Click amount to donate direct to CounterPunch
  • $25
  • $50
  • $100
  • $500
  • $other
  • use PayPal
DOUBLE YOUR DONATION!
We don’t run corporate ads. We don’t shake our readers down for money every month or every quarter like some other sites out there. We provide our site for free to all, but the bandwidth we pay to do so doesn’t come cheap. A generous donor is matching all donations of $100 or more! So please donate now to double your punch!
FacebookTwitterGoogle+RedditEmail

Stuxnet Unbound

After its initial discovery in 2010 by a little-known antivirus vendor from Belarus, the culprit behind the Stuxnet computer worm has been revealed. Last week, based on information leaked by inside sources [1], an article in the New York Times reported that the United States and Israel had secretly embarked on a joint project (code-named Olympic Games) which developed the malware we know as Stuxnet [2]. Despite the ruckus that members of the establishment make in public about foreign hackers (e.g. warning that China is a “threat to world order” [3]), the U.S. is admittedly one of the most active players in this field. While coverage in the press may adopt a seemingly congratulatory tone, there are reasons why this is an unsettling state of affairs.

Containment and control are not trivial issues. As the White House discovered first-hand, once you deploy offensive software there’s no guarantee that it won’t find its way out into the wild and infect otherwise uninvolved third parties. Will the CIA be covering the costs incurred from Stuxnet breaches outside of Iran? What about the tax-payer money spent by the likes of the DHS to analyze and dissect the CIA’s creation [4]? And do you suppose there’s a risk that some enterprising Black Hat out there on the Internet will scavenge captured components from U.S-sponsored malware for their own purposes? These types of concerns are exactly what discouraged the Pentagon from launching a cyber-attack against Saddam Hussein’s financial system before the invasion of Iraq [5].

Then there’s also the matter of efficacy. Was the Stuxnet attack actually as debilitating as a conventional military strike? Or have decision makers merely shown their hand and tipped off the Iranians. When Iranian military leaders originally assigned blame to the U.S. and Israel many people probably dismissed the accusation as a wild conspiracy theory [6]. The Iranians don’t seem so paranoid after all, do they?

One aspect of Stuxnet, which has been corroborated at length by forensic investigators, is that the worm leveraged unpatched software flaws (also known as zero-day attacks) to do its job. It’s generally known among Black Hats that the United States is a principal customer in the underground market for zero-day exploits [7]. As Bruce Schneier notes, the very existence of a market like this undermines our collective security [8]:  “The new market for security vulnerabilities results in a variety of government agencies around the world that have a strong interest in those vulnerabilities remaining unpatched. These range from law-enforcement agencies (like the FBI and the German police who are trying to build targeted Internet surveillance tools, to intelligence agencies like the NSA who are trying to build mass Internet surveillance tools, to military organizations who are trying to build cyber-weapons.”

The end result is security for the 1%, who reside behind the shroud of secrecy, and relative insecurity for everyone else.

Finally, and most importantly, Stuxnet has once again exposed American exceptionalism. Espionage and sabotage are presented as intolerable criminal transgressions, normally causing our elected officials and military leaders to erupt in fits of righteous indignation. That is, unless the United States is doing the spying and the sabotaging (in which case we’re seemingly rather proud of our status as leading rogue state). By crossing the Rubicon, our leaders have irrevocably lost the moral high ground. Not a wise decision for a country that, itself, depends heavily on the same buggy software that it regularly subverts.

Bill Blunden is the author of The Rootkit Arsenal and the primary investigator at Below Gotham Labs. 

Notes. 

[1] Evan Perez and Adam Entous, “FBI Probes Leaks on Iran Cyberattack,” Wall Street Journal, June 5, 2012

[2] David Sanger, “Obama Order Sped Up Wave of Cyberattacks Against Iran,” New York Times, June 1, 2012

[3] Jamie Metzl, “China’s Threat to World Order,” Wall Street Journal, August 17, 2011,

[4] Tabassum Zakaria, “Idaho laboratory analyzed Stuxnet computer virus,” Reuters, September 29, 2011

[5] John Markoff and Thom Shanker, “Halted ’03 Iraq Plan Illustrates U.S. Fear of Cyberwar Risk,” New York Times, August 1, 2009.

[6] “Iran blames U.S., Israel for Stuxnet malware,” Associated Press, April 16, 2011

[7] Andy Greenberg, “Shopping For Zero-Days: A Price List For Hackers’ Secret Software Exploits,” Forbes, March 23, 2012.

[8] Bruce Schneier, “The Vulnerabilities Market and the Future of Security,” June 1, 2012.

More articles by:

Bill Blunden is a journalist whose current areas of inquiry include information security, anti-forensics, and institutional analysis. He is the author of several books, including “The Rootkit Arsenal” andBehold a Pale Farce: Cyberwar, Threat Inflation, and the Malware-Industrial Complex.” Bill is the lead investigator at Below Gotham Labs and a member of the California State University Employees Union, Chapter 305.

October 23, 2018
Dean Baker
Looking for the Next Crisis: the Not Very Scary World of CLOs
Binoy Kampmark
Leaking for Change: ASIO, Jakarta, and Australia’s Jerusalem Problem
Chris Wright
The Necessity of “Lesser-Evil” Voting
Muhammad Othman
Daunting Challenge for Activists: The Cook Customer “Connection”
Don Fitz
A Debate for Auditor: What the Papers Wouldn’t Say
October 22, 2018
Henry Giroux
Neoliberalism in the Age of Pedagogical Terrorism
Melvin Goodman
Washington’s Latest Cold War Maneuver: Pulling Out of the INF
David Mattson
Basket of Deplorables Revisited: Grizzly Bears at the Mercy of Wyoming
Michelle Renee Matisons
Hurricane War Zone Further Immiserates Florida Panhandle, Panama City
Tom Gill
A Storm is Brewing in Europe: Italy and Its Public Finances Are at the Center of It
Suyapa Portillo Villeda
An Illegitimate, US-Backed Regime is Fueling the Honduran Refugee Crisis
Christopher Brauchli
The Liars’ Bench
Gary Leupp
Will Trump Split the World by Endorsing a Bold-Faced Lie?
Michael Howard
The New York Times’ Animal Cruelty Fetish
Alice Slater
Time Out for Nukes!
Geoff Dutton
Yes, Virginia, There are Conspiracies—I Think
Daniel Warner
Davos in the Desert: To Attend or Not, That is Not the Question
Priti Gulati Cox – Stan Cox
Mothers of Exiles: For Many, the Child-Separation Ordeal May Never End
Manuel E. Yepe
Pence v. China: Cold War 2.0 May Have Just Begun
Raouf Halaby
Of Pith Helmets and Sartorial Colonialism
Dan Carey
Aspirational Goals  
Wim Laven
Intentional or Incompetence—Voter Suppression Where We Live
Weekend Edition
October 19, 2018
Friday - Sunday
Jason Hirthler
The Pieties of the Liberal Class
Jeffrey St. Clair
A Day in My Life at CounterPunch
Paul Street
“Male Energy,” Authoritarian Whiteness and Creeping Fascism in the Age of Trump
Nick Pemberton
Reflections on Chomsky’s Voting Strategy: Why The Democratic Party Can’t Be Saved
John Davis
The Last History of the United States
Yigal Bronner
The Road to Khan al-Akhmar
Robert Hunziker
The Negan Syndrome
Andrew Levine
Democrats Ahead: Progressives Beware
Rannie Amiri
There is No “Proxy War” in Yemen
David Rosen
America’s Lost Souls: the 21st Century Lumpen-Proletariat?
Joseph Natoli
The Age of Misrepresentations
Ron Jacobs
History Is Not Kind
John Laforge
White House Radiation: Weakened Regulations Would Save Industry Billions
Ramzy Baroud
The UN ‘Sheriff’: Nikki Haley Elevated Israel, Damaged US Standing
Robert Fantina
Trump, Human Rights and the Middle East
Anthony Pahnke – Jim Goodman
NAFTA 2.0 Will Help Corporations More Than Farmers
Jill Richardson
Identity Crisis: Elizabeth Warren’s Claims Cherokee Heritage
Sam Husseini
The Most Strategic Midterm Race: Elder Challenges Hoyer
Maria Foscarinis – John Tharp
The Criminalization of Homelessness
Robert Fisk
The Story of the Armenian Legion: a Dark Tale of Anger and Revenge
Jacques R. Pauwels
Dinner With Marx in the House of the Swan
Dave Lindorff
US ‘Outrage’ over Slaying of US Residents Depends on the Nation Responsible
Ricardo Vaz
How Many Yemenis is a DC Pundit Worth?
FacebookTwitterGoogle+RedditEmail