In June of 2010, a security firm in Belarus called VirusBlokAda reported the first known citing of what we know now as Stuxnet. It was, simply put, the most advanced malware of all time. Its target? Iran. Its origin? Unknown. Until now.
The New York Times is reporting today that the source of the worm so advanced some thought it was alien weapon was us. And it wasn’t the first.
Let The Games Begin
There are wars that we know about, like the one in Afghanistan. And there are the ones we suspect, like the special forces operations taking part throughout the world. But it turns out there’s another war, an invisible one, with programmers wielding code as vigorously as soldiers do their M16s. It’s called operation Olympic Games, and it’s been waged against Iran for nearly a decade.
Olympic Games began under the Bush administration, in 2006, reports the NYT. That’s when a widely reported tour of Iran’s Natanz nuclear plant made White House officials anxious enough to consider military action. Stop uranium enrichment at all cost, was the part line. But bombs are messy, and lead to more and bigger bombs; not ideal for a region that’s already unstable.
An alternative presented itself:
The goal was to gain access to the Natanz plant’s industrial computer controls. That required leaping the electronic moat that cut the Natanz plant off from the Internet – called the air gap, because it physically separates the facility from the outside world. The computer code would invade the specialised computers that command the centrifuges.
A blockade, then, not off supplies. But of information. Lines of code infiltrating high command positions. This is how we fight now.
A Human Element
The new weapon took time and resources to develop. US called on help from Israel (see the NYT for the full, fascinating story of the collaboration). It resurrected some old P-1 centrifuges it had confiscated when Qaddafi gave up his nuclear ambitions, testing the delicate Stuxnet worm on its outdated technology to make sure that it worked. And then it headed straight for the real thing.
While Stuxnet may not have been discovered until 2010, but it was first deployed in 2008, when Iran found that its centrifuges began “spinning out of control.” But how did it get there in the first place? Good old fashioned spies.
It’s long been known that the US has people on the ground, undercover, in Iran; a dozen were sadly captured last year. Armed with thumb drives, they pumped Natanz’s belly full of Stuxnet. It would wreak havoc with Iran’s nuclear ambition for years.
Blown Cover
As the NYT reports, it could be argued that what gave Stuxnet away is that it was too effective. Like King Kong throwing off its shackles in the theatre and rampaging through Manhattan, Stuxnet escaped Natanz and began replicating itself. It seems that someone got a little overzealous:
“We think there was a modification done by the Israelis,” one of the briefers told the president, “and we don’t know if we were part of that activity.”
Mr. Obama, according to officials in the room, asked a series of questions, fearful that the code could do damage outside the plant. The answers came back in hedged terms. Mr Biden fumed. “It’s got to be the Israelis,” he said. “They went too far.”
And so the plug was pulled.
The Battle Is Not The War
According to the NYT, while Stuxnet may be over, Olympic Games proceeds apace. We’ve used cyberweapons in other countries, and will continue to do so. Even now, massive spyware called Flame is hitting Iran — although it appears to predate the Bush initiative, and can’t be traced back to the US.
It’s not a one-sided fight, either. China has been notorious for engaging in cyber warfare with the US and others. Iran will surely attempt to respond to Stuxnet in kind. And the barrier to entry is so low — anyone can attack anyone, from anywhere, at any time — that we could well face threats from areas we’d never bothered to consider harmful.
Go read the full story at the NYT. It’s a thrilling, in-depth look at our invisible war. And a blueprint, perhaps, for how we’ll fight — and be fought — for decades to come. [NYT]