Click amount to donate direct to CounterPunch
  • $25
  • $50
  • $100
  • $500
  • $other
  • use PayPal
Support Our Annual Fund Drive! We only ask one time of year, but when we do, we mean it. Without your support we can’t continue to bring you the very best material, day-in and day-out. CounterPunch is one of the last common spaces on the Internet. Help make sure it stays that way.
FacebookTwitterGoogle+RedditEmail

Stuxnet Unbound

by BILL BLUNDEN

After its initial discovery in 2010 by a little-known antivirus vendor from Belarus, the culprit behind the Stuxnet computer worm has been revealed. Last week, based on information leaked by inside sources [1], an article in the New York Times reported that the United States and Israel had secretly embarked on a joint project (code-named Olympic Games) which developed the malware we know as Stuxnet [2]. Despite the ruckus that members of the establishment make in public about foreign hackers (e.g. warning that China is a “threat to world order” [3]), the U.S. is admittedly one of the most active players in this field. While coverage in the press may adopt a seemingly congratulatory tone, there are reasons why this is an unsettling state of affairs.

Containment and control are not trivial issues. As the White House discovered first-hand, once you deploy offensive software there’s no guarantee that it won’t find its way out into the wild and infect otherwise uninvolved third parties. Will the CIA be covering the costs incurred from Stuxnet breaches outside of Iran? What about the tax-payer money spent by the likes of the DHS to analyze and dissect the CIA’s creation [4]? And do you suppose there’s a risk that some enterprising Black Hat out there on the Internet will scavenge captured components from U.S-sponsored malware for their own purposes? These types of concerns are exactly what discouraged the Pentagon from launching a cyber-attack against Saddam Hussein’s financial system before the invasion of Iraq [5].

Then there’s also the matter of efficacy. Was the Stuxnet attack actually as debilitating as a conventional military strike? Or have decision makers merely shown their hand and tipped off the Iranians. When Iranian military leaders originally assigned blame to the U.S. and Israel many people probably dismissed the accusation as a wild conspiracy theory [6]. The Iranians don’t seem so paranoid after all, do they?

One aspect of Stuxnet, which has been corroborated at length by forensic investigators, is that the worm leveraged unpatched software flaws (also known as zero-day attacks) to do its job. It’s generally known among Black Hats that the United States is a principal customer in the underground market for zero-day exploits [7]. As Bruce Schneier notes, the very existence of a market like this undermines our collective security [8]:  “The new market for security vulnerabilities results in a variety of government agencies around the world that have a strong interest in those vulnerabilities remaining unpatched. These range from law-enforcement agencies (like the FBI and the German police who are trying to build targeted Internet surveillance tools, to intelligence agencies like the NSA who are trying to build mass Internet surveillance tools, to military organizations who are trying to build cyber-weapons.”

The end result is security for the 1%, who reside behind the shroud of secrecy, and relative insecurity for everyone else.

Finally, and most importantly, Stuxnet has once again exposed American exceptionalism. Espionage and sabotage are presented as intolerable criminal transgressions, normally causing our elected officials and military leaders to erupt in fits of righteous indignation. That is, unless the United States is doing the spying and the sabotaging (in which case we’re seemingly rather proud of our status as leading rogue state). By crossing the Rubicon, our leaders have irrevocably lost the moral high ground. Not a wise decision for a country that, itself, depends heavily on the same buggy software that it regularly subverts.

Bill Blunden is the author of The Rootkit Arsenal and the primary investigator at Below Gotham Labs. 

Notes. 

[1] Evan Perez and Adam Entous, “FBI Probes Leaks on Iran Cyberattack,” Wall Street Journal, June 5, 2012

[2] David Sanger, “Obama Order Sped Up Wave of Cyberattacks Against Iran,” New York Times, June 1, 2012

[3] Jamie Metzl, “China’s Threat to World Order,” Wall Street Journal, August 17, 2011,

[4] Tabassum Zakaria, “Idaho laboratory analyzed Stuxnet computer virus,” Reuters, September 29, 2011

[5] John Markoff and Thom Shanker, “Halted ’03 Iraq Plan Illustrates U.S. Fear of Cyberwar Risk,” New York Times, August 1, 2009.

[6] “Iran blames U.S., Israel for Stuxnet malware,” Associated Press, April 16, 2011

[7] Andy Greenberg, “Shopping For Zero-Days: A Price List For Hackers’ Secret Software Exploits,” Forbes, March 23, 2012.

[8] Bruce Schneier, “The Vulnerabilities Market and the Future of Security,” June 1, 2012.

Bill Blunden is a journalist whose current areas of inquiry include information security, anti-forensics, and institutional analysis. He is the author of several books, including “The Rootkit Arsenal” andBehold a Pale Farce: Cyberwar, Threat Inflation, and the Malware-Industrial Complex.” Bill is the lead investigator at Below Gotham Labs and a member of the California State University Employees Union, Chapter 305.

More articles by:

2016 Fund Drive
Smart. Fierce. Uncompromised. Support CounterPunch Now!

  • cp-store
  • donate paypal

CounterPunch Magazine

minimag-edit

September 26, 2016
Diana Johnstone
The Hillary Clinton Presidency has Already Begun as Lame Ducks Promote Her War
Gary Leupp
Hillary Clinton’s Campaign Against Russia
Dave Lindorff
Parking While Black: When Police Shoot as First Resort
Robert Crawford
The Political Rhetoric of Perpetual War
Howard Lisnoff
The Case of One Homeless Person
Michael Howard
The New York Times Endorses Hillary, Scorns the World
Russell Mokhiber
Wells Fargo and the Library of Congress’ National Book Festival
Chad Nelson
The Crime of Going Vegan: the Latest Attack on Angela Davis
Colin Todhunter
A System of Food Production for Human Need, Not Corporate Greed
Brian Cloughley
The United States Wants to Put Russia in a Corner
Guillermo R. Gil
The Clevenger Effect: Exposing Racism in Pro Sports
David Swanson
Turn the Pentagon into a Hospital
Ralph Nader
Are You Ready for Democracy?
Chris Martenson
Hell to Pay
Frank X Murphy
Power & Struggle: the Detroit Literacy Case
Chris Knight
The Tom and Noam Show: a Review of Tom Wolfe’s “The Kingdom of Speech”
Weekend Edition
September 23, 2016
Friday - Sunday
Andrew Levine
The Meaning of the Trump Surge
Jeffrey St. Clair
Roaming Charges: More Pricks Than Kicks
Mike Whitney
Oh, Say Can You See the Carnage? Why Stand for a Country That Can Gun You Down in Cold Blood?
Chris Welzenbach
The Diminution of Chris Hayes
Vincent Emanuele
The Riots Will Continue
Rob Urie
A Scam Too Far
Pepe Escobar
Les Deplorables
Patrick Cockburn
Airstrikes, Obfuscation and Propaganda in Syria
Timothy Braatz
The Quarterback and the Propaganda
Sheldon Richman
Obama Rewards Israel’s Bad Behavior
Libby Lunstrum - Patrick Bond
Militarizing Game Parks and Marketing Wildlife are Unsustainable Strategies
Andy Thayer
More Cops Will Worsen, Not Help, Chicago’s Violence Problem
Louis Yako
Can Westerners Help Refugees from War-torn Countries?
David Rosen
Rudy Giuliani & Trump’s Possible Cabinet
Joyce Nelson
TISA and the Privatization of Public Services
Pete Dolack
Global Warming Will Accelerate as Oceans Reach Limits of Remediation
Franklin Lamb
34 Years After the Sabra-Shatila Massacre
Cesar Chelala
How One Man Held off Nuclear War
Norman Pollack
Sovereign Immunity, War Crimes, and Compensation to 9/11 Families
Lamont Lilly
Standing Rock Stakes Claim for Sovereignty: Eyewitness Report From North Dakota
Barbara G. Ellis
A Sandernista Priority: Push Bernie’s Planks!
Hiroyuki Hamada
How Do We Dream the Dream of Peace Together?
Russell Mokhiber
From Rags and Robes to Speedos and Thongs: Why Trump is Crushing Clinton in WV
Julian Vigo
Living La Vida Loca
Aidan O'Brien
Where is Europe’s Duterte? 
Abel Cohen
Russia’s Improbable Role in Everything
Ron Jacobs
A Change Has Gotta’ Come
Uri Avnery
Shimon Peres and the Saga of Sisyphus
Graham Peebles
Ethiopian’s Crying out for Freedom and Justice
FacebookTwitterGoogle+RedditEmail