Stuxnet Unbound

by BILL BLUNDEN

After its initial discovery in 2010 by a little-known antivirus vendor from Belarus, the culprit behind the Stuxnet computer worm has been revealed. Last week, based on information leaked by inside sources [1], an article in the New York Times reported that the United States and Israel had secretly embarked on a joint project (code-named Olympic Games) which developed the malware we know as Stuxnet [2]. Despite the ruckus that members of the establishment make in public about foreign hackers (e.g. warning that China is a “threat to world order” [3]), the U.S. is admittedly one of the most active players in this field. While coverage in the press may adopt a seemingly congratulatory tone, there are reasons why this is an unsettling state of affairs.

Containment and control are not trivial issues. As the White House discovered first-hand, once you deploy offensive software there’s no guarantee that it won’t find its way out into the wild and infect otherwise uninvolved third parties. Will the CIA be covering the costs incurred from Stuxnet breaches outside of Iran? What about the tax-payer money spent by the likes of the DHS to analyze and dissect the CIA’s creation [4]? And do you suppose there’s a risk that some enterprising Black Hat out there on the Internet will scavenge captured components from U.S-sponsored malware for their own purposes? These types of concerns are exactly what discouraged the Pentagon from launching a cyber-attack against Saddam Hussein’s financial system before the invasion of Iraq [5].

Then there’s also the matter of efficacy. Was the Stuxnet attack actually as debilitating as a conventional military strike? Or have decision makers merely shown their hand and tipped off the Iranians. When Iranian military leaders originally assigned blame to the U.S. and Israel many people probably dismissed the accusation as a wild conspiracy theory [6]. The Iranians don’t seem so paranoid after all, do they?

One aspect of Stuxnet, which has been corroborated at length by forensic investigators, is that the worm leveraged unpatched software flaws (also known as zero-day attacks) to do its job. It’s generally known among Black Hats that the United States is a principal customer in the underground market for zero-day exploits [7]. As Bruce Schneier notes, the very existence of a market like this undermines our collective security [8]:  “The new market for security vulnerabilities results in a variety of government agencies around the world that have a strong interest in those vulnerabilities remaining unpatched. These range from law-enforcement agencies (like the FBI and the German police who are trying to build targeted Internet surveillance tools, to intelligence agencies like the NSA who are trying to build mass Internet surveillance tools, to military organizations who are trying to build cyber-weapons.”

The end result is security for the 1%, who reside behind the shroud of secrecy, and relative insecurity for everyone else.

Finally, and most importantly, Stuxnet has once again exposed American exceptionalism. Espionage and sabotage are presented as intolerable criminal transgressions, normally causing our elected officials and military leaders to erupt in fits of righteous indignation. That is, unless the United States is doing the spying and the sabotaging (in which case we’re seemingly rather proud of our status as leading rogue state). By crossing the Rubicon, our leaders have irrevocably lost the moral high ground. Not a wise decision for a country that, itself, depends heavily on the same buggy software that it regularly subverts.

Bill Blunden is the author of The Rootkit Arsenal and the primary investigator at Below Gotham Labs. 

Notes. 

[1] Evan Perez and Adam Entous, “FBI Probes Leaks on Iran Cyberattack,” Wall Street Journal, June 5, 2012

[2] David Sanger, “Obama Order Sped Up Wave of Cyberattacks Against Iran,” New York Times, June 1, 2012

[3] Jamie Metzl, “China’s Threat to World Order,” Wall Street Journal, August 17, 2011,

[4] Tabassum Zakaria, “Idaho laboratory analyzed Stuxnet computer virus,” Reuters, September 29, 2011

[5] John Markoff and Thom Shanker, “Halted ’03 Iraq Plan Illustrates U.S. Fear of Cyberwar Risk,” New York Times, August 1, 2009.

[6] “Iran blames U.S., Israel for Stuxnet malware,” Associated Press, April 16, 2011

[7] Andy Greenberg, “Shopping For Zero-Days: A Price List For Hackers’ Secret Software Exploits,” Forbes, March 23, 2012.

[8] Bruce Schneier, “The Vulnerabilities Market and the Future of Security,” June 1, 2012.

Like What You’ve Read? Support CounterPunch
Weekend Edition
August 28-30, 2015
Andrew Levine
Viva Trump?
Jeffrey St. Clair
Long Time Coming, Long Time Gone
Mike Whitney
Looting Made Easy: the $2 Trillion Buyback Binge
Alan Nasser
The Myth of the Middle Class: Have Most Americans Always Been Poor?
Rob Urie
Wall Street and the Cycle of Crises
Ismael Hossein-Zadeh
Behind the Congressional Disagreements Over the Iran Nuclear Deal
Randy Blazak
Donald Trump is the New Face of White Supremacy
Lawrence Ware – Marcus T. McCullough
I Won’t Say Amen: Three Black Christian Clichés That Must Go
Evan Jones
Zionism in Britain: a Neglected Chronicle
John Wight
Learning About the Migration Crisis From Ancient Rome
Andre Vltchek
Lebanon – What if it Fell?
Robert Fantina
Hillary Clinton, Palestine and the Long View
Ben Burgis
Gore Vidal Was Right: What Best of Enemies Leaves Out
Suzanne Gordon
How Vets May Suffer From McCain’s Latest Captivity
Robert Sandels - Nelson P. Valdés
The Cuban Adjustment Act: the Other Immigration Mess
Uri Avnery
The Molten Three: Israel’s Aborted Strike on Iran
John Stanton
Israel’s JINSA Earns Return on Investment: 190 Americans Admirals and Generals Oppose Iran Deal
Bill Yousman
The Fire This Time: Ta-Nehisi Coates’s “Between the World and Me”
Michael Welton
The Conversable World: Finding a Compass in Post-9/11 Times
Brian Cloughley
Don’t be Black in America
Charles Pierson
How the US and the WTO Crushed India’s Subsidies for Solar Energy
Kent Paterson
In Search of the Great New Mexico Chile Pepper in a Post-NAFTA Era
Binoy Kampmark
Live Death on Air: The Killings at WDBJ
Gui Rochat
The Guise of American Democracy
Emma Scully
Vultures Over Puerto Rico: the Financial Implications of Dependency
Chuck Churchill
Is “White Skin Privilege” the Key to Understanding Racism?
Kathleen Wallace
The Id(iots) Emerge
Andrew Stewart
Zionist Hip-Hop: a Critical Look at Matisyahu
Gregg Shotwell
The Fate of the UAW: Study, Aim, Fire
Halyna Mokrushyna
Decentralization Reform in Ukraine
Scott Parkin
Katrina Plus Ten: Climate Justice in Action
Norman Pollack
World Capitalism, a Basket Case: A Layman’s View
Sarah Lazare
Listening to Iraq
John Laforge
NSP/Xcel Energy Falsified Welding Test Documents on Rad Waste Casks
Wendell G Bradley
Drilling for Wattenberg Oil is Not Profitable
Joy First
Wisconsin Walk for Peace and Justice: Nine Arrested at Volk Field
Mel Gurtov
China’s Insecurity
Mateo Pimentel
An Operator’s Guide to Trump’s Racism
Yves Engler
Harper Conservatives and Abuse of Power
Michael Dickinson
Police Guns of Brixton: Another Unarmed Black Shot by London Cops
Ron Jacobs
Daydream Sunset: a Playlist
Charles R. Larson
The Beginning of the Poppy Wars: Amitav Ghosh’s “Flood of Fire”
David Yearsley
A Rising Star Over a Dark Forest
August 27, 2015
Sam Husseini
Foreign Policy, Sanders-Style: Backing Saudi Intervention
Brad Evans – Henry A. Giroux
Self-Plagiarism and the Politics of Character Assassination: the Case of Zygmunt Bauman