Stuxnet Unbound


After its initial discovery in 2010 by a little-known antivirus vendor from Belarus, the culprit behind the Stuxnet computer worm has been revealed. Last week, based on information leaked by inside sources [1], an article in the New York Times reported that the United States and Israel had secretly embarked on a joint project (code-named Olympic Games) which developed the malware we know as Stuxnet [2]. Despite the ruckus that members of the establishment make in public about foreign hackers (e.g. warning that China is a “threat to world order” [3]), the U.S. is admittedly one of the most active players in this field. While coverage in the press may adopt a seemingly congratulatory tone, there are reasons why this is an unsettling state of affairs.

Containment and control are not trivial issues. As the White House discovered first-hand, once you deploy offensive software there’s no guarantee that it won’t find its way out into the wild and infect otherwise uninvolved third parties. Will the CIA be covering the costs incurred from Stuxnet breaches outside of Iran? What about the tax-payer money spent by the likes of the DHS to analyze and dissect the CIA’s creation [4]? And do you suppose there’s a risk that some enterprising Black Hat out there on the Internet will scavenge captured components from U.S-sponsored malware for their own purposes? These types of concerns are exactly what discouraged the Pentagon from launching a cyber-attack against Saddam Hussein’s financial system before the invasion of Iraq [5].

Then there’s also the matter of efficacy. Was the Stuxnet attack actually as debilitating as a conventional military strike? Or have decision makers merely shown their hand and tipped off the Iranians. When Iranian military leaders originally assigned blame to the U.S. and Israel many people probably dismissed the accusation as a wild conspiracy theory [6]. The Iranians don’t seem so paranoid after all, do they?

One aspect of Stuxnet, which has been corroborated at length by forensic investigators, is that the worm leveraged unpatched software flaws (also known as zero-day attacks) to do its job. It’s generally known among Black Hats that the United States is a principal customer in the underground market for zero-day exploits [7]. As Bruce Schneier notes, the very existence of a market like this undermines our collective security [8]:  “The new market for security vulnerabilities results in a variety of government agencies around the world that have a strong interest in those vulnerabilities remaining unpatched. These range from law-enforcement agencies (like the FBI and the German police who are trying to build targeted Internet surveillance tools, to intelligence agencies like the NSA who are trying to build mass Internet surveillance tools, to military organizations who are trying to build cyber-weapons.”

The end result is security for the 1%, who reside behind the shroud of secrecy, and relative insecurity for everyone else.

Finally, and most importantly, Stuxnet has once again exposed American exceptionalism. Espionage and sabotage are presented as intolerable criminal transgressions, normally causing our elected officials and military leaders to erupt in fits of righteous indignation. That is, unless the United States is doing the spying and the sabotaging (in which case we’re seemingly rather proud of our status as leading rogue state). By crossing the Rubicon, our leaders have irrevocably lost the moral high ground. Not a wise decision for a country that, itself, depends heavily on the same buggy software that it regularly subverts.

Bill Blunden is the author of The Rootkit Arsenal and the primary investigator at Below Gotham Labs. 


[1] Evan Perez and Adam Entous, “FBI Probes Leaks on Iran Cyberattack,” Wall Street Journal, June 5, 2012

[2] David Sanger, “Obama Order Sped Up Wave of Cyberattacks Against Iran,” New York Times, June 1, 2012

[3] Jamie Metzl, “China’s Threat to World Order,” Wall Street Journal, August 17, 2011,

[4] Tabassum Zakaria, “Idaho laboratory analyzed Stuxnet computer virus,” Reuters, September 29, 2011

[5] John Markoff and Thom Shanker, “Halted ’03 Iraq Plan Illustrates U.S. Fear of Cyberwar Risk,” New York Times, August 1, 2009.

[6] “Iran blames U.S., Israel for Stuxnet malware,” Associated Press, April 16, 2011

[7] Andy Greenberg, “Shopping For Zero-Days: A Price List For Hackers’ Secret Software Exploits,” Forbes, March 23, 2012.

[8] Bruce Schneier, “The Vulnerabilities Market and the Future of Security,” June 1, 2012.

October 06, 2015
Vijay Prashad
Afghanistan, the Terrible War: Money for Nothing
Mike Whitney
How Putin will Win in Syria
Paul Street
Yes, There is an Imperialist Ruling Class
Paul Craig Roberts
American Vice
W. T. Whitney
Why is the US Government Persecuting IFCO/Pastors for Peace Humanitarian Organization?
Kathy Kelly
Bombing Hospitals: 22 People Killed by US Airstrike on Doctors Without Borders Hospital in Kunduz, Afghanistan
Murray Dobbin
Rise Up, Precariat! Cheap Labour is Over
Ron Jacobs
Patti Smith and the Beauty of Memory
David Macaray
Coal Executive Finally Brought Up on Criminal Charges
Norman Pollack
Cold War Rhetoric: The Kept Intelligentsia
Cecil Brown
The Firing This Time: School Shootings and James Baldwin’s Final Message
Roger Annis
The Canadian Election and the Global Climate Crisis
Jesse Jackson
Alabama’s New Jim Crow Far From Subtle
Joe Ramsey
After Umpqua: Does America Have a Gun Problem….or a Dying Capitalist Empire Problem?
October 05, 2015
Michael Hudson
Parasites in the Body Economic: the Disasters of Neoliberalism
Patrick Cockburn
Why We Should Welcome Russia’s Entry Into Syrian War
Kristine Mattis
GMO Propaganda and the Sociology of Science
Heidi Morrison
Well-Intentioned Islamophobia
Ralph Nader
Monsanto and Its Promoters vs. Freedom of Information
Arturo Desimone
Retro-Colonialism: the Exportation of Austerity as War By Other Means
Robert M. Nelson
Noted Argentine Chemist Warns of Climate Disaster
Matt Peppe
Misrepresentation of the Colombian Conflict
Barbara Dorris
Pope Sympathizes More with Bishops, Less with Victims
Clancy Sigal
I’m Not a Scientologist, But I Wish TV Shrinks Would Just Shut Up
Chris Zinda
Get Outta’ Dodge: the State of the Constitution Down in Dixie
Eileen Applebaum
Family and Medical Leave Insurance, Not Tax Credits, Will Help Families
Pierre-Damien Mvuyekure
“Boxing on Paper” for the Nation of Islam, Black Nationalism, and the Black Athlete: a Review of “The Complete Muhammad Ali” by Ishmael Reed
Lawrence Ware
Michael Vick and the Hypocrisy of NFL Fans
Gary Corseri - Charles Orloski
Poets’ Talk: Pope Francis, Masilo, Marc Beaudin, et. al.
Weekend Edition
October 2-4, 2015
Henry Giroux
Murder, USA: Why Politicians Have Blood on Their Hands
Mike Whitney
Putin’s Lightning War in Syria
Jennifer Loewenstein
Heading Toward a Collision: Syria, Saudi Arabia and Regional Proxy Wars
John Pilger
Wikileaks vs. the Empire: the Revolutionary Act of Telling the Truth
Gary Leupp
A Useful Prep-Sheet on Syria for Media Propagandists
Jeffrey St. Clair
Pesticides, Neoliberalism and the Politics of Acceptable Death
Joshua Frank
The Need to Oppose All Foreign Intervention in Syria
Lawrence Ware – Paul Buhle
Insurrectional Black Power: CLR James on Race and Class
Oliver Tickell
Jeremy Corbyn’s Heroic Refusal to be a Nuclear Mass Murderer
Helen Yaffe
Che’s Economist: Remembering Jorge Risquet
Mark Hand
‘Rape Rooms’: How West Virginia Women Paid Off Coal Company Debts
Michael Welton
Junior Partner of Empire: Why Canada’s Foreign Policy Isn’t What You Think
Yves Engler
War Crimes in the Dark: Inside Canada’s Special Forces
Arno J. Mayer
Israel: the Wages of Hubris and Violence
W. T. Whitney
Cuban Government Describes Devastating Effects of U. S. Economic Blockade
Brian Cloughley
The US-NATO Alliance Destroyed Libya, Where Next?