Stuxnet Unbound


After its initial discovery in 2010 by a little-known antivirus vendor from Belarus, the culprit behind the Stuxnet computer worm has been revealed. Last week, based on information leaked by inside sources [1], an article in the New York Times reported that the United States and Israel had secretly embarked on a joint project (code-named Olympic Games) which developed the malware we know as Stuxnet [2]. Despite the ruckus that members of the establishment make in public about foreign hackers (e.g. warning that China is a “threat to world order” [3]), the U.S. is admittedly one of the most active players in this field. While coverage in the press may adopt a seemingly congratulatory tone, there are reasons why this is an unsettling state of affairs.

Containment and control are not trivial issues. As the White House discovered first-hand, once you deploy offensive software there’s no guarantee that it won’t find its way out into the wild and infect otherwise uninvolved third parties. Will the CIA be covering the costs incurred from Stuxnet breaches outside of Iran? What about the tax-payer money spent by the likes of the DHS to analyze and dissect the CIA’s creation [4]? And do you suppose there’s a risk that some enterprising Black Hat out there on the Internet will scavenge captured components from U.S-sponsored malware for their own purposes? These types of concerns are exactly what discouraged the Pentagon from launching a cyber-attack against Saddam Hussein’s financial system before the invasion of Iraq [5].

Then there’s also the matter of efficacy. Was the Stuxnet attack actually as debilitating as a conventional military strike? Or have decision makers merely shown their hand and tipped off the Iranians. When Iranian military leaders originally assigned blame to the U.S. and Israel many people probably dismissed the accusation as a wild conspiracy theory [6]. The Iranians don’t seem so paranoid after all, do they?

One aspect of Stuxnet, which has been corroborated at length by forensic investigators, is that the worm leveraged unpatched software flaws (also known as zero-day attacks) to do its job. It’s generally known among Black Hats that the United States is a principal customer in the underground market for zero-day exploits [7]. As Bruce Schneier notes, the very existence of a market like this undermines our collective security [8]:  “The new market for security vulnerabilities results in a variety of government agencies around the world that have a strong interest in those vulnerabilities remaining unpatched. These range from law-enforcement agencies (like the FBI and the German police who are trying to build targeted Internet surveillance tools, to intelligence agencies like the NSA who are trying to build mass Internet surveillance tools, to military organizations who are trying to build cyber-weapons.”

The end result is security for the 1%, who reside behind the shroud of secrecy, and relative insecurity for everyone else.

Finally, and most importantly, Stuxnet has once again exposed American exceptionalism. Espionage and sabotage are presented as intolerable criminal transgressions, normally causing our elected officials and military leaders to erupt in fits of righteous indignation. That is, unless the United States is doing the spying and the sabotaging (in which case we’re seemingly rather proud of our status as leading rogue state). By crossing the Rubicon, our leaders have irrevocably lost the moral high ground. Not a wise decision for a country that, itself, depends heavily on the same buggy software that it regularly subverts.

Bill Blunden is the author of The Rootkit Arsenal and the primary investigator at Below Gotham Labs. 


[1] Evan Perez and Adam Entous, “FBI Probes Leaks on Iran Cyberattack,” Wall Street Journal, June 5, 2012

[2] David Sanger, “Obama Order Sped Up Wave of Cyberattacks Against Iran,” New York Times, June 1, 2012

[3] Jamie Metzl, “China’s Threat to World Order,” Wall Street Journal, August 17, 2011,

[4] Tabassum Zakaria, “Idaho laboratory analyzed Stuxnet computer virus,” Reuters, September 29, 2011

[5] John Markoff and Thom Shanker, “Halted ’03 Iraq Plan Illustrates U.S. Fear of Cyberwar Risk,” New York Times, August 1, 2009.

[6] “Iran blames U.S., Israel for Stuxnet malware,” Associated Press, April 16, 2011

[7] Andy Greenberg, “Shopping For Zero-Days: A Price List For Hackers’ Secret Software Exploits,” Forbes, March 23, 2012.

[8] Bruce Schneier, “The Vulnerabilities Market and the Future of Security,” June 1, 2012.

November 30, 2015
Henry Giroux
Trump’s Embrace of Totalitarianism is America’s Dirty Little Secret
Omur Sahin Keyif
An Assassination in Turkey: the Killing of Tahir Elci
Robert Fisk
70,000 Kalashnikovs: Cameron’s “Moderate” Rebels
Jamie Davidson
Distortion, Revisionism & the Liberal Media
Norman Pollack
Israel and ISIS: Needed, a Thorough Accounting
Robert Hunziker
The Looming Transnational Battlefield
Ahmed Gaya
Breaking the Climate Mold: Fighting for the Planet and Justice
Matt Peppe
Alan Gross’s Improbable Tales on 60 Minutes
Colin Todhunter
India – Procession of the Dead: Shopping Malls and Shit
Roger Annis
Canada’s New Climate-Denying National Government
Binoy Kampmark
Straining the Republic: France’s State of Emergency
Jack Rasmus
Japan’s 5th Recession in 7 Years
Charles R. Larson
Twofers for Carly Fiorina
John Dear
An Eye for an Eye Makes the Whole World Blind
Weekend Edition
November 27-29, 2015
Andrew Levine
The Real Trouble With Bernie
Gary Leupp
Ben Carson, Joseph in Egypt, and the Attack on Rational Thought
John Whitbeck
Who’s Afraid of ISIS?
Michael Brenner
Europe’s Crisis: Terror, Refugees and Impotence
Ramzy Baroud
Forget ISIS: Humanity is at Stake
Pepe Escobar
Will Chess, Not Battleship, Be the Game of the Future in Eurasia?
Vijay Prashad
Showdown on the Syrian Border
Dave Lindorff
Gen. John Campbell, Commander in Afghanistan and Serial Liar
Colin Todhunter
Class, War and David Cameron
Jean Bricmont
The Ideology of Humanitarian Imperialism
Dan Glazebrook
Deadliest Terror in the World: the West’s Latest Gift to Africa
Mark Hand
Escape From New York: the Emancipation of Activist Cecily McMillan
Karl Grossman
Our Solar Bonanza!
Mats Svensson
Madness in Hebron: Hashem Had No Enemies, Yet Hashem Was Hated
Walter Brasch
Terrorism on American Soil
Louisa Willcox
Grizzly Bears, Dreaming and the Frontier of Wonder
Michael Welton
Yahweh is Not Exactly Politically Correct
Joseph Natoli
A Politics of Stupid and How to Leave It Behind
John Cox
You Should Fear Racism and Xenophobia, Not Syrian Refugees or Muslims
Barrie Gilbert
Sacrificing the Grizzlies of Katmai Park: the Plan to Turn Brooks Camp Into a Theme
Rev. William Alberts
The Church of “Something Else” in “an Ecclesiastical Desert”
Andrew Gavin Marshall
Bank Crimes Pay
Elliot Murphy
Cameron’s Syrian Strategy
Thomas S. Harrington
Jeff Jacoby of the Boston Globe and the Death of Ezra Schwartz
Gareth Porter
How Terror in Paris Calls for Revising US Syria Policy
Michael Perino
The Arc of Instability
Yves Engler
Justin Trudeau and Canada’s Mining Industry
Tom H. Hastings
ISIS and Changing the Game
Lars Jørgensen
Vive la Résistance
John Halle
A Yale Education as a Tool of Power and Privilege
Norman Pollack
Syrian “Civil War”?: No, A Proxy War of Global Confrontation