As more and more information comes about the U.S. military’s use of cyberweapons in international conflicts, the questions over the strategy and morality of the weapons grow: are we starting another Cold War, complete with an arms race and the anxiety of a nuclear deterrent? Or, even more frightening, are we engaging in a method of warfare without precendent? And if so, do we even know what we’re doing?
Stuxnet and the genius of the new cyberweapons
Earlier this month, David Sanger of the New York Times published an investigative piece exploring Obama’s role in Operation Olympic Games — America's first sustained use of cyberweapons.
Initially launched as a part of covert operation in the Bush Administration, Stuxnet, as it was later codenamed, was a malware program used to shut down key components of Iran’s Natanz nuclear facility. Stuxnet was remarkably effective during the brief amount of time it remained hidden. As Sanger notes, Stuxnet was able to do, with computer code, the job normally reserved for bombs and explosives: cripple another country’s infrastructure.
Because the Natanz plant’s industrial computer controls were isolated from the internet by what computer experts call an "air gap" or "electronic moat," operatives had to upload Stuxnet onto a thumb-drive and placed it on a desk inside the facility, where it was bound to be placed into a computer eventually. "It turns out," Sanger writes, "there is always an idiot around who doesn’t think much about the thumb drive in their hand."
Stuxnet was an elegant piece of malware that stayed hidden inside the Natanz computer system for weeks. Evolving and adaptive, it masqueraded its existence as computer updating software. With access to the ins and outs of the nuclear facilities and the machinery in it, Stuxnet was able to monitor the daily operations and send data back to analysts in Washington, Israel or wherever.
The genius of the program was two-part: first, there was the physically destructive capacity of the malware. Stuxnet had access to the facilities' layouts, their regular output, and the central computer control center. With this information, Stuxnet sent minor tweaks to the reactors in the facilities to speed up or slow down. Super-sensitive and exact, the reactor’s delicate parts self-destructed. Here's the kicker: when parts of the reactors were instructed to slow down or speed up, Stuxnet sent messages back to the Natanz control room, saying that everything was working right as rain.
The Iranians were extremely confused when their reactors stopped functioning properly. The monitors and safeguards they had installed were consistently showing smooth operations, indicating that the reactors' failures were coming from one of two places: faulty mechanical parts, or general ineptitude. The reactors continued to fail, even after Iranian head-hanchos fired a number a scientists and replaced some of the supposedly faulty hardware.
Yet Stuxnet remained hidden, at least until 2010 when Stuxnet escaped the Natanz air moat and went global. Just as you can expect some idiot to pick up a thumb drive and stick it in his computer, you can also expect some schmo to take home a thumb drive or laptop, where there is internet connectivity. Stuxnet entered the World Wide Web, proliferated and got caught.
Next page: Is there a Cyber Cold War?
---
Follow on Ology: David Barnett | PoliticOlogy
Follow on Twitter: @blankbarnett | @OlogyPolitics
Comments (0)
Be the first to comment!