FacebookTwitterGoogle+RedditEmail

Stuxnet Unbound

by BILL BLUNDEN

After its initial discovery in 2010 by a little-known antivirus vendor from Belarus, the culprit behind the Stuxnet computer worm has been revealed. Last week, based on information leaked by inside sources [1], an article in the New York Times reported that the United States and Israel had secretly embarked on a joint project (code-named Olympic Games) which developed the malware we know as Stuxnet [2]. Despite the ruckus that members of the establishment make in public about foreign hackers (e.g. warning that China is a “threat to world order” [3]), the U.S. is admittedly one of the most active players in this field. While coverage in the press may adopt a seemingly congratulatory tone, there are reasons why this is an unsettling state of affairs.

Containment and control are not trivial issues. As the White House discovered first-hand, once you deploy offensive software there’s no guarantee that it won’t find its way out into the wild and infect otherwise uninvolved third parties. Will the CIA be covering the costs incurred from Stuxnet breaches outside of Iran? What about the tax-payer money spent by the likes of the DHS to analyze and dissect the CIA’s creation [4]? And do you suppose there’s a risk that some enterprising Black Hat out there on the Internet will scavenge captured components from U.S-sponsored malware for their own purposes? These types of concerns are exactly what discouraged the Pentagon from launching a cyber-attack against Saddam Hussein’s financial system before the invasion of Iraq [5].

Then there’s also the matter of efficacy. Was the Stuxnet attack actually as debilitating as a conventional military strike? Or have decision makers merely shown their hand and tipped off the Iranians. When Iranian military leaders originally assigned blame to the U.S. and Israel many people probably dismissed the accusation as a wild conspiracy theory [6]. The Iranians don’t seem so paranoid after all, do they?

One aspect of Stuxnet, which has been corroborated at length by forensic investigators, is that the worm leveraged unpatched software flaws (also known as zero-day attacks) to do its job. It’s generally known among Black Hats that the United States is a principal customer in the underground market for zero-day exploits [7]. As Bruce Schneier notes, the very existence of a market like this undermines our collective security [8]:  “The new market for security vulnerabilities results in a variety of government agencies around the world that have a strong interest in those vulnerabilities remaining unpatched. These range from law-enforcement agencies (like the FBI and the German police who are trying to build targeted Internet surveillance tools, to intelligence agencies like the NSA who are trying to build mass Internet surveillance tools, to military organizations who are trying to build cyber-weapons.”

The end result is security for the 1%, who reside behind the shroud of secrecy, and relative insecurity for everyone else.

Finally, and most importantly, Stuxnet has once again exposed American exceptionalism. Espionage and sabotage are presented as intolerable criminal transgressions, normally causing our elected officials and military leaders to erupt in fits of righteous indignation. That is, unless the United States is doing the spying and the sabotaging (in which case we’re seemingly rather proud of our status as leading rogue state). By crossing the Rubicon, our leaders have irrevocably lost the moral high ground. Not a wise decision for a country that, itself, depends heavily on the same buggy software that it regularly subverts.

Bill Blunden is the author of The Rootkit Arsenal and the primary investigator at Below Gotham Labs. 

Notes. 

[1] Evan Perez and Adam Entous, “FBI Probes Leaks on Iran Cyberattack,” Wall Street Journal, June 5, 2012

[2] David Sanger, “Obama Order Sped Up Wave of Cyberattacks Against Iran,” New York Times, June 1, 2012

[3] Jamie Metzl, “China’s Threat to World Order,” Wall Street Journal, August 17, 2011,

[4] Tabassum Zakaria, “Idaho laboratory analyzed Stuxnet computer virus,” Reuters, September 29, 2011

[5] John Markoff and Thom Shanker, “Halted ’03 Iraq Plan Illustrates U.S. Fear of Cyberwar Risk,” New York Times, August 1, 2009.

[6] “Iran blames U.S., Israel for Stuxnet malware,” Associated Press, April 16, 2011

[7] Andy Greenberg, “Shopping For Zero-Days: A Price List For Hackers’ Secret Software Exploits,” Forbes, March 23, 2012.

[8] Bruce Schneier, “The Vulnerabilities Market and the Future of Security,” June 1, 2012.

Bill Blunden is a journalist whose current areas of inquiry include information security, anti-forensics, and institutional analysis. He is the author of several books, including “The Rootkit Arsenal” andBehold a Pale Farce: Cyberwar, Threat Inflation, and the Malware-Industrial Complex.” Bill is the lead investigator at Below Gotham Labs and a member of the California State University Employees Union, Chapter 305.

More articles by:
June 28, 2016
Jonathan Cook
The Neoliberal Prison: Brexit Hysteria and the Liberal Mind
Paul Street
Bernie, Bakken, and Electoral Delusion: Letting Rich Guys Ruin Iowa and the World
Anthony DiMaggio
Fatally Flawed: the Bi-Partisan Travesty of American Health Care Reform
Mike King
The “Free State of Jones” in Trump’s America: Freedom Beyond White Imagination
Antonis Vradis
Stop Shedding Tears for the EU Monster: Brexit, the View From the Peloponnese
Omar Kassem
The End of the Atlantic Project: Slamming the Brakes on the Neoliberal Order
Binoy Kampmark
Brexit and the Neoliberal Revolt Against Jeremy Corbyn
Ruth Hopkins
Save Bear Butte: Mecca of the Lakota
Celestino Gusmao
Time to End Impunity for Suharto’’s Crimes in Indonesia and Timor-Leste
Thomas Knapp
SCOTUS: Amply Serving Law Enforcement’s Interests versus Society’s
Manuel E. Yepe
Capitalism is the Opposite of Democracy
Winslow Myers
Up Against the Wall
Chris Ernesto
Bernie’s “Political Revolution” = Vote for Clinton and the Neocons
Stephanie Van Hook
The Time for Silence is Over
Ajamu Nangwaya
Toronto’s Bathhouse Raids: Racialized, Queer Solidarity and Police Violence
June 27, 2016
Robin Hahnel
Brexit: Establishment Freak Out
James Bradley
Omar’s Motive
Gregory Wilpert – Michael Hudson
How Western Military Interventions Shaped the Brexit Vote
Leonard Peltier
41 Years Since Jumping Bull (But 500 Years of Trauma)
Rev. William Alberts
Orlando: the Latest Victim of Radicalizing American Imperialism
Patrick Cockburn
Brexiteers Have Much in Common With Arab Spring Protesters
Franklin Lamb
How 100 Syrians, 200 Russians and 11 Dogs Out-Witted ISIS and Saved Palmyra
John Grant
Omar Mateen: The Answers are All Around Us
Dean Baker
In the Wake of Brexit Will the EU Finally Turn Away From Austerity?
Ralph Nader
The IRS and the Self-Minimization of Congressman Jason Chaffetz
Johan Galtung
Goodbye UK, Goodbye Great Britain: What Next?
Martha Pskowski
Detained in Dilley: Deportation and Asylum in Texas
Binoy Kampmark
Headaches of Empire: Brexit’s Effect on the United States
Dave Lindorff
Honest Election System Needed to Defeat Ruling Elite
Louisa Willcox
Delisting Grizzly Bears to Save the Endangered Species Act?
Jason Holland
The Tragedy of Nothing
Jeffrey St. Clair
Revolution Reconsidered: a Fragment (Guest Starring Bernard Sanders in the Role of Robespierre)
Weekend Edition
June 24, 2016
Friday - Sunday
John Pilger
A Blow for Peace and Democracy: Why the British Said No to Europe
Pepe Escobar
Goodbye to All That: Why the UK Left the EU
Michael Hudson
Revolts of the Debtors: From Socrates to Ibn Khaldun
Andrew Levine
Summer Spectaculars: Prelude to a Tea Party?
Kshama Sawant
Beyond Bernie: Still Not With Her
Mike Whitney
¡Basta Ya, Brussels! British Voters Reject EU Corporate Slavestate
Tariq Ali
Panic in the House: Brexit as Revolt Against the Political Establishment
Paul Street
Miranda, Obama, and Hamilton: an Orwellian Ménage à Trois for the Neoliberal Age
Ellen Brown
The War on Weed is Winding Down, But Will Monsanto Emerge the Winner?
Gary Leupp
Why God Created the Two-Party System
Conn Hallinan
Brexit Vote: a Very British Affair (But Spain May Rock the Continent)
Ruth Fowler
England, My England
Jeffrey St. Clair
Lines Written on the Occasion of Bernie Sanders’ Announcement of His Intention to Vote for Hillary Clinton
FacebookTwitterGoogle+RedditEmail