Cyberwarfare blowback: Will the Iran worm turn?

There is a new article in the New York Times that details some of the background in the creation and distribution of the Stuxnet worm. Of course those that seem to be involved the U.S. and Israel deny having knowledge of the worm that set back Iran's nuclear program by infecting software that runs centrifuges.

The Dimona complex is deep in the Negev desert heavily guarded since it is the center of Israel's nuclear arms program. Of course the existence of such a program is not even admitted by the Israelis.

Military and intelligence experts say that Dimona has now taken on a new critical role as a testing ground for efforts to undermine Iran's nuclear programme. Israel has been spinning nuclear centrifuges virtually identical to those at Iran's Natanz facility where uranium is enriched. Apparently at Dimona the effectiveness of the Stuxnet worm was tested. This worm is said to have wiped out about one fifth of Iran's nuclear centrifuges.

An expert on nuclear intelligence said: "To check out the worm, you have to know the machines," "The reason the worm has been effective is that the Israelis tried it out." What is said to be going on in Israel and also in the U.S. offer evidence that the worm was a joint U.S. Israeli operation, designed to sabootage the Iranian program.

The retiring chief of Mossad, Meir Dagan said that Iran had run into technical difficulties that could delay a bomb until 2015. No doubt the Stuxnet worm had something to do with this. Iran claims that Mossad is also behind the deaths of several Iranian scientists.

The Stuxnet worm is described as much more complex and ingenious than experts had at first thought when it began circulating in mid-2009. No one know exactly who or how the worm was constructed but there are certainly clues. The trail leads back to the German company Siemens in 2008.

Siemens cooperated wtih U.S. premier national laboratories in Idaho in order to identify vulnerabilities of computer controllers that the company sells to direct industrial machinery around the world. This includes key centrifuge equipment in Iran's enrichment facilities.

In early 2008 the German company Siemens cooperated with one of the United States' premier national laboratories, in Idaho, to identify the vulnerabilities of computer controllers that the company sells to operate industrial machinery around the world - and that American intelligence agencies have identified as key equipment in Iran's enrichment facilities.

Siemens claims this program is simply part of routine efforts to protect its products against cyberattacks. But the tests gave the U.S. Energy Dept the chance to identify the hidden security holes in the Siemens systems, These were the very holes that were exploited next year by the Stuxnet worm.

The worm has two components. One makes the centrifuges spin wildly out of control. A second component tells operators that things are operating normally when actually behind the scenes the worm is sabotaging the operation of the centrifuge. Details can be found in the article.

While only some of the Iranian operations were disrupted the attack may not be over. Ralph Langner who was among the first to decode the worm said:"It's like a playbook," "Anyone who looks at it carefully can build something like it." Mr. Langner is among a number of experts who say that the worm legitimizes attacks to which the U.S. itself can be extremely vulnerable. No doubt Iranian scientists and perhaps Chinese and others are working on projects that could hurt the U.S.

Obama's chief strategist for combating weapons of mass destruction would not answer a question about Stuxnet at a recent conference but said:"I'm glad to hear they are having troubles with their centrifuge machines, and the U.S. and its allies are doing everything we can to make it more complicated." The U.S. and Israel at least seem to have created and tested Stuxnet. Whether Siemens had any idea what was happening is not clear.

The project was probably started in the last months of the Bush administration. In January 2009, The New York Times reported that Mr. Bush authorized a covert program to undermine the electrical and computer systems around Natanz, Iran's major enrichment center. Obama when he took office actually sped up the program. Israel too was part of the speed up.

Controllers and regulators became a target of Iran sanctions. Wikileaks cables show an urgent attempt to stop a shipment of Siemens controllers in the port of Dubai in April 2009. They were actually stopped. But obviously later some Siemens controllers got through, ones with the Stuxnet virus.

At this point Mr. Langner decided to test the worm on a series of Simens controllers in order to design protective software. Langner discovered that the worm went into operation only when it detected a specific configuration of controllers--such as would be found in the Iranian facilities. As Langner said:"The attackers took great care to make sure that only their designated targets were hit," "It was a marksman's job."

Much more fascinating detail can be found in the article. What seems clear is that this worm was obviously designed for a very specific purpose and had even been tested to ascertain that it woul achieve this aim. However, the design and use of such an attack technique can only serve to inspire those who are opposed to U.S. interests to develop similar weapons to sabotage and disrupt U.S. programs. If the U.S. and Israel can use this type of cyberwarfare weapon in so called self defense surely Iran can claim the same right. Not only that but any country that might come into conflict with the U.S. will surely think that it would be remiss if it did not develop similar cyberwarfare weapons in the name of defense. The worm may turn.