Blowback

Note from Hot Air management: This section is for comments from Hot Air's community of registered readers. Please don't assume that Hot Air management agrees with or otherwise endorses any particular comment just because we let it stand. A reminder: Anyone who fails to comply with our terms of use may lose their posting privilege.

Trackbacks/Pings

Trackback URL

Comments

Comment pages: 1 2

Nukular strategery in action.

baldilocks on January 17, 2011 at 6:25 PM

Its a test on Iran but anyone want to bet its real possible target is China ?

William Amos on January 17, 2011 at 4:56 PM

That’s an interesting idea. I wish I could credit the O-bots with enough strategic foresight to plan like that. Bush maybe. Reagan certainly. But Øbama? Highly unlikely.

petefrt on January 17, 2011 at 6:30 PM

The only reason O’bamby didn’t kill it is because he didn’t understand it.

BigAlSouth on January 17, 2011 at 6:30 PM

If it has already been said, apologies

Question the source

Kini on January 17, 2011 at 6:34 PM

I’ve asked this before but I’m still mystified by it. If one of the two goals of Stuxnet was to hide its sabotage by making centrifuge operators believe that everything was running smoothly, why was it so easily discovered by cybersecurity experts? Ideally, this thing should have run on Iranian computer networks for years and years, spinning its centrifuges into oblivion at every turn until Iran simply gave up in utter befuddlement at what the problem might be. Instead, it looks as though it ran for about a year (maybe less) before being detected. Is that … deliberate? If so, why? If not, why weren’t stronger measures taken to keep the worm invisible?

I thought they designed it so that the Iranians would find out so that they would be too afraid to launch for fear they’d get annihilated?Also to further embarass and undermine Ahmadenijad(sp) and possibly have him ejected from power. I also recall reading somewhere that its discovery was an accident, that it was supposed to self destruct before discovery because it can now in turn be used against us…

CCRWM on January 17, 2011 at 6:43 PM

Someone, somewhere will break the code and discover the worm sooner or later and usually sooner. That it worked for a year is amazing in and of itself.

Warner Todd Huston on January 17, 2011 at 4:43 PM

The followup may be that those in Iran who would work on breaking the code and purging the systems of the worm will be treated with extreme prejudice by outside agents. We may have seen just the tip of the iceberg, regarding that effort, with the recent bombings of their nuclear scientists.

If they are looking over their shoulder all the time they are less effective in their job.

Yoop on January 17, 2011 at 6:45 PM

Nukular strategery in action.

baldilocks on January 17, 2011 at 6:25 PM

LOL..

Cowboy!

Texas Gal on January 17, 2011 at 6:46 PM

Yeah, NYT’s – you’re story is believable – the day you get your credibility back.

GarandFan on January 17, 2011 at 6:48 PM

So another Dubya initiative that Obama continues and will take the credit for…

crazywater on January 17, 2011 at 6:58 PM

He’s like Han Solo when he thought up the “Fake a frontal attack on the star destroyer, buzz the bridge, then hide between the scanner towers effectively cloaking the ship from detection” bit in Empire Strikes Back.

Gotta admit, he did have his moments.

SuperCool on January 17, 2011 at 7:06 PM

It is all Obama’s fault.

WoosterOh on January 17, 2011 at 7:22 PM

Israel needs to fight it’s own wars and fund it’s own military.

True_King on January 17, 2011 at 7:56 PM

Maybe it would have worked behind the scenes for a decade if it hadn’t been rushed. Sorry, I mean accelerated.

livefreerdie on January 17, 2011 at 7:59 PM

The only reason O’bamby didn’t kill it is because he didn’t understand it.

LOL

YehuditTX on January 17, 2011 at 8:01 PM

Nukular strategery in action.

baldilocks on January 17, 2011 at 6:25 PM

Pleased to see you back! You’re not here as often as you once were, and your voice is definately missed.

massrighty on January 17, 2011 at 8:18 PM

The most amazing thing is Stuxnet is nothing more than a game of Tic Tac Toe.

mrt721 on January 17, 2011 at 8:24 PM

If one of the two goals of Stuxnet was to hide its sabotage by making centrifuge operators believe that everything was running smoothly, why was it so easily discovered by cybersecurity experts? Ideally, this thing should have run on Iranian computer networks for years and years, spinning its centrifuges into oblivion at every turn until Iran simply gave up in utter befuddlement at what the problem might be. Instead, it looks as though it ran for about a year (maybe less) before being detected. Is that … deliberate? If so, why? If not, why weren’t stronger measures taken to keep the worm invisible? Surely if they could build something so ingenious as to commandeer Iranian centrifuges, they could build it to be undetectable by standard cybersecurity measures.

And how do you know there is not more to the program?

It is possible that the centrifuge targeting portion was supposed to be found. In military parlance, it could be a feint or ruse – a diversion. Perhaps removing that part of the program triggers a new and different attack. Surely it was expected that a civilian supplier would be frantic in getting the problem fixed if for no other reason than to get paid or keep from refunding the purchase price. The risk to their reputation would also give them extra incentive to get it fixed.

If anyone thinks that is too farfetched, I guarantee you that Iranian Intelligence is thinking about those possibilities.

Jim M. on January 17, 2011 at 8:32 PM

AP, your exit question is an interesting one, but there’s too many variables to have a clue what the correct answer might be, except to those who aren’t about to say.

As for it having been “easily” detected, a machine-control worm that worked undetected for a year is Guiness-worthy. It’s one thing to hide a Sony-based rootkit on someone’s laptop and have them never know about it. When your sophisticated machinery is not producing the material which your scientists and engineers swear it should be, the deep-dive analysis into every aspect of the equipment’s operation is going to be thorough, and contractor lives likely on the line to get it fixed FAST. It’s amazing that it didn’t get ID’d sooner, and that’s precisely why I knew it had to be the U.S. from the beginning. The investigative and analytical resources required to bring this multiphase trojan/worm virus together for starters. That nobody would work to create such a thing without having a chance to test it on a “golden bench” version of the target equipment (the Israeli facility you mention in your story above). And finally, the intelligence capacity to place the code where it could eventually be dollied into the target facility by one (or more) of their own workers. All of those things adds up to an effort of incredible scope, and China is the only other global entity who could have put the whole mess together.

Whoever could code a worm to stay silent until it recognized a connection with just the right kind of target equipment, then push the deep-phase program into place on the machine control computer, could also prepare numerous versions of the structure as “sleeper cells”, to activate when they detect the absence of their predecessor, keeping this merry-go-round in chaos for quite a long time.

The next real question is when does someone pay enough money to the Chinese to have their cyber-ninjas retaliate against the U.S.? Are we prepared?

Freelancer on January 17, 2011 at 9:12 PM

…At a minimum, he deserves an apology from most of Congress.
cntrlfrk on January 17, 2011 at 4:40 PM

Not just most of congress, but most of the world.

free on January 17, 2011 at 10:02 PM

Israel needs to fight it’s own wars and fund it’s own military.

True_King on January 17, 2011 at 7:56 PM

WTF!?

Israel deserves our support as the only democracy in the Middle East.

Conservative Samizdat on January 17, 2011 at 10:23 PM

If one of the two goals of Stuxnet was to hide its sabotage by making centrifuge operators believe that everything was running smoothly, why was it so easily discovered by cybersecurity experts?

As someone who has worked to implement fancy processes (although not on this scale or complexity) acceleration might have been a factor. You rush it, you have to leave things out.

starboardhelm on January 18, 2011 at 12:17 AM

Obama is taking us back to the golden era of rail. I hope zimbabwe doesn’t write a virus that will derail the steam locomotives.

seven on January 18, 2011 at 1:06 AM

Now that an enormous number of computer gizmos are manufactured in China, how long before they disable our computers, networks…?

ClanDerson on January 18, 2011 at 1:36 AM

Yee haw

LASue on January 18, 2011 at 2:01 AM

This is why Bush rocked.

He wasn’t hesitant to take on his enemies rather than bowing to them or appeasing them.

Conservative Samizdat on January 17, 2011 at 4:37 PM

Yeah, agreed. And that he didn’t travel around the globe bowing down to “leaders”.

I got enjoyment out of reading an article that was supposed to be “anti Bush” (Guardian, this morning) while promoting Obama…

The article describes how it is that Obama’s throwing China’s pres. an official state dinner at the White House (noting, so says article, how China “observes” and places “great value” in “protocol”), while during President Bush’s terms, he held “a luncheon at the White House” for China’s president, which (so says article) China was “offended by”.

Bush’s reasons were ongoing human rights violations by China and China’s refusal to discuss those violations.

Lourdes on January 18, 2011 at 7:33 AM

Mission accomplished?

Don L on January 18, 2011 at 8:43 AM

Obama is taking us back to the golden era of rail.

Yeah, only this time around, we’ll be the coolies working for the Chinese.

Don L on January 18, 2011 at 8:47 AM

So it’s Bush’s fault, eh?

ncborn on January 18, 2011 at 10:40 AM

What would it do in the control systems of an active reactor?

The Iranians want to find out. The Russians want to stand WAAAAAAY back…

mojo on January 18, 2011 at 10:54 AM

I have to say it because no one else has done it yet:
Boooooossssshhhhhhh!!!!!
&
Joooooooooooozzzzzz!!!!!
I thank you.

mizflame98 on January 18, 2011 at 11:29 AM

So it’s Bush’s fault, eh?

ncborn on January 18, 2011 at 10:40 AM

The catch phrase of the 21st century. I miss him.

scotash on January 18, 2011 at 2:04 PM

Finding a nonviolent way to take out Iranian nuke projects: brilliant

Finding out it is a US weapon (and not Chinese/Russian, etc):
priceless

ace tomato on January 18, 2011 at 2:33 PM

Instead, it looks as though it ran for about a year (maybe less) before being detected. Is that … deliberate? If so, why? If not, why weren’t stronger measures taken to keep the worm invisible?

Stuxnet fooled them into thinking everything was fine, but in the background it tore that Sh** up. It would have been a matter of time before the false reports they had didn’t match up with equipment issues the damage is extensive. A year long covert run was a HUGE run.

ace tomato on January 18, 2011 at 2:37 PM

Ideally, this thing should have run on Iranian computer networks for years and years, spinning its centrifuges into oblivion at every turn until Iran simply gave up in utter befuddlement at what the problem might be. Instead, it looks as though it ran for about a year (maybe less) before being detected.

To me and my admittedly limited programming/security experience, keeping a worm hidden for anything approaching a year sounds pretty phenomenal…

ReformedAndDangerous on January 18, 2011 at 3:02 PM

The only reason O’bamby didn’t kill it is because he didn’t understand it.

BigAlSouth on January 17, 2011 at 6:30 PM

The reason why Barry did not kill the project was he did not know about it. He might be on vacation or he has to play hoop.

bayview on January 18, 2011 at 4:02 PM

Mr. Bush authorized a covert program to undermine the electrical and computer systems around Natanz, Iran’s major enrichment center. President Obama, first briefed on the program even before taking office, sped it up, according to officials familiar with the administration’s Iran strategy.

Me Arse! Pres Obama would have run to court to stop it! I just can’t see Obama wanting to do anything but bow extra low and apologize.

CA_Conservative on January 18, 2011 at 4:54 PM

if they could build something so ingenious as to commandeer Iranian centrifuges, they could build it to be undetectable by standard cybersecurity measures.

Maybe the code wasn’t the first thing discovered. Maybe someone familiar with the ‘fuges didn’t think the readings matched with what they were, say, hearing in the motors. A little independent calculation of the speed might have turned up the discrepency and…off to the races.

eeyore on January 18, 2011 at 6:15 PM

Surely if they could build something so ingenious as to commandeer Iranian centrifuges, they could build it to be undetectable by standard cybersecurity measures.

There is of course another possibility, -that spies in the USA or less likely Israel found out about the project and word got back to Russia or China, and they helped the discovery of Stuxnet along.

If the USA were involved in writing Stuxnet, it’s likely that Los Alamos was involved, and we know from Clinton’s days how infested with spies that rat-hole was and probably still is.

slickwillie2001 on January 18, 2011 at 8:31 PM

massrighty on January 17, 2011 at 8:18 PM

Thanks! :)

baldilocks on January 18, 2011 at 9:06 PM

Surely it was expected that a civilian supplier would be frantic in getting the problem fixed if for no other reason than to get paid or keep from refunding the purchase price. The risk to their reputation would also give them extra incentive to get it fixed.

I read an article recently(I believe from the Daily Telegraph, UK)which described the circumstances that led to the discovery and it was like what Jim M has said above. Yeah, it was a civilian supplier who figured it out because he found that his own computer had a bug and he deduced that it must have come from the Iranian facility. Someone will make a movie of this very interesting story.

Birdseye on January 18, 2011 at 9:17 PM

There is of course another possibility, -that spies in the USA or less likely Israel found out about the project and word got back to Russia or China, and they helped the discovery of Stuxnet along.

Or there is someone who is really keen to see a nuclear Iran (despite what is said publicly to the contrary)so it will force the Israelis to go back to the 1967 borders and help justify any Nobel Prize thereafter or even beforehand.

Birdseye on January 18, 2011 at 9:24 PM

I assume that if this incident leads to a similar attack against the US, that in that case it will be “terrorism.”

dave742 on January 19, 2011 at 1:28 PM

Comment pages: 1 2