• Monthly
  • $25
  • $50
  • $100
  • $other
  • use PayPal

SPRING FUNDRAISER

Is it time for our Spring fundraiser already? If you enjoy what we offer, and have the means, please consider donating. The sooner we reach our modest goal, the faster we can get back to business as (un)usual. Please, stay safe and we’ll see you down the road.
FacebookTwitterRedditEmail

Stuxnet Unbound

After its initial discovery in 2010 by a little-known antivirus vendor from Belarus, the culprit behind the Stuxnet computer worm has been revealed. Last week, based on information leaked by inside sources [1], an article in the New York Times reported that the United States and Israel had secretly embarked on a joint project (code-named Olympic Games) which developed the malware we know as Stuxnet [2]. Despite the ruckus that members of the establishment make in public about foreign hackers (e.g. warning that China is a “threat to world order” [3]), the U.S. is admittedly one of the most active players in this field. While coverage in the press may adopt a seemingly congratulatory tone, there are reasons why this is an unsettling state of affairs.

Containment and control are not trivial issues. As the White House discovered first-hand, once you deploy offensive software there’s no guarantee that it won’t find its way out into the wild and infect otherwise uninvolved third parties. Will the CIA be covering the costs incurred from Stuxnet breaches outside of Iran? What about the tax-payer money spent by the likes of the DHS to analyze and dissect the CIA’s creation [4]? And do you suppose there’s a risk that some enterprising Black Hat out there on the Internet will scavenge captured components from U.S-sponsored malware for their own purposes? These types of concerns are exactly what discouraged the Pentagon from launching a cyber-attack against Saddam Hussein’s financial system before the invasion of Iraq [5].

Then there’s also the matter of efficacy. Was the Stuxnet attack actually as debilitating as a conventional military strike? Or have decision makers merely shown their hand and tipped off the Iranians. When Iranian military leaders originally assigned blame to the U.S. and Israel many people probably dismissed the accusation as a wild conspiracy theory [6]. The Iranians don’t seem so paranoid after all, do they?

One aspect of Stuxnet, which has been corroborated at length by forensic investigators, is that the worm leveraged unpatched software flaws (also known as zero-day attacks) to do its job. It’s generally known among Black Hats that the United States is a principal customer in the underground market for zero-day exploits [7]. As Bruce Schneier notes, the very existence of a market like this undermines our collective security [8]:  “The new market for security vulnerabilities results in a variety of government agencies around the world that have a strong interest in those vulnerabilities remaining unpatched. These range from law-enforcement agencies (like the FBI and the German police who are trying to build targeted Internet surveillance tools, to intelligence agencies like the NSA who are trying to build mass Internet surveillance tools, to military organizations who are trying to build cyber-weapons.”

The end result is security for the 1%, who reside behind the shroud of secrecy, and relative insecurity for everyone else.

Finally, and most importantly, Stuxnet has once again exposed American exceptionalism. Espionage and sabotage are presented as intolerable criminal transgressions, normally causing our elected officials and military leaders to erupt in fits of righteous indignation. That is, unless the United States is doing the spying and the sabotaging (in which case we’re seemingly rather proud of our status as leading rogue state). By crossing the Rubicon, our leaders have irrevocably lost the moral high ground. Not a wise decision for a country that, itself, depends heavily on the same buggy software that it regularly subverts.

Bill Blunden is the author of The Rootkit Arsenal and the primary investigator at Below Gotham Labs. 

Notes. 

[1] Evan Perez and Adam Entous, “FBI Probes Leaks on Iran Cyberattack,” Wall Street Journal, June 5, 2012

[2] David Sanger, “Obama Order Sped Up Wave of Cyberattacks Against Iran,” New York Times, June 1, 2012

[3] Jamie Metzl, “China’s Threat to World Order,” Wall Street Journal, August 17, 2011,

[4] Tabassum Zakaria, “Idaho laboratory analyzed Stuxnet computer virus,” Reuters, September 29, 2011

[5] John Markoff and Thom Shanker, “Halted ’03 Iraq Plan Illustrates U.S. Fear of Cyberwar Risk,” New York Times, August 1, 2009.

[6] “Iran blames U.S., Israel for Stuxnet malware,” Associated Press, April 16, 2011

[7] Andy Greenberg, “Shopping For Zero-Days: A Price List For Hackers’ Secret Software Exploits,” Forbes, March 23, 2012.

[8] Bruce Schneier, “The Vulnerabilities Market and the Future of Security,” June 1, 2012.

More articles by:

Bill Blunden is a journalist whose current areas of inquiry include information security, anti-forensics, and institutional analysis. He is the author of several books, including “The Rootkit Arsenal” andBehold a Pale Farce: Cyberwar, Threat Inflation, and the Malware-Industrial Complex.” Bill is the lead investigator at Below Gotham Labs and a member of the California State University Employees Union, Chapter 305.

June 03, 2020
Anthony DiMaggio
Revolution, Not Riots: Prospects for Radical Transformation in the Covid-19 Era
Jennifer Loewenstein
From Mississippi to Minneapolis: Leaving the ‘Abyss of Despair’
Kenneth Surin
The UK Compared With Other Countries on the Pandemic
Kenn Orphan
The Sadism of American Power
John Pilger
The Coup Against ‘The Most Loyal Ally’
Paul Street
“Total Domination”: Popular Rebellion in the Shadow of Trumpism-Fascism
Eric Murphy
The Police Are The Out-Of-Towners Provoking Violence
Melvin Goodman
How the Washington Post Accommodates Disinformation
Rev. William Alberts
It’s the Worshippers Who Are “Essential”
Georgina Downs
No, the Public Fury Will Not “Move On” Prime Minister!
George V. Wright
It is Happening Here
M. G. Piety
Tales from the Dark Side of Customer Service, or “Christians” Giving Christians a Bad Name
Chandra Muzaffar
A Superpower in Chaos
Thomas Knapp
Time to Stop Messing Around and Strike at the Root of Police Violence
Thomas M. Hanna
The Oligopoly That Controls Our Digital Infrastructure Has Deepened Economic and Racial Divides
Andrew Stewart
The Ethics of Police Murder Video Exhibition: Democratizing The News Feed, Re-Traumatizing The Survivors, Or Both?
Binoy Kampmark
Death, Protest and George Floyd
David Rovics
Who’s Trashing Downtown Every Night and Why?
Harvey Wasserman
Trump Is No Accident
Behrooz Ghamari Tabrizi
Biden and the Common Sense Voter
Timothy Ingalsbee
Ecosystems, Logging and the Definition of Insanity
Elliot Sperber
The Birds of Brooklyn
June 02, 2020
Zoltan Grossman
Deploying Federal Troops in a War at Home Would Make a Bad Situation Worse
Nicholas Buccola
Amy Cooper is Christian Cooper’s Lost, Younger Sister 
Manuel García, Jr.
Global Warming is Nuclear War
Patrick Cockburn
An Unavoidable Recognition of Failure: Trump’s Withdrawal From Afghanistan
John Feffer
Is It Time to Boycott the USA?
Kathy Kelly
Beating Swords to Plowshares
Lawrence Davidson
U.S. Urban Riots Revisited
Sam Pizzigati
“Failed State” Status Here We Come
Ron Jacobs
In Defense of Antifa
Cesar Chelala
Bolsonaro and Trump: Separated at Birth
George Wuerthner
The BLM’s License to Destroy Sagebrush Ecosystems
Danny Antonelli
The Absurdity of Hope
Binoy Kampmark
Sinister Flatulence: Trump Versus Twitter
John Stanton
How Much Violence and Destruction is Enough for Depraved American Leaders and Their Subjects?
Richard C. Gross
The Enemy Within
Thomas Knapp
Trump’s “Free Speech:” Doctrine: Never, Ever, Ever Mention He’s a Liar
John W. Whitehead
This Is Not a Revolution. It’s a Blueprint for Locking Down the Nation
June 01, 2020
Joshua Frank
It’s a Class War Now Too
Richard D. Wolff
Why the Neoliberal Agenda is a Failure at Fighting Coronavirus
Henry Giroux
Racial Domestic Terrorism and the Legacy of State Violence
Ron Jacobs
The Second Longest War in the United States
Kanishka Chowdhury
The Return of the “Outside Agitator”
Lee Hall
“You Loot; We Shoot”
FacebookTwitterRedditEmail