Why Stuxnet Was Developed by the Israelis

Thursday, October 14, 2010

Danny Lieberman

959779642e6e758563e80b5d83150a9f

Who developed Stuxnet?  Was Stuxnet developed by the Israeli Sigint unit 8200 or was it a group of Americans, Germans and Israelis working in collaboration?

There has been a flurry of articles about Stuxnet in the Israeli papers, speculating on the source of the Stuxnet virus and discussing if this is the beginning of cyber war (it isn’t…).

Recently  I saw two articles - one an opinion piece and the other a review of the technology for the readers of the daily news.

The best work yet on the topic of Stuxnet and Israel is an outstanding essay written by Caroline Glick in the Jerusalem Post on October 1, 2010 – here is an excerpt:

IF we assume that Stuxnet is an Israeli weapon, what does it show us about Israel’s position vis-à-vis its enemies? What Stuxnet shows is that Israel has managed to maintain its technological advantage over its enemies. And this is a great relief. Israel has survived since 1948 despite our enemies’ unmitigated desire to destroy us because we have continuously adapted our tactical advantages to stay one step ahead of them. It is this adaptive capability that has allowed Israel to win a series of one-off battles that have allowed it to survive.

But again, none of these one-off battles were strategic game-changers. None of them have fundamentally changed the strategic realities of the region. This is the case because they have neither impacted our enemies’ strategic aspiration to destroy us, nor have they mitigated Israel’s strategic vulnerabilities. It is the unchanging nature of these vulnerabilities since the dawn of modern Zionism that gives hope to our foes that they may one day win and should therefore keep fighting.

Israel has two basic strategic vulnerabilities.

The first is Israel’s geographic minuteness, which attracts invaders. The second vulnerability is Israel’s political weakness both at home and abroad, which make it impossible to fight long wars.

Some Israelis have been quick to claim that the code was not sophisticated enough or that its distribution method was too sloppy to make it a military operation.

While I do not subscribe to a theory that Stuxnet signals the advent of cyber-war (targeted malware has been around for over 5 years), I think it would be naive to dismiss Stuxnet as just another virus.

Underestimating threats is a third strategic vulnerability I would add to the geographic minuteness and political weakness both at home and abroad that the esteemed Ms. Glick has already mentioned.

We can only speculate on the actual intent of the Stuxnet malware – direct attacks on Iranian nuclear weapons program SCADA systems or perhaps  intelligence gathering.  

It is possible that the rapid proliferation of Stuxnet into India, Pakistan and Indonesia is indeed an act of purposeful intelligence gathering – following the trail of removable devices and network connectivity used by people from countries collaborating with the Iranian nuclear weapons program.

Maybe, maybe not. 

The  software developers who  wrote the attack code and the Stuxnet architects are not giving out interviews, but in truth – kernel level software development and cryptographic expertise have nothing to do with it.

Like any military operation – there needs to be motive, means and opportunity – all 3 of which point at a military operation targeted at the Iranian nuclear effort, and as Sun Tzu wrote, better to run quick and dirty military operations than to wait for the consequences:

I have heard of military operations that were clumsy but swift, but I have never seen one that was skillful and lasted a long time. Master Sun (Chapter 2 – Doing Battle, the Art of War)

Motive – Israeli wants to mitigate the Iranian nuclear threat. Means – exploit software vulnerabilities in the Siemens SCADA systems (they hard code passwords and use Microsoft Windows). Opportunity – the sooner the better.

Precisely for these reasons, and as Caroline Glick noted; Stuxnet is a one-off operation that did not have to be extremely precise – whether the mission objective was to disrupt Iranian nuclear weapons program SCADA systems or collect information.

Cross-posted from Israeli Software

Possibly Related Articles:
14266
Viruses & Malware
Military
SCADA Stuxnet
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.