By Alan Dowd
Stuxnet computer worm may now be the signature weapon in the high-tech covert war against Iran.
Just as the F-117 stealth fighter was the star of Operation Desert Storm, and Predator UAVs have played a leading role in Afghanistan and Iraq, the high-tech, 21st-century covert war against Iran may now have its signature weapon: the Stuxnet computer worm.
Launched sometime in 2008, Stuxnet was a guided, time-released cybermissile that targeted and sabotaged the computers running Iran’s uranium-enrichment program and centrifuges. The Bush administration initially authorized a secret operation to “undermine the electrical and computer systems around Natanz, Iran’s major enrichment center,” as The New York Times reports. The Obama administration eagerly continued the effort and sped it up.
Stuxnet was probably delivered via a USB flash drive, due to the fact that the Iranian nuclear program is intentionally cut off from the Internet. As Stuxnet made its way from computer to computer, it left those computers not related to the centrifuges unaffected, as Newsweek reports. But once it found its intended target, Stuxnet quietly ripped through Iran’s nuclear program. For 17 months, it targeted the operating systems running the program; tricked centrifuges into running faster than normal, and then abruptly slowed them down, corrupting the uranium produced in the centrifuge tubes; and confounded Iran’s nuclear scientists.
Then, as Fox News reports, when a Belarusian subcontracting firm discovered traces of the worm at the power plant in Bushehr, its staff contacted computer-security experts from around the world via e-mail and the Internet, as is common practice in the industry. “Ordinarily, these experts would immediately begin tracing the worm and dissecting it,” according to the Fox analysis. But that didn’t happen with Stuxnet. Instead, “all the alert sites came under attack and were inoperative for 24 hours.” This further delayed Iran’s ability to respond to the attack.
The result: an Institute for Science and International Security study cited by Newsweek concludes that Stuxnet crippled Iran’s ability to activate new centrifuges throughout 2009; Iran’s second set of 5,000 centrifuges was “beset by delays”; and at least 1,000 centrifuges “simply broke down.” Best of all, as the Fox analysis explains, Stuxnet was designed in such a way that it allowed Iran’s nuclear processing program “to continue but never succeed, and never know why.” That’s because, as The New York Times recently reported, Stuxnet had “secretly recorded what normal operations at the nuclear plant looked like, then played those readings back to plant operators, like a prerecorded security tape in a bank heist, so that it would appear that everything was operating normally.”
As late as December 2010 – long after the revelation of Stuxnet – computer-security firms such as Tofino, which develops industrial-level cybersecurity systems, were reporting massive increases in the number of Iranians visiting their sites. Industry experts view this as “a likely indication that the virus is still causing great disarray at Iranian nuclear facilities,” according to The Jerusalem Post.
Ralph Langner, an expert in industrial computer systems, says Stuxnet “was as effective as a military strike.” Indeed, the attacks were effective enough to force Iranian strongman Mahmoud Ahmadinejad to concede, “They had been successful in making problems.”
That’s an understatement. A leading Iranian IT firm reports that 30,000 computers supporting the nuclear program had been hit by Stuxnet.
A Newsweek analysis calls Stuxnet “the most sophisticated computer worm ever detected and analyzed.” Langner has likened Stuxnet to “the arrival of an F-35 into a World War I battlefield.”
So sophisticated, intricate and expensive is Stuxnet that most cyberwarfare experts believe it was the work of multiple intelligence agencies and/or militaries. Among those suspected are Israel, the United States, Germany, France and even Russia, though observers increasingly believe Stuxnet was largely a U.S.-Israeli project.
The good news for Iran’s many enemies is that Stuxnet may have set Iran’s nuclear program back several years, perhaps delaying an Iranian bomb to 2015.
The bad news, though, is twofold: first, Iran’s drive for nukes continues. What’s most worrisome about Iran – or any regime that funds terrorism, foments revolution and promises to destroy a fellow member of the United Nations – is not so much the idea of nuclear weapons as who’s in charge of those weapons.
Second, if a cyber-smart bomb like Stuxnet can be designed and deployed against the nascent nuclear infrastructure of America’s enemies, it can surely be deployed against our own highly networked military and civilian infrastructure. Already, U.S. allies in Estonia, Georgia and Israel have learned that attacks in cyberspace can have devastating real-world consequences. “Cyberwar doesn’t make you bleed,” Ene Ergma, the speaker of the Estonian parliament, told Wired, “but it can destroy everything.”
Mindful of this 21st-century reality, the British government worries that utilities-network upgrades carried out by the Chinese telecom firm Huawei may have given Beijing the ability to shut down essential services. The Pentagon concluded in 2007 that China “has established information-warfare units to develop viruses to attack enemy computer systems and networks.”
To deter, or at least defend against cyberwar, the Pentagon has been given a green light to treat cyberspace like any other military domain, and is developing capabilities to “deceive, deny, disrupt, degrade and destroy” enemy information systems.
“We have to have offensive capabilities to, in real time, shut down somebody trying to attack us,” says Gen. Keith Alexander, who leads the Pentagon’s new Cyber Command.
Perhaps some of those capabilities were put on display with Stuxnet.