Report: Obama Authorized Stuxnet Attacks on Iran
The worm, developed by U.S. and Israeli agencies, targeted Iran's nuclear program, the New York Times says
The report that the U.S. and Israel were behind Stuxnet will have broad geopolitical consequences, with more nations considering cyberattacksHarry SverdloveCTO, Bit9
The Times, quoting anonymous sources, reported that, in the early days of his presidency, Obama accelerated attacks related to an effort begun by the George W. Bush administration. The Stuxnet worm, long rumored to have been developed by Israel or the U.S., escaped from Iranian computers in mid-2010 and compromised computers across the Internet.
The attacks will likely lead to a cyber arms race, security experts said. The report that the U.S. and Israel were behind Stuxnet is a "little disturbing," said Harry Sverdlove, CTO at Bit9, an IT security vendor. "It almost behooves other countries to say, 'Well, if I wasn't yet thinking about having a cyber arms program, I'd better get in the game,'" he said.
Obama considered shutting down the cyberattacks after Stuxnet began compromising other computers, but decided to continue with the program, according to the Times. The Stuxnet worm came from a joint U.S. and Israeli effort to target the Iranian nuclear program, the Times said. The newspaper interviewed U.S., Israeli and European officials currently and formerly involved with the cyberattack program, it said.
Stuxnet was discovered in July 2010, when a Belarus-based security company detected the worm on computers belonging to an Iranian client. The consensus of security experts at the time was that Stuxnet was built by a sophisticated attacker, likely a nation state, and was designed to destroy something big, such as Iran's Bushehr nuclear reactor. Security experts examining the worm when it was first discovered said that it placed its own code into systems installed with Siemens software, after detecting a certain type of Programmable Logic Controller (PLC) device.
While several other countries may have offensive cybercapabilities, they appear to be "less organized" than the team that put together Stuxnet
A White House spokesman declined to comment on The New York Times story.
Obama raised concerns that the Stuxnet program, code-named Olympic Games, would embolden other countries, terrorists and hackers to use similar attacks, but concluded that the U.S. had no other options available against Iran, the Times story said.
The goal of the attacks was to gain access to the industrial computer controls in Iran's Natanz nuclear plant, the story said. The U.S. National Security Agency and a secret Israeli cyberunit developed the Stuxnet worm, the story said.
The report that the U.S. and Israel were behind the Stuxnet attack didn't surprise Snorre Fagerland, senior virus analyst with Norman, an IT security vendor in Lysaker, Norway. The Stuxnet worm was "orders of magnitude" more complex and sophisticated than previous cyberattacks, he said, and the creation of the malware would have needed significant resources.
It would have taken a team of 10 to 20 people to write Stuxnet, Fagerland said.
The report of U.S. involvement may lead to an increase in cyberattacks, with other countries stepping up their offensive cybercapabilities, Fagerland said. "It raises the stakes," he said. "That will cause others to think, 'They're doing it, so why shouldn't we?'"
While several other countries may have offensive cybercapabilities, they appear to be "less organized" than the team that put together Stuxnet, he added.
Stuxnet was sophisticated, but it was not difficult to copy after it was made public, said Bit9's Sverdlove. Iran recently announced it's been attacked by the Flame worm, a piece of malware that's 40 times the size of the original Stuxnet, he noted. "Now the bar has been raised yet again," he said.
The report that the U.S. and Israel were behind Stuxnet will have broad geopolitical consequences, with more nations considering cyberattacks, he added.
"The problem is that the barrier to entry to have even a moderately sophisticated cyber program is pretty small," Sverdlove said. "[Stuxnet] was a significant development effort. Now someone else can do this with a handful of guys in a garage.
The growing popularity of contactless payments and wearables are coming together on products such as the Apple Watch and the £24.99 (US$40) bPay wristband from British company Barclaycard.
Companies are finding it tough to keep out new types of banking malware, which continue to get better following the bar-raising threat known as Zeus.
A fleet of floating bio-robots will be deployed between Christmas Island and Madagascar next week to help gain an understanding of the physical and biological workings of the Indian Ocean.
Control over your data and its security are impaired when you pass it to a cloud provider, says Guy Betar.