Stuxnet Heralds a Brave New World of Sophisticated Weaponry

Natanz Nuclear Enrichment Defense Iran Stuxnet appears to have been developed in the US and refined in Israel, before being introduced into Iranian computers by shadowy import-export companies. More from Wired:

Suddenly, over a six-month period beginning late 2009, U.N. officials monitoring the surveillance images “watched in amazement” as Iranian workers “dismantled more than 10 percent of the plant’s 9,000 centrifuge machines used to enrich uranium,” according to the Washington Post. “Then, just as remarkably, hundreds of new machines arrived at the plant to replace the ones that were lost.”

Investigators described the effort as a feverish attempt to contain damage and replace broken parts, suggesting the centrifuges had indeed been operational when they broke....One other piece of information suggests Iran’s nuclear program was the target of Natanz. Last week security firm Symantec released a report revealing that the Stuxnet attack targeted five organizations in Iran that were infected first in an effort to spread the malware to Natanz.

Because Natanz’s PLCs are not connected to the internet, the best hope of attacking them – short of planting a mole inside Natanz – was infecting other computers that could serve as a gateway to the Natanz PLC. For example, infecting computers belonging to a contractor in charge of installing software at Natanz could help get the malware onto the Natanz system.

Symantec said the companies were hit in attacks in June and July 2009 and in March, April and May 2010. Symantec didn’t name the five organizations but said that they all “have a presence in Iran” and are involved in industrial processes._Wired

No one will shed tears for the Iranian nuclear weapons program, nor for the international companies which are illegally aiding the Iranians. But this attack is just the tip of the iceberg, and a mere suggestion of the wave of more sophisticated forms of sabotage, espionage, and covert warfare which is on the way.

Targeted acts of sabotage disrupt, but the real pay-off comes from identifying the human and technical links in the chain of command. Observing who responds – and when – to worm-driven destruction helps illuminate who really runs Iran’s nuclear infrastructures. Real-world Iranian responses offer critical clues as to which scientists, administrators and engineers are trusted and who is suspect. The chance to monitor Iran’s response would be of great interest to Mossad, the International Atomic Energy Agency, America’s CIA and/or Britain’s GCHQ.

Crafting a worm that generates potential insight into all those issues represents an intelligence coup. It is as potentially revelatory as a WikiLeaks data dump. That is why interpreting Stuxnet as desperate stop-gap or one-off intervention almost certainly misunderstands its purpose. Sabotage here is a means to an end; it is a gambit to make Iran’s nuclear processes more transparent.

Iran’s nuclear elite and Ministry of Intelligence know this. It is no secret now to the mullahs that their responses to the Stuxnet breach were closely monitored by external intelligence agencies. Their internal security is furiously trying to assess what information might have inadvertently been revealed. _FT

Stuxnet's sophistication is considered to be unprecedented. But from now on, Stuxnet will be the benchmark against which future spyware and malware will be gauged.

Mr Salem [of Symantec] said new technology and new approaches are needed.

"I run the largest security company in the world. I get up and people say I have a vested interest (in pushing this line). But my job is to protect and provide security and when we say critical infrastructure is under attack, it is real."

Mr Salem mapped out a number of strategic steps that need to be taken to guard against the next major cyber attack. They include an early warning system, better intelligence on what attacks could happen, better protection, the ability to anticipate what any threat could look like and the ability to clean up after an attack.

He also pointed to a role for government that might involve a counter attack or strike.

The idea of a kill switch to allow the government to switch off the internet if it is under attack is one he did not seem overly enthusiastic about.

"The ability for us to turn something off like that and not cause other massive disruption would be very hard. We are becoming more and more dependent on the internet. There are better approaches than trying to shut off the internet. _BBC

This growing dependency on the internet can be seen at all levels of every society in the advanced world. It represents a growing vulnerability -- given the revelation of what malware like Stuxnet can do -- and needs to be addressed now, before societies move to depend upon an even more vulnerable "smart grid" power system. We should not make it easy for malicious outsiders to turn out our lights.

The threat is real, and the threat is now. The US government is one salient target, with large corporations and city/state governments also being notable targets.

More than 100 foreign intelligence agencies have tried to breach United States defence networks, largely to steal military plans and weapons systems designs, a top Pentagon official said. _NZHerald

Consequently, the US Pentagon is seeking half a billion US dollars to develop new cyber technologies -- including powerful new defenses to guard agains the powerful new cyber-attack threats.

The $500 million is part of the Pentagon’s 2012 budget request of $2.3 billion to improve the Defense Department’s cyber capabilities. At a Pentagon news conference yesterday, Defense Secretary Robert Gates called the research money, to be spent through the Defense Advanced Research Projects Agency, or Darpa, “big investment dollars, looking to the future.”

The military is reaching out to commercial companies for the latest technologies and technical experts to safeguard the Pentagon’s computer networks from attacks and espionage, Lynn said. The effort is part of a “comprehensive cyber strategy called Cyber 3.0,” he said. _Bloomberg

The djinn is long out of the bottle, wreaking havoc on uranium enrichment centrifuge cyber systems. Similar djinns will soon fly out, based upon similar advanced cyber technology, with wider mission profiles and less selective targeting.

But regular readers of Al Fin blogs will understand that this cyber threat -- for all its potential for disruption and destruction -- is only the visible and more imaginable problem. More creative and malicious destructors are on the way, as advanced sciences and technology merge with unimaginably sophisticated hardware and software.

This is the start of the long war, which may either result in humans sinking to a pre-technological level for hundreds or thousands of years, or in humans transcending their monkey natures on the way to the wide-open next level. Watch and see.

Excerpted from an article at abu al-fin

Stay up to date on the hidden war of cyber attack at Infowar.com

For the military side of things, stay current with StrategyPage.com

One of the deepest threats will come from "nano guns, nano germs, and nano steel".

It is not unreasonable to assume that a computer virus sent from across the world could program the assembly of a deadly human virus inside an unsecured university research lab located inside a friendly country. Tight connections to the internet by conventional research DNA and RNA (and protein) assembling equipment, will allow such stealth long-range hybrid cyber/bio warfare.

The same approach could lead to the programming of deadly stealth nanoweapons, and even macro-weapons, utilising 3-D printing devices connected to the net.

If you can imagine it, so can someone else with more malignant intent. Hope for the best. Prepare for the worst.