Big Lizards:Blog:Entry “Stuxnet Speculations and Wild Guesses”

« Drudge Not, Lest Ye Be Drudged | Main | Don't Gasp, Don't Kvell part I - a Reader Shibboleth »

November 30, 2010

Stuxnet Speculations and Wild Guesses

Hatched by Dafydd

I have no access to any information beyond unclassified media reports about the Stuxnet supervirus/superworm that has infected and largely frozen Iran's nuclear-enrichment program; but that won't stop me from making intelligent (?), semi-informed speculations and wild leaps of faith, in service to the science-fiction spirit embodied in this attack upon our greatest enemy by the world's first fully weaponized malware.

First of all, I am completely convinced (by discussions mostly here) that the malware was systematically developed by a black-ops skunk works that is part of some government... not by a lone-wolf genius, not by hackers, and not by a multinational corporation (unless it was working for some intelligence agency).

That reduces the source down to the usual targets. Iran claims it was attacked by Israel and the United States, and I think they're absolutely right. The other countries that might, might have the know-how to pull it off -- Russia, China -- have no plausible motive for doing so; while those countries that would be overjoyed to see such computational destruction of Iranian nuclear plans (Turkey, Saudi Arabia, the Eurostates, maybe India) really don't have the ability to weaponize malware to this extent. At least that's my opinion, take it for what it's worth.

Looking at the timeline, I see that the code was first discovered in Iran's enrichment hardware in June 2010. It must have been kicking around in less secure systems for many months before that, propagating and "adapt[ing] like the Borg," as commenter TimesDisliker in that Patterico comment thread put it; Symantec checked their archives and found a sample of Stuxnet going back a full year to June 2009. Symantec estimated that the actual development of the code would have taken about six months (early January, 2009); but they added the following disclaimer that pushes it back even further:

We estimate the core team was five to ten people and they developed Stuxnet over six months. The development was in all likelihood highly organized and thus this estimate doesn’t include the quality assurance and management resources needed to organize the development as well as a probable host of other resources required, such as people to setup test systems to mirror the target environment and maintain the command and control server.

Considering the blazing speed that characterizes military, bureaucratic, and administrative planning sessions and operational set-up, it's hard to imagine the total development process, from "Gee, wouldn't it be great if..." to a Stuxnet supervirus ready to be unleashed upon a hapless Ahmadinejad, taking less than a year's time -- at least back to June 2008, assuming that 2009 sample from Symantec wasn't already months old before they stumbled across it, and assuming the development didn't take longer than a year (including "bureaucratic standard time"). Therefore, the project must have started in the waning months of the George W. Bush administration, if not even earlier in Bush's second term.

Minor sub-thought: I was just on the phone with a friend, maintaining that, while Bush may or may not have known about it, I believe President Barack H. Obama was completely ignorant of Stuxnet; I think he was kept totally out of the loop for reasons that seem obvious to me: No one would trust the Obamacle or his minions with such intel because it would have been sent straight to Eric Lichtblau at the New York Times (or to Julian Assange at WikiLeaks), denounced as yet another Bush-era "crime against humanity;" or at least the Stuxnet developers would worry that it might. (Can we say Barack Manning? If you don't get that snark, look up "Bradley Manning" on Wikipedia.)

My phone conversationalist argued that Obama would have to have known, since he would have to have approved the project, would have been briefed on it by his subordinates and reports, and would have to be kept inside the loop. But the fact that the project likely started during the Bush administration removes those objections: Obama didn't need to approve it because it was already approved and funded by George W. Bush. Obama wouldn't have been briefed, because the outgoing administration probably never told the leftist, ideological, Iran kow-towning political appointees of the incoming about the ultra, code-word classified virus for fear it would be "Lichtblaued" the next week.

Barack Obama not only could have been kept out of the operational or even reporting loop, he should have been kept out. His national-security appointments alone reveal his unseriousness and fecklessness on the subject of the War Against Radical Islamism:

Consider Janet Napolitano as our joke Secretary of Homeland Security;

Leon Panetta as our hapless Director of the Central Intelligence Agency;

Hillary Clinton as our ersatz Secretary of State;

Bob Gates, who has become the "Les Aspin" of the twenty-first century, loving the military but afraid to play with it lest it get broken;

Gen. James Jones, outgoing National Security Advisor, who spent his tenure alternating between being ignored by the president and crushing on Hillary;

Counselor Thomas E. Donilon, incoming National Security Advisor, whose major qualification for the post appears to be that he served as lawyer lobbyist for Fannie Mae;

And Attorney General Eric Holder, who has his own, personal defintion of "black ops."

Nobody on that list could ever have pulled the trigger; thus nobody in his right senses would hand over the keys to the Stuxnet program to the gang who couldn't shoot, straight or otherwise. Hence I seriously doubt that the Obamacle knew thing-one about this mission.

If we did collaborate with Israel on this project, which makes sense, I have an inkling of how that partnership shook out: I'll bet we supplied the ultimate software -- we're the chaps with the technological sophistication -- while the Israelis supplied the real-time infiltration and implantation of the supervirus.

We know to a near certainty that Mossad agents and local Iranians ideologically turned or bribed by Israel have penetrated the Uranium-enrichment program and other elements of Iran's nuclearization; where else would Israel have gotten all the targeting information for Iranian nuclear reactors and development sites, from Osirak in 1981 to Natanz and other sites today? Israel has a much more urgent motivation and better personnel to infiltrate Iran... native-born Iranian Jews working undercover in Tehran, for example.

In my fevered brain, I envison one Mossad agent, working with the CIA, discovers the Stuxnet malware he has been awaiting in that Belarusian company computer, having finally slithered its way into Iran, modifying and improving its code as it crawled. The agent arranges to be called in to eliminate the infestation. He cleanses every trace of it from the firmware -- but not before downloading the evolved version of Stuxnet into a thumbdrive.

He passes it through a series of cutouts to another Mossad agent, this one working at one of the major nuclear facilities -- perhaps in the same capacity as the evildoer Bradley Manning (I won't dignify him with his former, and obviously disregarded rank in the United States Army... and if you followed instructions above, you know by now who Bradley Manning is!) But instead of downloading classified documents to hurt his own country, this Mossad hero uploads the Stuxnet malware to Iran's nuclear computers to protect his real country, Israel, from nuclear annihilation.

(Note that even the anti-Bush CIA would probably love the Stuxnet project. Their vigorous and subversive objection to the wars in Afghanistan and Iraq stem from the CIA's parent entity, the State Department: Like State, CIA has a penchant for diplomacy and spycraft, not belligerency and warcraft. But this sort of thing is right up their traditional alley... more akin to the sneaky and precious moral ambiguity of John Le Carre than the straightforward fighting of David Petraeus.)

Finally, Iran would love to retaliate against us in the same way we attacked them (as I believe we did, and thank heavens!) -- with a rewritten version of Stuxnet that will attack our computers at the Air Force Global Strike Command or somesuch. But I don't think they have anywhere near the technological capability even to understand the fractal complexity and Borg-like adaptability of Stuxnet, let alone monkey with it to produce a counter worm. They're not very good at high tech; they even have to buy their missile technology from North Korea, roundabout from China.

But they're absolute wizards at creating jihadist cells, sneaking bombs into Western countries (including the United States), and inducing radical Islamists in Hamas or Hezbollah to blow themselves up in "martyrdom operations"... and that is how I believe they will strike back at us for this cyberattack, not with bytes but with bombs. Moreover, if I were Mahmoud Ahmadinejad, I would plan an attack not in New York or Los Angeles, nor Chicago nor Washington, D.C., but rather in America's heartland, the Midwest. In particular, I'm very nervous about an attempt to bomb, shoot up, or otherwise attack the largest shopping mall in the United States, in Bloomington, Minnesota: the temptingly named "Mall of America."

Great Caesar's ghost, but I hope local and federal lawn-forcement officials tremendously beef up security there, as well as other malls, sports stadiums, concert arenas, amusement parks, and tourist sites. If Iran flies into a rage and decides to kill Americans in as great a number as possible, I strongly suspect they will strike at the everyday lives of American civilians next time, not the well-guarded military and government elites, and not at Wall Street financiers.

Hatched by Dafydd on this day, November 30, 2010, at the time of 12:49 PM