Beware the Cyber War Boomerang?

Most sophisticated cyber weapon could turn on vulnerable U.S. infrastructure.

ByABC News
January 26, 2011, 12:35 PM

Jan. 28, 2010 — -- The leak prone governments of the United States and Israel seem to be competing to claim credit for a cyber war attack on Iran's nuclear weapons program, while officially refusing to confirm or deny their role in the "Stuxnet" computer worm.

Stuxnet, in case you have missed all the leaks, is the name the computer security companies have agreed on to denote the most sophisticated, most targeted computer attack ever seen. It was launched in late 2008 or early 2009 and became publicly known mid-way through 2010 when Iran hired a computer security company from Belarus to find out why the nuclear enrichment program was not working. The short version of the story that is now widely accepted is that a nation state (or two) had someone with a thumb drive deposit a very smart attack program on the computer network that runs Iran's nuclear centrifuges. The program stealthily caused the centrifuges to malfunction and may have thereby slowed the Iranian nuclear program by from one to threeyears. We appear to have avoided dropping Israeli bombs by infiltrating American bytes.

Richard Clarke appeared on "Brian Ross Investigates" to discuss Stuxnet and its implications. CLICK HERE to see the report.

Many politicians in Washington and Tel Aviv are now giving high fives to their friends in the intelligence business when they think no one will see it. Not so fast. Yes, the precision guided cyber attack was apparently successful at slowing the Iranian drive to get weapons grade uranium. It was, however, a major failure in two important regards.

First, it was discovered. It may have taken some hackers from Minsk to do it, but the stealthy attack code was identified. The attackers intent seems to have been to avoid detection, so that the Iranians might doubt their own skills at enrichment. Moreover, as a covert program, the attack was meant to be not only unknown, but unattributable. The Iranian government could avoid acknowledging publicly that it had been attacked. Therefore, they would not be under any internal pressure to retaliate. With the attack now the subject of international press attention and the Iranian president forced to admit it happened, we should be standing by for the retaliation. It need not be in cyberspace, but could instead come in the form of increased deaths of Americans in Iraq and Afghanistan from Tehran's vast supply of road side bombs. Or it could come in cyberspace, aided by the second failure of Stuxnet.

Second, the cyber agent Stuxnet was captured and successfully interrogated. That was not supposed to happen. The attack program had built in to it all sorts of collateral damage controls, including instructions to kill itself after a date certain in 2009. Those controls, most unusual in the world of hackers but common in certain countries covert action programs, failed apparently because the weapon's designers took the collateral damage controls less seriously than they did the ingenious attack. For a hacker, attacking is always more interesting than pleasing the lawyers. Thus, after laying low the Iranian nuclear enrichment centrifuges at Natanz, the worm made its way from that plant's supposedly isolated, internal computer network to freedom in cyberspace. Thousands of other computers in Iran were infected, as were many in countries such as Pakistan, India, Indonesia, and even a few in the United States.