Stuxnet Unbound

by BILL BLUNDEN

After its initial discovery in 2010 by a little-known antivirus vendor from Belarus, the culprit behind the Stuxnet computer worm has been revealed. Last week, based on information leaked by inside sources [1], an article in the New York Times reported that the United States and Israel had secretly embarked on a joint project (code-named Olympic Games) which developed the malware we know as Stuxnet [2]. Despite the ruckus that members of the establishment make in public about foreign hackers (e.g. warning that China is a “threat to world order” [3]), the U.S. is admittedly one of the most active players in this field. While coverage in the press may adopt a seemingly congratulatory tone, there are reasons why this is an unsettling state of affairs.

Containment and control are not trivial issues. As the White House discovered first-hand, once you deploy offensive software there’s no guarantee that it won’t find its way out into the wild and infect otherwise uninvolved third parties. Will the CIA be covering the costs incurred from Stuxnet breaches outside of Iran? What about the tax-payer money spent by the likes of the DHS to analyze and dissect the CIA’s creation [4]? And do you suppose there’s a risk that some enterprising Black Hat out there on the Internet will scavenge captured components from U.S-sponsored malware for their own purposes? These types of concerns are exactly what discouraged the Pentagon from launching a cyber-attack against Saddam Hussein’s financial system before the invasion of Iraq [5].

Then there’s also the matter of efficacy. Was the Stuxnet attack actually as debilitating as a conventional military strike? Or have decision makers merely shown their hand and tipped off the Iranians. When Iranian military leaders originally assigned blame to the U.S. and Israel many people probably dismissed the accusation as a wild conspiracy theory [6]. The Iranians don’t seem so paranoid after all, do they?

One aspect of Stuxnet, which has been corroborated at length by forensic investigators, is that the worm leveraged unpatched software flaws (also known as zero-day attacks) to do its job. It’s generally known among Black Hats that the United States is a principal customer in the underground market for zero-day exploits [7]. As Bruce Schneier notes, the very existence of a market like this undermines our collective security [8]:  “The new market for security vulnerabilities results in a variety of government agencies around the world that have a strong interest in those vulnerabilities remaining unpatched. These range from law-enforcement agencies (like the FBI and the German police who are trying to build targeted Internet surveillance tools, to intelligence agencies like the NSA who are trying to build mass Internet surveillance tools, to military organizations who are trying to build cyber-weapons.”

The end result is security for the 1%, who reside behind the shroud of secrecy, and relative insecurity for everyone else.

Finally, and most importantly, Stuxnet has once again exposed American exceptionalism. Espionage and sabotage are presented as intolerable criminal transgressions, normally causing our elected officials and military leaders to erupt in fits of righteous indignation. That is, unless the United States is doing the spying and the sabotaging (in which case we’re seemingly rather proud of our status as leading rogue state). By crossing the Rubicon, our leaders have irrevocably lost the moral high ground. Not a wise decision for a country that, itself, depends heavily on the same buggy software that it regularly subverts.

Bill Blunden is the author of The Rootkit Arsenal and the primary investigator at Below Gotham Labs. 

Notes. 

[1] Evan Perez and Adam Entous, “FBI Probes Leaks on Iran Cyberattack,” Wall Street Journal, June 5, 2012

[2] David Sanger, “Obama Order Sped Up Wave of Cyberattacks Against Iran,” New York Times, June 1, 2012

[3] Jamie Metzl, “China’s Threat to World Order,” Wall Street Journal, August 17, 2011,

[4] Tabassum Zakaria, “Idaho laboratory analyzed Stuxnet computer virus,” Reuters, September 29, 2011

[5] John Markoff and Thom Shanker, “Halted ’03 Iraq Plan Illustrates U.S. Fear of Cyberwar Risk,” New York Times, August 1, 2009.

[6] “Iran blames U.S., Israel for Stuxnet malware,” Associated Press, April 16, 2011

[7] Andy Greenberg, “Shopping For Zero-Days: A Price List For Hackers’ Secret Software Exploits,” Forbes, March 23, 2012.

[8] Bruce Schneier, “The Vulnerabilities Market and the Future of Security,” June 1, 2012.

Like What You’ve Read? Support CounterPunch
Weekend Edition
July 31-33, 2015
Jeffrey St. Clair
Bernie and the Sandernistas
John Pilger
Julian Assange: the Untold Story of an Epic Struggle for Justice
Roberto J. González – David Price
Remaking the Human Terrain: The US Military’s Continuing Quest to Commandeer Culture
Lawrence Ware
Bernie Sanders’ Race Problem
Andrew Levine
The Logic of Illlogic: Narrow Self-Interest Keeps Israel’s “Existential Threats” Alive
ANDRE VLTCHEK
Kos, Bodrum, Desperate Refugees and a Dying Child
Paul Street
“That’s Politics”: the Sandernistas on the Master’s Schedule
Ted Rall
How the LAPD Conspired to Get Me Fired from the LA Times
Mike Whitney
Power-Mad Erdogan Launches War in Attempt to Become Turkey’s Supreme Leader
Ellen Brown
The Greek Coup: Liquidity as a Weapon of Coercion
Stephen Lendman
Russia Challenges America’s Orwellian NED
Will Parrish
The Politics of California’s Water System
John Wight
The Murder of Ali Saad Dawabsha, a Palestinian Infant Burned Alive by Israeli Terrorists
Jeffrey Blankfort
Leading Bibi’s Army in the War for Washington
Geoffrey McDonald
Obama’s Overtime Tweak: What is the Fair Price of a Missed Life?
Brian Cloughley
Hypocrisy, Obama-Style
Robert Fantina
Israeli Missteps Take a Toll
Pete Dolack
Speculators Circling Puerto Rico Latest Mode of Colonialism
Ron Jacobs
Spying on Black Writers: the FB Eye Blues
Paul Buhle
The Leftwing Seventies?
Binoy Kampmark
The TPP Trade Deal: of Sovereignty and Secrecy
David Swanson
Vietnam, Fifty Years After Defeating the US
Robert Hunziker
Human-Made Evolution
Shamus Cooke
Why Obama’s “Safe Zone” in Syria Will Inflame the War Zone
David Rosen
Hillary Clinton: Learn From Your Sisters
Sam Husseini
How #AllLivesMatter and #BlackLivesMatter Can Devalue Life
Shepherd Bliss
Why I Support Bernie Sanders for President
Louis Proyect
Manufacturing Denial
Howard Lisnoff
The Wrong Argument
Tracey Harris
Living Tiny: a Richer and More Sustainable Future
Kollibri terre Sonnenblume
A Day of Tears: Report from the “sHell No!” Action in Portland
Tom Clifford
Guns of August: the Gulf War Revisited
Renee Lovelace
I Dream of Ghana
Colin Todhunter
GMOs: Where Does Science Begin and Lobbying End?
Ben Debney
Modern Newspeak Dictionary, pt. II
Christopher Brauchli
Guns Don’t Kill People, Immigrants Do and Other Congressional Words of Wisdom
S. Mubashir Noor
India’s UNSC Endgame
Ellen Taylor
The Voyage of the Golden Rule
Norman Ball
Ten Questions for Lee Drutman: Author of “The Business of America is Lobbying”
Franklin Lamb
Return to Ma’loula, Syria
Masturah Alatas
Six Critics in Search of an Author
Mark Hand
Cinéma Engagé: Filmmaker Chronicles Texas Fracking Wars
Mary Lou Singleton
Gender, Patriarchy, and All That Jazz
Patrick Hiller
The Icebreaker and #ShellNo: How Activists Determine the Course
Charles Larson
Tango Bends Its Gender: Carolina De Robertis’s “The Gods of Tango”