FacebookTwitterGoogle+RedditEmail

Stuxnet Unbound

by BILL BLUNDEN

After its initial discovery in 2010 by a little-known antivirus vendor from Belarus, the culprit behind the Stuxnet computer worm has been revealed. Last week, based on information leaked by inside sources [1], an article in the New York Times reported that the United States and Israel had secretly embarked on a joint project (code-named Olympic Games) which developed the malware we know as Stuxnet [2]. Despite the ruckus that members of the establishment make in public about foreign hackers (e.g. warning that China is a “threat to world order” [3]), the U.S. is admittedly one of the most active players in this field. While coverage in the press may adopt a seemingly congratulatory tone, there are reasons why this is an unsettling state of affairs.

Containment and control are not trivial issues. As the White House discovered first-hand, once you deploy offensive software there’s no guarantee that it won’t find its way out into the wild and infect otherwise uninvolved third parties. Will the CIA be covering the costs incurred from Stuxnet breaches outside of Iran? What about the tax-payer money spent by the likes of the DHS to analyze and dissect the CIA’s creation [4]? And do you suppose there’s a risk that some enterprising Black Hat out there on the Internet will scavenge captured components from U.S-sponsored malware for their own purposes? These types of concerns are exactly what discouraged the Pentagon from launching a cyber-attack against Saddam Hussein’s financial system before the invasion of Iraq [5].

Then there’s also the matter of efficacy. Was the Stuxnet attack actually as debilitating as a conventional military strike? Or have decision makers merely shown their hand and tipped off the Iranians. When Iranian military leaders originally assigned blame to the U.S. and Israel many people probably dismissed the accusation as a wild conspiracy theory [6]. The Iranians don’t seem so paranoid after all, do they?

One aspect of Stuxnet, which has been corroborated at length by forensic investigators, is that the worm leveraged unpatched software flaws (also known as zero-day attacks) to do its job. It’s generally known among Black Hats that the United States is a principal customer in the underground market for zero-day exploits [7]. As Bruce Schneier notes, the very existence of a market like this undermines our collective security [8]:  “The new market for security vulnerabilities results in a variety of government agencies around the world that have a strong interest in those vulnerabilities remaining unpatched. These range from law-enforcement agencies (like the FBI and the German police who are trying to build targeted Internet surveillance tools, to intelligence agencies like the NSA who are trying to build mass Internet surveillance tools, to military organizations who are trying to build cyber-weapons.”

The end result is security for the 1%, who reside behind the shroud of secrecy, and relative insecurity for everyone else.

Finally, and most importantly, Stuxnet has once again exposed American exceptionalism. Espionage and sabotage are presented as intolerable criminal transgressions, normally causing our elected officials and military leaders to erupt in fits of righteous indignation. That is, unless the United States is doing the spying and the sabotaging (in which case we’re seemingly rather proud of our status as leading rogue state). By crossing the Rubicon, our leaders have irrevocably lost the moral high ground. Not a wise decision for a country that, itself, depends heavily on the same buggy software that it regularly subverts.

Bill Blunden is the author of The Rootkit Arsenal and the primary investigator at Below Gotham Labs. 

Notes. 

[1] Evan Perez and Adam Entous, “FBI Probes Leaks on Iran Cyberattack,” Wall Street Journal, June 5, 2012

[2] David Sanger, “Obama Order Sped Up Wave of Cyberattacks Against Iran,” New York Times, June 1, 2012

[3] Jamie Metzl, “China’s Threat to World Order,” Wall Street Journal, August 17, 2011,

[4] Tabassum Zakaria, “Idaho laboratory analyzed Stuxnet computer virus,” Reuters, September 29, 2011

[5] John Markoff and Thom Shanker, “Halted ’03 Iraq Plan Illustrates U.S. Fear of Cyberwar Risk,” New York Times, August 1, 2009.

[6] “Iran blames U.S., Israel for Stuxnet malware,” Associated Press, April 16, 2011

[7] Andy Greenberg, “Shopping For Zero-Days: A Price List For Hackers’ Secret Software Exploits,” Forbes, March 23, 2012.

[8] Bruce Schneier, “The Vulnerabilities Market and the Future of Security,” June 1, 2012.

Bill Blunden is a journalist whose current areas of inquiry include information security, anti-forensics, and institutional analysis. He is the author of several books, including “The Rootkit Arsenal” andBehold a Pale Farce: Cyberwar, Threat Inflation, and the Malware-Industrial Complex.” Bill is the lead investigator at Below Gotham Labs and a member of the California State University Employees Union, Chapter 305.

More articles by:

CounterPunch Magazine

minimag-edit

August 25, 2016
Mike Whitney
The Broken Chessboard: Brzezinski Gives up on Empire
Paul Cox – Stan Cox
The Louisiana Catastrophe Proves the Need for Universal, Single-Payer Disaster Insurance
John W. Whitehead
Another Brick in the Wall: Children of the American Police State
Lewis Evans
Genocide in Plain Sight: Shooting Bushmen From Helicopters in Botswana
Daniel Kovalik
Colombia: Peace in the Shadow of the Death Squads
Sam Husseini
How the Washington Post Sells the Politics of Fear
Ramzy Baroud
Punishing the Messenger: Israel’s War on NGOs Takes a Worrying Turn
Norman Pollack
Troglodyte Vs. Goebbelean Fascism: The 2016 Presidential Race
Simon Wood
Where are the Child Victims of the West?
Roseangela Hartford
The Hidden Homeless Population
Mark Weisbrot
Obama’s Campaign for TPP Could Drag Down the Democrats
Rick Sterling
Clintonites Prepare for War on Syria
Yves Engler
The Anti-Semitism Smear Against Canadian Greens
August 24, 2016
John Pilger
Provoking Nuclear War by Media
Jonathan Cook
The Birth of Agro-Resistance in Palestine
Eric Draitser
Ajamu Baraka, “Uncle Tom,” and the Pathology of White Liberal Racism
Jack Rasmus
Greek Debt and the New Financial Imperialism
Robert Fisk
The Sultan’s Hit List Grows, as Turkey Prepares to Enter Syria
Abubakar N. Kasim
What Did the Olympics Really Do for Humanity?
Renee Parsons
Obamacare Supporters Oppose ColoradoCare
Alycee Lane
The Trump Campaign: a White Revolt Against ‘Neoliberal Multiculturalism’
Edward Hunt
Maintaining U.S. Dominance in the Pacific
George Wuerthner
The Big Fish Kill on the Yellowstone
Jesse Jackson
Democrats Shouldn’t Get a Blank Check From Black Voters
Kent Paterson
Saving Southern New Mexico from the Next Big Flood
Arnold August
RIP Jean-Guy Allard: A Model for Progressive Journalists Working in the Capitalist System
August 23, 2016
Diana Johnstone
Hillary and the Glass Ceilings Illusion
Bill Quigley
Race and Class Gap Widening: Katrina Pain Index 2016 by the Numbers
Ted Rall
Trump vs. Clinton: It’s All About the Debates
Eoin Higgins
Will Progressive Democrats Ever Support a Third Party Candidate?
Kenneth J. Saltman
Wall Street’s Latest Public Sector Rip-Off: Five Myths About Pay for Success
Binoy Kampmark
Labouring Hours: Sweden’s Six-Hour Working Day
John Feffer
The Globalization of Trump
Gwendolyn Mink – Felicia Kornbluh
Time to End “Welfare as We Know It”
Medea Benjamin
Congress Must Take Action to Block Weapon Sales to Saudi Arabia
Halyna Mokrushyna
Political Writer, Daughter of Ukrainian Dissident, Detained and Charged in Ukraine
Manuel E. Yepe
Tourism and Religion Go Hand-in-Hand in the Caribbean
ED ADELMAN
Belted by Trump
Thomas Knapp
War: The Islamic State and Western Politicians Against the Rest of Us
Nauman Sadiq
Shifting Alliances: Turkey, Russia and the Kurds
Rivera Sun
Active Peace: Restoring Relationships While Making Change
August 22, 2016
Eric Draitser
Hillary Clinton: The Anti-Woman ‘Feminist’
Robert Hunziker
Arctic Death Rattle
Norman Solomon
Clinton’s Transition Team: a Corporate Presidency Foretold
Ralph Nader
Hillary’s Hubris: Only Tell the Rich for $5000 a Minute!
FacebookTwitterGoogle+RedditEmail