Israel’s 1981 bombing of the Iraq nuclear reactor, dubbed “Operation Babylon,” is credited with preventing Iraq from being nuclear armed ahead of the Persian Gulf War in 1991. The attack was also one of the world’s first introductions to cyberwarfare. Israel preceded its airstrike with a cyberattack to shut down Iraqi air defense networks.
Nearly three decades later, it happened again. The difference this time is that the attack was purely digital. On Sept. 26, 2010, Iran’s state-run media announced that the Bushehr Nuclear Power Plant was infected by malware that hit the IP addresses of more than 30,000 computer systems. The virus then spread uncontrollably and was found on computers in countries including China, Germany, and Indonesia.
The malware behind the attacks was dubbed “Stuxnet.”
The New York Times published an article on Jan. 16 shining more light onto the issue. It stated that Israel built nuclear centrifuges identical to those in the Bushehr plant to test a computer worm, and had cooperation from the United States. Although there is still no direct proof that the United States or Israel were behind Stuxnet, the two countries were the main suspects to begin with.
Despite accusations that Stuxnet was a U.S.-Israel project, there are flaws in the worm that suggest it was created elsewhere. Black Hat DC conference on digital exploits and cyberattacks on Jan. 18, security consultant Tom Parker analyzed Stuxnet’s code.
Parker “presented a compelling case that Stuxnet may be the product of a collaboration between two disparate groups, perhaps a talented group of programmers that produced most of the code and exploits and a less sophisticated group that may have adapted the tool for its eventual use,” states a report from Threat Post, the security news service of anti-virus company Kaspersky Lab.
“This was probably not a Western state. There were too many mistakes made. There’s a lot that went wrong,” Parker said, according to Threat Post. “There’s too much technical inconsistency. But, the bugs were unlikely to fail. They were all logic flaws with high reliability.” In simple terms, there were technical shortcomings, but the virus was still highly reliable.
Nate Lawson, a cybersecurity expert with Root Labs, analyzed Stuxnet in a Jan. 17 blog post, stating, “I really hope it wasn’t written by the USA because I’d like to think our elite cyberweapon developers at least know what Bulgarian teenagers did back in the early ’90s.”
Like Parker, Lawson states that the Stuxnet worm is full of holes. Among the shortcomings are “the Stuxnet developers seem to be unaware of more advanced techniques for hiding their target,” and “It does not use virtual machine-based obfuscation, novel techniques for anti-debugging, or anything else to make it different from the hundreds of malware samples found every day.”
Giving it credit, Stuxnet was highly effective and accomplished at what it was likely set loose to do—destroy Iran’s nuclear centrifuges. It was also incredibly clean and was free of any digital fingerprints that could trace it back to its creator.
The worm has no potential for monetary gain, which made the United States and Israel prime suspects.
The shortcomings of the virus were its downfall, however, and allowed it to be caught, duplicated, and analyzed by security experts the world over.
The Perfect Cyberweapon
The latest revelation about Stuxnet’s origins isn’t likely to cause more fallout from the region since it is more accusatory than conclusive. Discussions around Stuxnet will likely continue to receive the same denials it already carries from U.S. and Israeli officials.
The larger issue currently at hand is that the code behind Stuxnet is now freely available. A virus, which likely took millions of dollars to create, that can physically control moving parts of infrastructure, and can access systems even if they are not connected to the Internet, is on the loose.
A quick Google search reveals that Stuxnet is readily available for anyone to download via file sharing websites and links on message boards. Stuxnet has the potential to cause massive damage, and the main risk is possible alterations that hackers, terrorists, or foreign governments could make to the virus.
Think of Stuxnet as the cyberweapon equivalent of an improvised explosive device (IED). It is easily attainable and can cause huge damage, but the world now knows how to spot it. Like an IED, the real potential is in the alterations that can be made to make it more damaging and harder to spot.
The analysis of the Stuxnet worm, in particular, could lend to the creation of a more perfect cyberweapon.
Nate Lawson notes that there are many advanced features available that the Stuxnet developers could have included in their worm, but didn’t. “Whoever developed the code was probably in a hurry and decided using more advanced hiding techniques wasn’t worth the development/testing cost,” Lawson states.
The emergence of Stuxnet is significant, however. The attack showed that the days of top gun-style strikes are behind us, and the age of digital war is now at hand.
Cyberattacks have matured past the level of merely an assisting force, like that shown by Israel’s 1981 bombing of the Osiraq nuclear reactor, and have become highly effective tools that are difficult to trace back to any specific country. It can achieve the goal of a physical strike, but without the diplomatic fallout.
A top German computer consultant known as Langer told the Jerusalem Post in December that the Stuxnet attack “was nearly as effective as a military attack, but even better since there are no fatalities and no full-blown war.”
Langer estimated it will take two years for Iran to recover from the Stuxnet attack and suggested it would be easier for them to destroy the infected computers than try to remove the worm.
An Organization for European Economic Co-operation (OECD) report published on Jan. 14 predicted that, “a pure cyberwar, that is one fought solely with cyberweapons, is unlikely.” This also applies to Stuxnet.
The effect of Stuxnet on Iran’s nuclear facility has been assisted by physical and economic factors, including the assassination of an Iranian nuclear scientist, and the use of sanctions.
The OECD report states, “In nearly all future wars as well as the skirmishes that precede them policymakers must expect the use of cyberweaponry as a disrupter or force multiplier, deployed in conjunction with more conventional kinetic weaponry.”
Stuxnet has brought this new form of warfare to the center stage.
