Saturday, June 2, 2012

It's offical: The US created Stuxnet

I don't think anyone was surprised by the Obama administration's recent admission that the US created the Stuxnet worm with the help of our ally, Isreal. As reported in the NY Times and Ars Technica, the Obama administration confirmed that it had continued the Bush-era program, code-named "Olympic Games." This marks the first time in history that a government has admitted to using cyber warfare

The goal of the program was to disrupt Iranian centrifuges and degrade their capacity to enrich Uranium. The only problem was that the worm worked too well, and escaped into the wild, where it was captured and analyzed. While it is doubtful that anyone who lives in Isreal or the US is losing sleep over the damage caused to Iranian centrifuges, this opens up a Pandora's box that I doubt will ever be closed.

The problem with someone discovering our virus is that code can be reverse-engineered. Having Stuxnet be discovered by the Iranians is pretty much giving them the blueprints to the weapon we just attacked them with. No es bueno.

And it's not just the code itself. I'm sure the code contained innovative malware techniques, and it has been reported that it used previously-unknown vulnerabilities in the industrial control systems it was designed to attack. So, those innovative techniques are now old news, and those vulnerabilities are now known.

Not being a spook, I would guess that the absolute worst case scenario of a secret mission would be everyone in the whole world knowing about it. So, I would wager that the people who created this warm probably consider it a mixed success.

One point that I haven't seen any of the news sources make on this:

The government agencies telling congress that we need more draconian laws for dealing with scary cyber attacks are essentially the same ones causing those attacks. You go around set things on fire and then tell us that we need more fire trucks, or the whole city will burn down. Disappointing, but not surprising.

No comments:

Post a Comment