Super Stuxnet? U.S., Israel Escalating Malware War Against Iran

Iran centrifugesRichard Sale, author of Clinton’s Secret Wars, has written an article outlining the escalation of the joint U.S.-Israeli cyber attack on Iran’s nuclear program. A new malware, apparently built off of the Stuxnet worm used against Iran’s centrifuge systems between 2009 and 2010, is in development:

According to former and serving US intelligence officials, leaders of the three major software companies, Sergey Brin at Google, Steve Ballmer at Microsoft and Larry Ellison at Oracle have been working with Israel’s top cyber warriors and have now come up with a new version of a Stuxnet-like worm that can bring down Iran’s entire software networks if the Iranian regime gets too close to breakout, according to US intelligence sources.

[Snip]

This new Stuxnet worm is being advanced by administration and intelligence officials as a more powerful tool with a stronger range and capability than the previous version. Officials want this new cyber capability to derail any military action that could result in a regional war.

You have to ask, if it’s that good, why stop at deterrence when you can aim for preemption? It would be far easier for Israeli, U.S. and UK warplanes to operate over Iran in the event of an attack if this “Super Stuxnet” scrambled Iran’s air defense systems, rendering early warning and interception systems impotent. It opens up new scenarios for U.S. action — covert or overt — vis a vis Iran’s nuclear program. Surely the UK military, which has committed to reinforcing the U.S. naval presence in the Gulf and whose officials spoke at length in the Guardian on what might be used to take out Iran’s nuclear assets (Tomahawk cruise missile, airstrikes, commandos) will welcome this new tool.

Far from being a deterrent, this new malware has the potential to be the software equivalent of the Strategic Defense Initiative. Yet while “Super Stuxnet” might turn into a U.S.-Israeli trump card, it also has the potential to become the electronic equivalent of Operation Fast and Furious.

Stuxnet, which entered the world wide web as early as 2009 and was discovered at work in Iran the next year, was built under U.S.-Israeli government auspices using stolen Taiwanese software certificates so that it could infect a widely-used “industrial control system made by the German conglomerate Siemens that was used to program controllers that drive motors, valves and switches,” i.e., Iranian centrifuge components. According to Wired magazine, the sophistication of the device and its target befuddled security experts because no one could initially figure out why a hacker would want to sabotage these systems (the answer was that the hackers were government-backed cyber warfare experts).

Then again, this avenue of attack is not new. If certain Cold Warriors are to be believed, the U.S. has a thing for valve sabotage. Thomas C. Reed, a former Secretary of the Air Force and Reagan-era advisor affiliated with the nuclear-warhead manufacturer Lawrence Livermore National Laboratory, contends that in the 1980s, the U.S. discovered a KGB network that existed solely to steal and reverse engineer Western computer technology. Rather than expose the network, the U.S. used information from a KGB double agent’s papers (the “Farewell” Dossier) to determine what companies the KGB was stealing from. The U.S. then slipped all manner of cyber ordinance into their products. One such “logic bomb” allegedly destroyed a key Soviet pipeline by scrambling the software that controlled the pressure and flow of oil. The story of this sabotage effort was publicized by William Safire in 2004, and by the CIA itself in 2007.

Programming valves and motors to malfunction? Now doesn’t that sound familiar?

If this “Super Stuxnet” does exist, then it represents a comprehensive sabotage plan with far grander goals than the original Stuxnet, or even the “Farewell” Dossier, which, for all its defense applications (launch silo shutters unable to be opened or closed due to a bug?) was only targeted at the Soviet economy. It essentially amounts to an internet kill switch + EMP that can be activated remotely — or is already capable of activating itself at a preprogrammed time.

Iran, like the USSR in the 1980s, presumably has no advanced cyber warfare capacity to retaliate with, despite its attempts to play up its own cyber warfare capacity. The USSR could not identify or isolate the electronic weapons used against it in the 1980s. Iran today would likely have a tough time doing anything more with “Super Stuxnet” than enduring it’s machinations. But Iran has some friends who might be more adept at turning “Super Stuxnet” on its handlers.

Russia, of course, comes to mind. Revenge for “Farewell”? Poetic, but not pragmatic. Instead, Russia would presumably be interested in both the original and the new Stuxnets because of their security applications. Defensively, seeing how these worms work would help Russia enhance protection of its own nuclear production assets and protect its communications systems from being scrambled during a military action. Offensively, we saw Russia use cyber warfare in the 2008 Georgian conflict, targeting civilian, government and military internet assets. For all Russia’s financial and technical problems, she does endeavor to stay on the cutting edge in every military arm.

The cutting edge is very important for Russia not just because of NATO, but because she shares a very long border with the world’s leading cyber warfare aspirant, the People’s Republic of China — which also happen to be friends of Tehran’s.

China’s interests in seeing how the Stuxnets work are basically similar to Russia’s, with the added goal of surpassing the U.S.’s own cyber warfare capabilities as soon as possible. The People’s Liberation is Army is tailoring cyber warfare assets towards an “Integrated Network Electronic Warfare” that can target U.S. civilian and military infrastructure, from satellites to stop lights.

So, whatever success or deterrence “Super Stuxnet” brings Tel Aviv and Washington, I’d like to ask its creators what they think the Iranians did with the original Stuxnet-contaminated hardware after removing it?

A. Dumped it in an electronic graveyard 

B. Locked it in a heavily-guarded warehouse

C. Passed it onto the People’s Republic of China and/or Russia

Of course, this presumes China and Russia have normal diplomatic relations with Iran, the kind of relations in which countries with some shared strategic objectives — securing energy access, increasing their regional influence, undermining American hyperpower — exchange military, financial and diplomatic support on a semi-regular basis.

It doesn’t take much. One flash drive, a laptop or two. Maybe a server. All bundled off to bunkers in Moscow or Shanghai c/o the Iranian Revolutionary Guard.

As Richard Sale quotes an unnamed U.S. official, cyberweapons are essentially electronic bioweapons. And when you want to see how your opponent’s bioweapons work, you need infected tissue samples — both to make a cure, and then to engineer your own, superior version.

Paul Mutter is a graduate student at the Arthur L. Carter Journalism Institute at NYU and a contributor to Foreign Policy In Focus.