ProPublica

Journalism in the Public Interest

Cancel

Cheat Sheet: Behind The U.S. Cyberattacks on Iran

As long suspected, the Stuxnet cyberattacks on Iran’s nuclear enrichment program were a joint U.S.-Israeli project, but the computer worm’s release to the Internet at large was unintended, The New York Times reports.

.

American officials claim that Flame, a complex piece of computer malware, has attacked Iranian infrastructure (Flickr: marsmet543)

This morning, The New York Times published a report detailing how the Bush and Obama administrations created the cyberweapon known as Stuxnet and used it to disrupt Iran’s uranium enrichment program.

Much has been written about Stuxnet, which, as ProPublica recently reported, remains a threat beyond Iran. But the Times account, based on interviews with unnamed U.S. and Israeli officials, is the most extensive account to date of U.S. cyberwarfare capabilities. Here’s our cheat sheet on what’s new and the fallout:

  • Because of Stuxnet’s complexity, cybersecurity analysts have long suspected it was a U.S.-Israeli effort. The Times story confirms this for the first time, disclosing that the project was code-named “Olympic Games.”
  • Olympic Games began under the Bush administration, and during development, it was known as “the bug.”
  • President Obama has repeatedly expressed concern that if the U.S. acknowledges it is behind Stuxnet, it would give terrorists and enemy states a justification for their own attacks.
  • Stuxnet was introduced into Iran's enrichment facility at Natanz by an unwitting Iranian. “It turns out there is always an idiot around who doesn’t think much about the thumb drive in their hand," a source told the Times.
  • To test the bug in secret Department of Energy labs, the U.S. used aging centrifuges handed over in 2003 by Libyan dictator Col. Muammar el-Qaddafi, making them into replicas of the nuclear enrichment facilities Iran used.
  • The attack on Iran became the first known instance of the U.S. using computer code to physically damage another country’s infrastructure. Obama, the Times writes, “was acutely aware that with every attack he was pushing the United States into new territory, much as his predecessors had with the first use of atomic weapons in the 1940s, of intercontinental missiles in the 1950s and of drones in the past decade.”
  • The Israeli role in the attack came from a military unit called Unit 8200 that had “technical expertise that rivaled” the U.S. National Security Agency’s as well as significant intelligence about Iran’s nuclear facilities.
  • When a programming error made Stuxnet’s code public in 2010, Obama considered halting Olympic Games altogether. But in the end, the administration decided to accelerate the attacks.
  • It’s unclear who was responsible for the programming error, but some in the Obama administration blamed the Israelis. The Times names Vice President Joe Biden:  “Mr. Biden fumed. ‘It’s got to be the Israelis,’ he said. ‘They went too far.’ ”
  • American officials claim that Flame, an even more complex piece of computer malware that has also attacked Iranian infrastructure, is not part of Olympic Games — but they didn’t explicitly deny it was an American project.
  • Opinion is divided as to whether Olympic Games was successful in slowing uranium enrichment in Iran. Administration officials said they had set the Iranians back 18 months to two years, but other experts say enrichment levels quickly recovered and that Iran today has enough fuel for five or more weapons with additional enrichment.

The Obama administration has long emphasized the importance of domestic cybersecurity, but recent statements show an increasing openness about offensive capabilities. Secretary of State Hillary Clinton acknowledged last month that government hackers had attacked Al Qaeda propaganda sites in Yemen, changing information in ads that talked about killing Americans to show how many Yemenis had died in Al Qaeda attacks. 

For years, the Iranians had no idea they were being attacked, blaming their own workers or faults in their facilities, The Times said. But because Stuxnet was inadvertently released, any government— not to mention any hacker with spare time and a malicious streak — can create their own mutation of the weapon.

As the Times points out, “No country’s infrastructure is more dependent on computer systems, and thus more vulnerable to attack, than that of the United States.” Siemens makes specialized industrial controllers that were targeted by the Olympic Games attacks. As Siemens confirmed to ProPublica, the same hardware and software holes Stuxnet took advantage of in Iran exist in thousands of locations in the U.S. and worldwide. The vulnerable equipment controls everything from natural gas pipelines to refineries and power transmission lines.  

American cybersecurity experts have long warned that it’s only a matter of time before someone turns an equally destructive cyberweapon on our own systems. Now that Stuxnet’s origins are clear, the odds of that happening might be even higher.

Contributing: Peter Maass of ProPublica

And this is why “cybersecurity” needs to involve patching software, rather than spying on Americans.

Security also can’t be done when researchers get sued for copyright infringement (due to publishing information that enables people to bypass restrictions—look up the Diebold voting machine scandal for details), while hackers get a quarter-million dollar paycheck for selling an “exploit” to a broker.

The timing of these articles is interesting, as Congress just happens to be looking at cybersecurity legislation (ever notice that “cyber” only gets used when it’s supposed to be scary?) that assumes a need to monitor Americans, but doesn’t say a darn thing about actually securing the software against attacks.

I wonder if the sudden “reveal” of Stuxnet and Flame are to scare us into supporting the Stasi-like measures in CISPA and the similar bills.  Seriously, go skim through them.  Private companies are granted immunity to read and record anything you do, and “share it with” (report you to) the government, as long as they claim they think it’s related to cybersecurity (which itself has a broad definition).  The government is then enabled to act on it, even to the extent of prosecuting POTENTIAL crimes.

It wouldn’t be a terrible idea for readers to call their friendly neighborhood Senators and indicate that this might not be such a hot idea.  Remind them that “...the same hardware and software holes Stuxnet took advantage of in Iran exist in thousands of locations in the U.S.,” and keeping tabs on your Netflix queue ain’t gonna fix them.

If Iran can bring down US Drone by hacking into it than he is capable of retaliating with a good answer. Israel will be more at threat as it is sitting on a huge pile of nuclear war heads although no one look at it and everyone is now looking into the WMDs of Iran.
In today’s world we are all naked (no privacy) and if not thousands, hundreds are looking at what we are doing and who we are communicating with. West proclaim itself as flagship of freedom of speech but it has come with all sorts of laws and technologies to violate this freedom and still claim otherwise. While writing the responses we are exposing our self to all those agencies and corporations which in the name of protecting us are actually involve in developing these techniques to hack into our systems.

Regardless of what anyone thinks or believes , Israel deserves and has every right to use what they have and what they need. Get off their back just like everyone else needs to…or else I will consider you a terrorist just like those who hate them and you will become among those who need to cease to exist.

Israel is our ally (America), and will remain so for as long the Jesus Christ deems it appropriate. Until then, GO HOME. No one here needs your comments. Israel is the most hated country on the planet and it despised by all those around her…and for NO GOOD reason. Simply because all these little BABIES want more land? You really believe that is what they want? Get REAL!

This is a spiritual war and Satan is the driver of EVERYTHING evil which comes against Israel from ANY nation—including America. Satan knows that God ALONE will forever receive the worship of His people; and he also knows that his time is short. Because of this, he is trying everything in his power to take away the ONLY nation on this earth which God Himself calls His by name - Israel.

ALL those who are against Israel are of their father the devil and will be cursed.
All those who are for Israel are her friend and will be blessed as the Bible says.

May Christ return soon.
Blessed be the Name of the Lord (to the Christian -  Father God——to the Jews - Jehovah…...and His Son (to the Christian Jesus Christ (to the Jews -Yeshua.)

@P
Geez, pretty creepy response.

The US government is more afraid of its own people than any outside threat, thus wanting to keep the big eyeball on us in case we seriously decide we want our rights back. Government is interested in its own power and not the power of the people.

The story of the State Department “hacking” into Al Qaeda propaganda sites is mischaracterization.  See http://www.csmonitor.com/USA/Foreign-Policy/2012/0524/Is-State-Dept.-hacking-Al-Qaeda-Not-quite-but-propaganda-war-is-fierce

Culture Jamming

June 4, 2012, 6:04 p.m.

Regardless of what anyone thinks or believes, Iran deserves and has every right to use what they have and what they need. Get off their back just like everyone else needs to…or else I will consider you a terrorist just like those who hate them and you will become among those who need to cease to exist.

Iran used to be our ally (America), and remained so for until America screwed it up. Until then, GO HOME. No one here needs your comments. Iran is the most hated country on the planet and it despised by all those around her…and for NO GOOD reason. Simply because all these little BABIES want more land? You really believe that is what they want? Get REAL!

This is a spiritual war and Satan is the driver of EVERYTHING evil which comes against Iran from ANY nation—including America. Satan knows that God ALONE will forever receive the worship of His people; and he also knows that his time is short. [ok, the next sentence was just TOO weird]

ALL those who are against Iran are of their father the devil and will be cursed.

All those who are for Iran are her friend and will be blessed as the Bible says.

May Christ return soon.
Blessed be the Name of the Lord (whoever your personal one - up to and including the FSM, may his Noodly Appendage be upon you)

Hey, this is fun. Can we play again?