• Monthly
  • $25
  • $50
  • $100
  • $other
  • use PayPal

Support Our Annual Fund Drive!fund-drive-progress-thermometer

We only shake our readers down two times a year, but when we ask we mean it. So, please, help as much as you can. All contributions are tax-deductible.
FacebookTwitterRedditEmail

Stuxnet Unbound

After its initial discovery in 2010 by a little-known antivirus vendor from Belarus, the culprit behind the Stuxnet computer worm has been revealed. Last week, based on information leaked by inside sources [1], an article in the New York Times reported that the United States and Israel had secretly embarked on a joint project (code-named Olympic Games) which developed the malware we know as Stuxnet [2]. Despite the ruckus that members of the establishment make in public about foreign hackers (e.g. warning that China is a “threat to world order” [3]), the U.S. is admittedly one of the most active players in this field. While coverage in the press may adopt a seemingly congratulatory tone, there are reasons why this is an unsettling state of affairs.

Containment and control are not trivial issues. As the White House discovered first-hand, once you deploy offensive software there’s no guarantee that it won’t find its way out into the wild and infect otherwise uninvolved third parties. Will the CIA be covering the costs incurred from Stuxnet breaches outside of Iran? What about the tax-payer money spent by the likes of the DHS to analyze and dissect the CIA’s creation [4]? And do you suppose there’s a risk that some enterprising Black Hat out there on the Internet will scavenge captured components from U.S-sponsored malware for their own purposes? These types of concerns are exactly what discouraged the Pentagon from launching a cyber-attack against Saddam Hussein’s financial system before the invasion of Iraq [5].

Then there’s also the matter of efficacy. Was the Stuxnet attack actually as debilitating as a conventional military strike? Or have decision makers merely shown their hand and tipped off the Iranians. When Iranian military leaders originally assigned blame to the U.S. and Israel many people probably dismissed the accusation as a wild conspiracy theory [6]. The Iranians don’t seem so paranoid after all, do they?

One aspect of Stuxnet, which has been corroborated at length by forensic investigators, is that the worm leveraged unpatched software flaws (also known as zero-day attacks) to do its job. It’s generally known among Black Hats that the United States is a principal customer in the underground market for zero-day exploits [7]. As Bruce Schneier notes, the very existence of a market like this undermines our collective security [8]:  “The new market for security vulnerabilities results in a variety of government agencies around the world that have a strong interest in those vulnerabilities remaining unpatched. These range from law-enforcement agencies (like the FBI and the German police who are trying to build targeted Internet surveillance tools, to intelligence agencies like the NSA who are trying to build mass Internet surveillance tools, to military organizations who are trying to build cyber-weapons.”

The end result is security for the 1%, who reside behind the shroud of secrecy, and relative insecurity for everyone else.

Finally, and most importantly, Stuxnet has once again exposed American exceptionalism. Espionage and sabotage are presented as intolerable criminal transgressions, normally causing our elected officials and military leaders to erupt in fits of righteous indignation. That is, unless the United States is doing the spying and the sabotaging (in which case we’re seemingly rather proud of our status as leading rogue state). By crossing the Rubicon, our leaders have irrevocably lost the moral high ground. Not a wise decision for a country that, itself, depends heavily on the same buggy software that it regularly subverts.

Bill Blunden is the author of The Rootkit Arsenal and the primary investigator at Below Gotham Labs. 

Notes. 

[1] Evan Perez and Adam Entous, “FBI Probes Leaks on Iran Cyberattack,” Wall Street Journal, June 5, 2012

[2] David Sanger, “Obama Order Sped Up Wave of Cyberattacks Against Iran,” New York Times, June 1, 2012

[3] Jamie Metzl, “China’s Threat to World Order,” Wall Street Journal, August 17, 2011,

[4] Tabassum Zakaria, “Idaho laboratory analyzed Stuxnet computer virus,” Reuters, September 29, 2011

[5] John Markoff and Thom Shanker, “Halted ’03 Iraq Plan Illustrates U.S. Fear of Cyberwar Risk,” New York Times, August 1, 2009.

[6] “Iran blames U.S., Israel for Stuxnet malware,” Associated Press, April 16, 2011

[7] Andy Greenberg, “Shopping For Zero-Days: A Price List For Hackers’ Secret Software Exploits,” Forbes, March 23, 2012.

[8] Bruce Schneier, “The Vulnerabilities Market and the Future of Security,” June 1, 2012.

More articles by:

Bill Blunden is a journalist whose current areas of inquiry include information security, anti-forensics, and institutional analysis. He is the author of several books, including “The Rootkit Arsenal” andBehold a Pale Farce: Cyberwar, Threat Inflation, and the Malware-Industrial Complex.” Bill is the lead investigator at Below Gotham Labs and a member of the California State University Employees Union, Chapter 305.

bernie-the-sandernistas-cover-344x550
Weekend Edition
October 11, 2019
Friday - Sunday
Becky Grant
CounterPunch in Peril?
Anthony DiMaggio
Fake News in Trump’s America
Andrew Levine
Trump’s End Days
Jeffrey St. Clair
High Plains Grifter: the Life and Crimes of George W. Bush
Patrick Cockburn
Kurdish Fighters Always Feared Trump Would be a Treacherous Ally
Paul Street
On the TrumpenLeft and False Equivalence
Dave Lindorff
Sure Trump is ‘Betraying the Kurds!’ But What’s New about That?
Rob Urie
Democrats Impeach Joe Biden, Fiddle as the Planet Burns
Sam Pizzigati
Inequality is Literally Killing Us
Jill Richardson
What Life on the Margins Feels Like
Mitchell Zimmerman
IMPOTUS: Droit de seigneur at Mar-a-Lago
Robert Hunziker
Methane SOS
Lawrence Davidson
Donald Trump, the Christian Warrior
William Hartung – Mandy Smithburger
The Pentagon is Pledging to Reform Itself, Again. It Won’t.
Richard Moser
The Empire Is Running Out of War Stories. Or is it? Will American Exceptionalism Rise Again?
Roger Harris
Why Trump is Facing Impeachment
Doug Lummis
Everything Going Wrong in Okinawa
Ramzy Baroud
Administrative Torture: Free Heba al-Labadi, a Jordanian Citizen in Israeli Prison
Christopher Ketcham
Ode to the Drums of Ginger Baker
W. T. Whitney
Upcoming Elections Represent Testing Time for Bolivia’s Socialist Government
Louis Proyect
Building Soldier Resistance Under the Shadows of Fascism
Mark Ashwill
Reflections on General Giap and the End of an Era in Vietnam
Gabriel Leão
Killing the Messengers: Rising Violence Against Journalists and Indigenous Leaders Defending the Amazon
Graham Peebles
Climate Change: All Talk No Action
Arthur Hoyle
The Meaning of Donald Trump
Dean Baker
Those Quaint Corporate Scandals in Japan
Laura Santina
Take Their Feet Off Our Necks
Julian Vigo
The New Workers’ Revolution is Afoot
Robert Koehler
The Rights of Nature
Dan Bacher
New Report Reveals Oil Waste in CA Aquifers
David Swanson
Trump’s Opponents Have Him Beat . . . When It Comes to Incompetence
Ben Debney
Liberals, Class and the Joker Complex
Brian Wakamo
Paying College Athletes: California Takes on the NCAA
Theo Wuest
Don’t Leave Equality to the Supreme Court
Jesse Jackson
To His Wealthy Donors, Trump is the Grifter
Mairead Maguire
Pathways to Peace
George Wuerthner
Logging Wild and Scenic River Corridors in the Name of Reducing Wildfires is a Really Bad Idea
Tracey L. Rogers
We Can’t Hug Away Injustice
Mike Garrity
How the Alliance for the Wild Rockies Stopped Trump From Bulldozing Cabinet-Yaak and Selkirk Grizzly Bears into Extinction
Lawrence Wittner
Why Are Americans So Confused About the Meaning of “Democratic Socialism”?
Nicky Reid
Climate Cthulhu: A Post-Modern Horror Story
Seth Sandronsky
A Sacramento King’s Ransom: Local Tax Dollars and the Owner’s Wealth
Susan Block
Cougar 2020?
David Yearsley
Mother Mallard’s Little Boy Grows Up
Elliot Sperber
Taking Out Columbus
FacebookTwitterRedditEmail