In 2011, the US government rolled out its "International Strategy for Cyberspace," which reminded us that "interconnected networks link nations more closely, so an attack on one nation’s networks may have impact far beyond its borders." An in-depth report today from the New York Times confirms the truth of that statement as it finally lays bare the history and development of the Stuxnet virus—and how it accidentally escaped from the Iranian nuclear facility that was its target.

The article is adapted from journalist David Sanger's forthcoming book, Confront and Conceal: Obama’s Secret Wars and Surprising Use of American Power, and it confirms that both the US and Israeli governments developed and deployed Stuxnet. The goal of the worm was to break Iranian nuclear centrifuge equipment by issuing specific commands to the industrial control hardware responsible for their spin rate. By doing so, both governments hoped to set back the Iranian research program—and the US hoped to keep Israel from launching a pre-emptive military attack.

The code was only supposed to work within Iran's Natanz refining facility, which was air-gapped from outside networks and thus difficult to penetrate. But computers and memory cards could be carried between the public Internet and the private Natanz network, and a preliminary bit of "beacon" code was used to map out all the network connections within the plant and report them back to the NSA.

That program, first authorized by George W. Bush, worked well enough to provide a digital map of Natanz and its industrial control hardware. Soon, US national labs were testing different bits of the plan to sabotage Natanz (apparently without knowing what the work was for) using similar centrifuges that had come from Libya's Qadaffi regime. When the coders found the right sets of commands to literally shake the centrifuges apart, they knew that Stuxnet could work.

When ready, Stuxnet was introduced to Natanz, perhaps by a double agent.

Getting the worm into Natanz, however, was no easy trick. The United States and Israel would have to rely on engineers, maintenance workers and others—both spies and unwitting accomplices—with physical access to the plant. “That was our holy grail,” one of the architects of the plan said. “It turns out there is always an idiot around who doesn’t think much about the thumb drive in their hand.”

In fact, thumb drives turned out to be critical in spreading the first variants of the computer worm; later, more sophisticated methods were developed to deliver the malicious code.

When Barack Obama came to office, he continued the program—called "Olympic Games"—which unpredictably disabled bits of the Natanz plant even as it told controllers that everything was normal. But in 2010, Stuxnet escaped Natanz, probably on someone's laptop; once connected to the outside Internet, it did what it was designed not to do: spread in public. The blame game began about who had slipped up in the coding.

“We think there was a modification done by the Israelis,” one of the briefers told the president, “and we don’t know if we were part of that activity.”

Mr. Obama, according to officials in the room, asked a series of questions, fearful that the code could do damage outside the plant. The answers came back in hedged terms. Mr. Biden fumed. “It’s got to be the Israelis,” he said. “They went too far.”

Once released more widely, the Stuxnet code was found and then disassembled by security researchers.

Please don't follow our example

As the International Strategy for Cyberspace notes, these sorts of electronic attacks are serious business. The US in fact reserves the right to use even military force to respond to similar attacks. "All states possess an inherent right to self-defense, and we recognize that certain hostile acts conducted through cyberspace could compel actions under the commitments we have with our military treaty partners," says the report. "We reserve the right to use all necessary means—diplomatic, informational, military, and economic—as appropriate and consistent with applicable international law."

Yet the US had just gone on the cyber-attack, and everyone knew it. Speculation has long swirled around government-backed hackers from nations like China and Russia, especially, who have been suspected of involvement in espionage, industrial trade secret theft, and much else. Would something like Stuxnet damage US credibility when it complained about such attacks? (China has long adopted the "you do it too!" defense on Internet issues, especially when it comes to censoring and filtering of Internet content.)

Obama was at least aware of the likely answer—yes—but pressed ahead, even accelerating the Olympic Games program.

[Obama] repeatedly expressed concerns that any American acknowledgment that it was using cyberweapons—even under the most careful and limited circumstances—could enable other countries, terrorists or hackers to justify their own attacks. “We discussed the irony, more than once,” one of his aides said.

Stuxnet is old news by now. Even the newly discovered "Flame" malware was developed some time ago. While details about these two targeted attack packages are finally emerging, the next generation of attack tools has no doubt been developed and likely deployed.

Source

I can't believe this hasn't received a single response. Stuxnet is one of the most fascinating events of the past ten years and it shows how wars will be fought in the future.

With that said, I'm going to have to read more on how it "escaped" and went into the wild. Given the incredibly specific commands within the virus, it's hard to see how it would do much of anything without the limiting confines given to it.

In the wild, what would it do? I'd assume that it's written to fool a Linux environment (just hypothesizing here) but without the specific set of programs to convince it *wasn't* running while spinning a centrifuge faster than it should, what the hell exactly would it do? In theory, I suppose it would replicate willy-nilly (what is the point of a virus that doesn't) but how was it discovered?

Well, it's something must rightwing people would support, and would make Obama look bad to most leftwing people.

That said, I find it funny how this and other cyberwars have tended to be the worst kept secrets ever.  Pretty much as soon as that virus was released everyone knew who did it.  Just like when the Chinese hacked a bunch of US companies.

It might show how wars are fought in the future, but in the present it seems more like the "cold war" with nobody losing too much sleep over lost code.

I believe actually the thing infects Windows computers.  Iran using pirated windows technology.

So basically what it'll do in the wild is spread around and take up space, and that's probably it.

Those bastards! Microsoft's lawyers should send them a fine for $50,000 or whatever the going rate is.

USA and it's criminal activities lol..., especially the part where to tried to blame the Isrealis was amusing.

I thought that was a possibility but given the nature of that kind of equipment, I figured they'd be running in a Linux environment.

It's easy to forget how backwards other parts of the world are regarding technology and how far they are behind the western world and specifically, the US. We're still setting the bar when it comes to utilization of current tech, or at least we certainly are in the private sector.

Well... some of the private sector anyway.

I remember when I was working shipping and receiving we had a linux based program running on windows through some sort of compatability fix or something, either way the program would lock up every once and a while, and the stocknumbers were often wrong...

though the stock numbers being wrong was probably just due to workplace stupidity.  (They did inventories during work hours when the store was open and the book buyer wasn't the best in the first place.  I remember the time We ended up with 400 books for a course of 30.