"[Obama] repeatedly expressed concerns that any American acknowledgment that it was using cyberweapons—even under the most careful and limited circumstances—could enable other countries, terrorists or hackers to justify their own attacks. “We discussed the irony, more than once,” one of his aides said."
It's a new cold war. Eventually Iran will write viruses in return to attack US power grid.
All fun and games until Homeland Security Theater is given new powers to raid your home and shoot your dog if they think your computer is being used as part of a botnet.
This isn't nearly as terrifying as the Cold War with the USSR. We're not threatened with nuclear war, nor having the near misses that could trigger it (Cuban missile crisis). No one is building bomb shelters in their backyards, because right now the balance of power is very much in the United States' favor.
Could things get there with another nuclear enabled power like China? Maybe, in time. Iran is not an existential threat to the US, not anywhere close to what the Soviets were. The Israelis see things differently I'm sure, but this is far from the situation in 60s - 80s.
I wouldn't say Iran has the means (a.k.a knowledge) to go ahead and deploy the whole thing: virus development, infiltration, infection of devices within the power grid, and coming out unnoticed.
No, we are the aggressors here and I remain highly skeptical that Iran is even trying to do develop nuclear weapons. All the news outlets that speak English are biased as hell on this.
If you want real news instead of propaganda you have to watch RT or Al Jazeera. Both of which condemn the US and Israel. Not Iran.
The centrifuges could have been destroyed, and with loss of human life. The system itself was damaged. I wouldn't call this a "cold" war. It is a very real, very physical war(albeit precisely targeted, for now).
The fact that the NYT published this piece is interesting. Assume all details are true. Why did the dog bark rather than choose to be silent? And the sources. Assume all of this is true? Why feed the info to the NYT?
When coupled with recent revelations that Mr. Obama personally approves every killing of militants (for certain strained definitions of that term), the upcoming election springs to mind as a motivation. There may be alternate and contradictory reasons, all of which may be true. Many players, cross-purposes.
This could have remained hidden. Indeterminate. Who benefits from this revelation?
Former election strategist here. This is part of the Obama-Is-Tough roll-out, clearly done with current admin participation. Timed release to follow the "kill list" story and maybe even pre-empt the terrible jobs report.
All the same, it's pretty stunning that the Obama administration would trade its (public) plausible deniability on Stuxnet in order to "look tough" on America's enemies. Playing fast and loose with foreign policy...great plan, guys.
arstechnica is taking the NY Times article and extrapolating too much. Confirmed? No it's not. It was suspected before, and it still is.
And lost control would imply they could not control what it did to the target, which is incorrect. It did escape to the wild, but that's not really loosing control when it was designed to do nothing harmful on non target machines.
Unless David E. Sanger is a new Jayson Blair, I'd say the connection is confirmed, not just suspected. There are no weasel words in the article, meaning both the journalist, his editor, and NYT are putting their reputation at stake. This is as strong as a newspaper story gets.
I'm going to take the contrarian view here. If Iran had gotten to the point of enriching uranium to weapons-grade levels and Israel had done a pre-emptive strike, that would have gotten messy real fast. More messy than this. Disabling their centrifuges in a way where presumably no one died doesn't sound so bad to me considering the alternative. Again, just the contrarian viewpoint.
If your choices are between allowing Israel to start a new war in the middle east, or work with Israel on this risky new cyberweapon, I think most people would pick the cyberweapon.
What concerns me is the lack of evidence that all of their centrifuges were actually knocked. At the start of this they were enriching to 5%, now they are at 20%. That indicates to me that they have been progressing, not repairing knocked centrifuges. I realize it is still a LONG way from where they need to be for a workable weapon. I'm just wondering if stuxnet did nothing but a tiny bit of damage and a whole lot of 'show our hand'. A little like the whole drone debacle.
Thats is because Obama is a pussy. He doesn't have the guts to put Osamas head on a stake, dipped in pigfat, and he doesn't have the guts to tell Israel no.
Just remind them that we are the reason you exist and we can and will withdraw that support when we want to.
This feels similar to the Megaupload case; America desperately throwing its weight around outside it's borders, with a total disregard for the law. And, just like the Megaupload case, they have fucked up big time.
Why does the American govt. feel it has the right to choose who can become a nuclear power or not anyway?
To play Devil's Advocate: How did they "fuck up big time"? From what I can tell from press coverage Stuxnet did exactly what it was supposed to do - damage centrifuges at Natanz.
The original nytimes article implies that the U.S. started this program as a way to prevent Israel from responding in a military way to Iran's nuclear program.
But yes, it certainly does seem that nary a geopolitical snafu goes by without the U.S. being involved.
Some things are a question of right, some things are a question of need or interest. The US has enemies and it doesn't want them to have nuclear weapons.
It is anything but confirmed. Arstechnica writes an article about an article in the NYT (a paper that doesn't have the best track record reporting about cyber events and control system security issues to begin with) that cites no credible sources.
Also, you don't "lose control" of something like this, it was designed with many ways to spread. If control was lost it was during the spec/coding phase, not after deployment.
“Should we shut this thing down?” Mr. Obama asked, according to members of the president’s national security team who were in the room.
It is generally safe to assume, whether you admire the NYT (like me) or don't (like 'patio11), that there's an actual source with a credible claim to have been in the room with the President who did in fact tell David E. Sanger that this happened. People have accused the NYT of bending the truth in lots of ways, but misreporting a White House meeting is not one of those ways.
I'm annoyed to have to write this, because I'm one of the people who thought the Stuxnet thing was marvelously overhyped and unlikely to be true. Friends of mine who are much smarter than me thought the worm might have just been a cover for direct sabotage. Nope; it seems like the government was exactly as simultaneously savvy and idiotic as online pundits had claimed it was.
The sources aren't named, but it would be a pretty major, major slip-up to specifically claim to site NSA advisers if it were made up out of whole cloth. As in, career ending for the writer. For example, "...according to members of the president’s national security team who were in the room." Journalists don't drop phrases like that lightly, and you don't have access to several NSA members and high-ranking US officials unless this leak is 100% sponsored by the Administration. It clearly was: one can tell by the quantity and range of officials that were interviewed who demonstrate, at points, first-hand knowledge of the situation.
Now, the question of whether these NSA advisers are -lying- as part of a propaganda campaign is a fair question. I wouldn't be shocked if they were, but everything that I have anecdotally read about Stuxnet and just using common sense, tells me--a layman on the outside looking in--that there is a pretty decent probability this is true, or at least pretty close to the truth.
Clearly, the timing of this is politically relevant. The President wants to take credit for it to boost his domestic stock in the runup to the election.
He can repeat these two key points whenever he is questioned on foreign policy:
1) I killed Bin Laden
2) I'm the guy who set the maniacal Ahmadinejad's nuclear ambitions back. The guy who is preventing the destruction of Israel.
Regardless of your political persuasion, these are potent points that have a chance to resonate with the electorate.
(fwiw: I'm not particularly in love with the NYTimes. I don't have an affinity for any particular newspaper anymore. I'm not defending the newspaper, just pointing out the likely reality as I understand it)
How much more do you think you can reasonably expect for an ongoing covert national security program?
If the article is wrong, it would be a massive screw up. Huge. Historical. The kind of thing that would prompt a strong rebuke from the named countries and individuals.
In fact it's a remarkably well sourced article given the context and a cynical person might speculate on the timing of this revelation in regards to the upcoming election.
But yeah, it's confirmed. And I suggest you read the full NYT article (if you haven't). The Ars summary adds little value and elides many details that make the overall story more credible.
The one part of the article that sticks out to me is that they "lost control" of the virus. I wonder if this is really true. Politically, it probably sounds better to say, "oops, this was only meant for Iran. Somebody messed up" than to have to field questions from reporters:
"Why does the United States think it is okay to infect hundreds of thousands of computers with this virus?"
"Is it ethical to introduce security holes or exploit security holes of everyday citizens of allies?"
"Do you take responsibility for the collateral damage? Have you committed an act of aggression on nation-states you are not in conflict with? How does that affect your relations with these nations?"
I wonder if this is their easy way to set themselves up to say, "This is complicated technology, our primary goal is to stop a dangerous nation from getting a dangerous weapon. We apologize for any collateral." even if that statement was false.
Perhaps it was necessary for the virus to spread to ensure the success of the mission and that cost was accepted, but they just don't want to admit it publically because of what it would open themselves up to.
If Israel had physically bombed the Iranian plant would that not started another major war in the Middle East? I am not saying this is an elegant solution to cross border conflict but war was avoided.
Everyone in the hacker community knows this was coming. This is going to get much worst before it gets better. Power outages in Brazil, China/Google event last year, and stuxnet.
As the article says:
"Stuxnet is old news by now. Even the newly discovered "Flame" malware was developed some time ago. While details about these two targeted attack packages are finally emerging, the next generation of attack tools has no doubt been developed and likely deployed."
> If Israel had physically bombed the Iranian plant would that not started another major war in the Middle East?
Who would be the combatants? One of the few actually interesting things that came out of the leaked diplomatic cables was that many of the major Middle East countries want Iran's nuclear program stopped, with Saudi Arabia actually repeatedly urging the US to attack.
In light of that, I'd expect that if Israel attacked it would be publicly condemned by the rest of the Middle East countries, but most would secretly be relieved.
Wasn't the US all up in arms about how China was increasingly using cyber-warfare on both foreign government and corporate interests?
Then it turns out they are doing it themselves? Tut Tut. Though not really surprising.
I do feel though that with the success that lolsec had last year very few companies / governments are prepared against a concerted attempt to access their data.
> American, European and Israeli officials involved in the program, as well as a range of outside experts. None would allow their names to be used because the effort remains highly classified, and parts of it continue to this day.
Convenient. Not only was the reporter able to secure one reliable, anonymous, highly privileged source to confirm the story, but he found multiple!
If the UN security council was a fair body Stuxnet would be judged to be an unprovoked act of war and the US and Israel would be sanctioned in some way. But of course the US gets to have it's thumbs on the UNSC scales. But the question is, if the US is going to blatantly abuse its privileged position like this how long is it going to last? There has been a Western consensus on a liberal framework for international law going back to WWII which was based on the idea that we are the good guys, democratic, moral, law abiding, etc. GWBush and Obama have been doing their best to destroy that because of lobbying by our war mongering Israeli "friends".
The fact that one of the most powerful nations in the world not only created one of the most notorious viruses in the world but lost control of it is madness. Its original purpose was to cause hardware to physically destroy itself. Imagine if, by sheer coincidence, the commands for that were the same as the commands for something like a nuclear reactor's cooling turbines?
It's incredibly improbable but not impossible. That makes this a hugely dangerous and downright stupid occurrence. America shouts at Pakistan for losing control of its nukes and then develops, with a country that has some reputation for overkill (Israeli invasion of Gaza being a prime example), a dangerous weapon in software form, then doesn't pay attention to what the thing actually does? Where's the review process? How does something like the software being modified so it can infect and spread on common consumer systems so rapidly (I'm assuming that the modifications were to the way it spread, not sure) get missed? It's crass carelessness.
International espionage is half offence and half tact. It's not espionage if everyone finds out about it.
So let me get this straight, they lost control of it and it ended up inside an Iranian power plant? You can't lose control of something so specifically tailored. The possible targets of this thing could be a few hundred installations around the globe so the motivation of stealing it, if it's even remotely possible to steal something like that, should be very low.
You know what's most surprising about this? That the developers, knowing fine well it was for a single target and the damage it could do in the wild, didn't implement a kill switch.
Quite frankly cowboy coding like that is why we'll end up with Skynet becoming self-aware.
Actually, in this case, a kill switch would be a bad idea for the original coders. It opens the possibility of the target rendering the attack pointless.
Imagine a tank with a nice big, red button that shuts down the internal systems instantly. Now imagine that button on the outside of the tank. Sure, you could put some kind of password encoded lock on the button but it's a huge START HERE sign on the outside of the protection of the tank.
How do you put a kill switch in? The entire point was for it to be on an offline system, and the traffic for it checking for Internet to in turn check for an order like that might have given the game away.
It sounds like they had something to check it wasn't outside and someone just screwed up.
The truth is, if you love the Internet you had better start fighting to stop these escalations. Otherwise, it will cease to exist. The first time a massive attack causes real fear in western civilization, people will start questioning how much they really need it in their lives.
The lack of plausible deniability will lead to escalation. Once it does, national security (from the perspective of each country) will govern it's growth, not freedom.
[+] [-] strags|14 years ago|reply
"Irony" is the wrong word. It's "hypocrisy".
[+] [-] ck2|14 years ago|reply
All fun and games until Homeland Security Theater is given new powers to raid your home and shoot your dog if they think your computer is being used as part of a botnet.
[+] [-] hieronymusN|14 years ago|reply
Could things get there with another nuclear enabled power like China? Maybe, in time. Iran is not an existential threat to the US, not anywhere close to what the Soviets were. The Israelis see things differently I'm sure, but this is far from the situation in 60s - 80s.
[+] [-] Pelayo|14 years ago|reply
[+] [-] rodolphoarruda|14 years ago|reply
[+] [-] antonioevans|14 years ago|reply
[+] [-] rbanffy|14 years ago|reply
Moore's Law of Mad Science.
[+] [-] unknown|14 years ago|reply
[deleted]
[+] [-] cynoclast|14 years ago|reply
If you want real news instead of propaganda you have to watch RT or Al Jazeera. Both of which condemn the US and Israel. Not Iran.
[+] [-] wissler|14 years ago|reply
[+] [-] philiphodgen|14 years ago|reply
When coupled with recent revelations that Mr. Obama personally approves every killing of militants (for certain strained definitions of that term), the upcoming election springs to mind as a motivation. There may be alternate and contradictory reasons, all of which may be true. Many players, cross-purposes.
This could have remained hidden. Indeterminate. Who benefits from this revelation?
[+] [-] ruttingchimpanz|14 years ago|reply
All the same, it's pretty stunning that the Obama administration would trade its (public) plausible deniability on Stuxnet in order to "look tough" on America's enemies. Playing fast and loose with foreign policy...great plan, guys.
[+] [-] ars|14 years ago|reply
And lost control would imply they could not control what it did to the target, which is incorrect. It did escape to the wild, but that's not really loosing control when it was designed to do nothing harmful on non target machines.
Better to read the original, and the discussion on it: http://news.ycombinator.com/item?id=4052330
[+] [-] abrahamsen|14 years ago|reply
[+] [-] forza|14 years ago|reply
[+] [-] ascendant|14 years ago|reply
[+] [-] eli|14 years ago|reply
If your choices are between allowing Israel to start a new war in the middle east, or work with Israel on this risky new cyberweapon, I think most people would pick the cyberweapon.
[+] [-] bilbo0s|14 years ago|reply
[+] [-] moron|14 years ago|reply
[+] [-] tomjen3|14 years ago|reply
Just remind them that we are the reason you exist and we can and will withdraw that support when we want to.
[+] [-] Fizzadar|14 years ago|reply
Why does the American govt. feel it has the right to choose who can become a nuclear power or not anyway?
[+] [-] joshmaker|14 years ago|reply
[+] [-] hieronymusN|14 years ago|reply
[+] [-] xaa|14 years ago|reply
But yes, it certainly does seem that nary a geopolitical snafu goes by without the U.S. being involved.
[+] [-] netcan|14 years ago|reply
[+] [-] unknown|14 years ago|reply
[deleted]
[+] [-] rooshdi|14 years ago|reply
http://www.youtube.com/watch?v=Cr7ePrCAqzo
[+] [-] ikwm|14 years ago|reply
[deleted]
[+] [-] dpeck|14 years ago|reply
Also, you don't "lose control" of something like this, it was designed with many ways to spread. If control was lost it was during the spec/coding phase, not after deployment.
[+] [-] tptacek|14 years ago|reply
“Should we shut this thing down?” Mr. Obama asked, according to members of the president’s national security team who were in the room.
It is generally safe to assume, whether you admire the NYT (like me) or don't (like 'patio11), that there's an actual source with a credible claim to have been in the room with the President who did in fact tell David E. Sanger that this happened. People have accused the NYT of bending the truth in lots of ways, but misreporting a White House meeting is not one of those ways.
I'm annoyed to have to write this, because I'm one of the people who thought the Stuxnet thing was marvelously overhyped and unlikely to be true. Friends of mine who are much smarter than me thought the worm might have just been a cover for direct sabotage. Nope; it seems like the government was exactly as simultaneously savvy and idiotic as online pundits had claimed it was.
Depressing.
[+] [-] gavinlynch|14 years ago|reply
Now, the question of whether these NSA advisers are -lying- as part of a propaganda campaign is a fair question. I wouldn't be shocked if they were, but everything that I have anecdotally read about Stuxnet and just using common sense, tells me--a layman on the outside looking in--that there is a pretty decent probability this is true, or at least pretty close to the truth.
Clearly, the timing of this is politically relevant. The President wants to take credit for it to boost his domestic stock in the runup to the election.
He can repeat these two key points whenever he is questioned on foreign policy:
1) I killed Bin Laden 2) I'm the guy who set the maniacal Ahmadinejad's nuclear ambitions back. The guy who is preventing the destruction of Israel.
Regardless of your political persuasion, these are potent points that have a chance to resonate with the electorate.
(fwiw: I'm not particularly in love with the NYTimes. I don't have an affinity for any particular newspaper anymore. I'm not defending the newspaper, just pointing out the likely reality as I understand it)
[+] [-] eli|14 years ago|reply
If the article is wrong, it would be a massive screw up. Huge. Historical. The kind of thing that would prompt a strong rebuke from the named countries and individuals.
In fact it's a remarkably well sourced article given the context and a cynical person might speculate on the timing of this revelation in regards to the upcoming election.
But yeah, it's confirmed. And I suggest you read the full NYT article (if you haven't). The Ars summary adds little value and elides many details that make the overall story more credible.
[+] [-] brown9-2|14 years ago|reply
Do you have any citations for what you are referring to here? I'd like to read more about this topic (and the NYT) if you have the info available.
[+] [-] gavinlynch|14 years ago|reply
"Why does the United States think it is okay to infect hundreds of thousands of computers with this virus?"
"Is it ethical to introduce security holes or exploit security holes of everyday citizens of allies?"
"Do you take responsibility for the collateral damage? Have you committed an act of aggression on nation-states you are not in conflict with? How does that affect your relations with these nations?"
I wonder if this is their easy way to set themselves up to say, "This is complicated technology, our primary goal is to stop a dangerous nation from getting a dangerous weapon. We apologize for any collateral." even if that statement was false.
Perhaps it was necessary for the virus to spread to ensure the success of the mission and that cost was accepted, but they just don't want to admit it publically because of what it would open themselves up to.
[+] [-] antonioevans|14 years ago|reply
Everyone in the hacker community knows this was coming. This is going to get much worst before it gets better. Power outages in Brazil, China/Google event last year, and stuxnet.
As the article says: "Stuxnet is old news by now. Even the newly discovered "Flame" malware was developed some time ago. While details about these two targeted attack packages are finally emerging, the next generation of attack tools has no doubt been developed and likely deployed."
[+] [-] tzs|14 years ago|reply
Who would be the combatants? One of the few actually interesting things that came out of the leaked diplomatic cables was that many of the major Middle East countries want Iran's nuclear program stopped, with Saudi Arabia actually repeatedly urging the US to attack.
In light of that, I'd expect that if Israel attacked it would be publicly condemned by the rest of the Middle East countries, but most would secretly be relieved.
[+] [-] bobsy|14 years ago|reply
Then it turns out they are doing it themselves? Tut Tut. Though not really surprising.
I do feel though that with the success that lolsec had last year very few companies / governments are prepared against a concerted attempt to access their data.
[+] [-] forgotusername|14 years ago|reply
> American, European and Israeli officials involved in the program, as well as a range of outside experts. None would allow their names to be used because the effort remains highly classified, and parts of it continue to this day.
Convenient. Not only was the reporter able to secure one reliable, anonymous, highly privileged source to confirm the story, but he found multiple!
[+] [-] guelo|14 years ago|reply
[+] [-] derrida|14 years ago|reply
[+] [-] domwood|14 years ago|reply
International espionage is half offence and half tact. It's not espionage if everyone finds out about it.
[+] [-] azernik|14 years ago|reply
[+] [-] bitwize|14 years ago|reply
[+] [-] elorant|14 years ago|reply
[+] [-] nicholassmith|14 years ago|reply
Quite frankly cowboy coding like that is why we'll end up with Skynet becoming self-aware.
[+] [-] talmand|14 years ago|reply
Imagine a tank with a nice big, red button that shuts down the internal systems instantly. Now imagine that button on the outside of the tank. Sure, you could put some kind of password encoded lock on the button but it's a huge START HERE sign on the outside of the protection of the tank.
[+] [-] 46Bit|14 years ago|reply
It sounds like they had something to check it wasn't outside and someone just screwed up.
[+] [-] dantheman|14 years ago|reply
[+] [-] discordance|14 years ago|reply
[+] [-] lstroud|14 years ago|reply
The lack of plausible deniability will lead to escalation. Once it does, national security (from the perspective of each country) will govern it's growth, not freedom.