Report: Obama Authorized Stuxnet Attacks on Iran

Report: Obama Authorized Stuxnet Attacks on Iran
The worm, developed by U.S. and Israeli agencies, targeted Iran's nuclear program, the New York Times says
By Grant Gross
News Jun 2nd 2012

U.S. President Barack Obama ordered the Stuxnet cyberattacks on Iran in an effort to slow the country's development of a nuclear program, according to a report in The New York Times.

The Times, quoting anonymous sources, reported that, in the early days of his presidency, Obama accelerated attacks related to an effort begun by the George W. Bush administration. The Stuxnet worm, long rumored to have been developed by Israel or the U.S., escaped from Iranian computers in mid-2010 and compromised computers across the Internet.

The attacks will likely lead to a cyber arms race, security experts said. The report that the U.S. and Israel were behind Stuxnet is a "little disturbing," said Harry Sverdlove, CTO at Bit9, an IT security vendor. "It almost behooves other countries to say, 'Well, if I wasn't yet thinking about having a cyber arms program, I'd better get in the game,'" he said.

Obama considered shutting down the cyberattacks after Stuxnet began compromising other computers, but decided to continue with the program, according to the Times. The Stuxnet worm came from a joint U.S. and Israeli effort to target the Iranian nuclear program, the Times said. The newspaper interviewed U.S., Israeli and European officials currently and formerly involved with the cyberattack program, it said.

Stuxnet was discovered in July 2010, when a Belarus-based security company detected the worm on computers belonging to an Iranian client. The consensus of security experts at the time was that Stuxnet was built by a sophisticated attacker, likely a nation state, and was designed to destroy something big, such as Iran's Bushehr nuclear reactor. Security experts examining the worm when it was first discovered said that it placed its own code into systems installed with Siemens software, after detecting a certain type of Programmable Logic Controller (PLC) device.