Simply Security - News, Views, and Opinions from Trend Micro

Posted on August 7th, 2012 in Internet Safety by Simply Security | 1 Comment | Tags: Internet Safety

What began as a virus meant to disrupt an Iranian nuclear facility has blossomed into a global controversy regarding the U.S. government's use of cyberweapons.

Just days after the cybersecurity community was alerted to the existence of Flame, which is being considered one of the most potent cyberweapon yet, New York Times national security columnist David Sanger offered several telling clues surrounding its origins. Citing interviews with current and former American, European and Israeli officials, provided under the condition of anonymity, Sanger revealed that the Stuxnet worm that may have blazed the trail for Flame was officially the result of an American-Israeli undercover campaign to disrupt Iran's nuclear program.

With definitive evidence chronicling the United States' "first sustained use of cyberweapons," Internet security experts and politicians are suggesting that the world has now passed a point of no return in extending warfare to the digital frontier.

Codename: Olympic Games

According to Sanger, the story begins in 2006 with the Bush administration growing increasingly frustrated with a lack of cooperation from European allies in enforcing sanctions against Iran. Convinced that the Middle Eastern nation was still enriching uranium to develop a nuclear arsenal, Vice President Cheney and others in the cabinet were advising a preemptive military strike. When it was decided that these plans would not be politically feasible and could further inflame a region already plagued by war, officials began investigating a more surreptitious approach.

One auxiliary approach that the United States had been employing for years, according to Sanger, was to compromise Iran's nuclear facilities by inserting defective – or even explosive – parts into the international supply chain. By embedding specialized computer code into components of an industrial control system, American officials were ultimately able to develop a comprehensive blueprint of Iran's primary nuclear facility at Natanz.

After initial efforts to expand this strategy were thwarted by the network's complexity, the United States recruited the assistance of specialized engineers within the Israeli government. According to Sanger, the early American-Israeli test scenarios produced what would become the first cyberweapon capable of disrupting physical infrastructure when the computer code manipulated the spin rate of nuclear centrifuges until they were no longer functional.

The "most brilliant part of the code," one American official told Sanger, was that its attack pattern was constantly varied. With no clear way to explain the malfunctions, U.S. engineers hoped that Iranian operators would simply blame bad parts and grow frustrated with their own poor engineering.

As progress continued, the Bush presidency was coming to an end. Before the transfer of power took place in Washington, outgoing cabinet members debriefed Obama administration officials on the American-Israeli cyberplot that had been codenamed "Olympic Games."

"By the time Mr. Bush left office, no wholesale destruction [plan] had been accomplished," Sanger wrote. "Meeting with Mr. Obama in the White House days before his inauguration, Mr. Bush urged him to preserve two classified programs, Olympic Games and the drone program in Pakistan. Mr. Obama took Mr. Bush's advice."

The world meets Stuxnet

Convinced of the progress made by Olympic Games, and the threat posed by Iranian nuclear proliferation, the Obama administration continued to press forward with cyberattacks directed at Natanz. American luck continued, according to Sanger, with increasingly bold strategies evading detection and netting results. However, fortunes turned in the summer of 2010 when it became clear that the a new variant introduced to the cyberweapon had caused the classified worm to escape the Natanz ecosystem and make its way out into the wild.

The bug soon found its way onto the radar of the cybersecurity community at large, although experts could not nail down the motives of the strange malware. Given its scope and complexity, the threat which came to be called Stuxnet was suspected to be a state-sponsored attack. Ultimately, it appears, those suspicions have now been confirmed.

Nevertheless, there was no evidence at the time to suggest that Iranian engineers had made any progress in deflecting the attacks or identifying who was behind them. According to Sanger, the United States pushed forward with strikes that would eventually destroy more than 1,000 centrifuges.

Although these results were encouraging, Obama aides suggested to Sanger that the president was very much aware of the context of his team's actions and the slippery slope they were navigating as they attempted to harness a cyberweapon with unknown potential for damage.

"Mr. Obama, according to participants in the many Situation Room meeting on Olympic Games, was acutely aware that with every attack he was pushing the United States into new territory, much as his predecessors had with the first use of atomic weapons in the 1940s," Sanger wrote. "He repeatedly expressed concerns that any American acknowledgement that it was using cyberweapons – even under the most careful and limited circumstances – could enable other countries, terrorists or hackers to justify their own attacks."

The boomerang effect

In the days since Sanger's expose was published, it has become increasingly clear that the president may not have even realized the true wisdom of his words. In moving forward with Olympic Games and subsequently giving Stuxnet to the world, the United States may have given enemies the tools to go along with the motives which make them cry out for retaliation.

According to MIT Technology Review, the discovery of Stuxnet in 2010 essentially gave the hacking community its first-ever blueprint for how to attack the industry control systems that manage operations at everything from manufacturing facilities to water treatment plants. In fact, there is even a widely available toolkit based on Stuxnet coding that focuses on zero-day exploits found in the supervisory control and data acquisition (SCADA) controls that have been consistently cited as the Achilles' heel of power grid cybersecurity.

While independent hackers learn from the wisdom of Stuxnet coding, nation-states could use America's words against it to justify full-scale war. According to Ars Technica, provisions contained in the International Strategy for Cyberspace released by U.S. officials last year noted that "diplomatic, informational, military and economic" mechanisms could be used to respond to overtly hostile acts. With Olympic Games compromising facets of Iran's energy infrastructure and Stuxnet variants continuing to wreak havoc on a variety of frontiers, the United States may now have put pens in the eager hands of those hoping to sign a declaration of cyberwarfare.

Security News from SimplySecurity.com by Trend Micro