Arrow-right Camera
News >  Nation/World

Computer worm changed appraisal of Iranian threat

WASHINGTON – Just a few months ago, U.S. and Israeli officials were warning that Iran was a year away from having the capability to rapidly build a nuclear weapon. Speculation was intensifying that Israel would launch airstrikes to prevent that from happening.

But as the New Year dawned Western officials, with little fanfare, significantly revamped their estimates of Iran’s nuclear progress.

Israel’s strategic affairs minister, Moshe Yaalon, said Dec. 29 that the Islamic republic was at least three years away from a bomb. This month, the retiring head of Israel’s intelligence service, Meir Dagan, was even more optimistic, saying Iran wouldn’t be able to develop a nuclear warhead before 2015 at the earliest.

A few days later, Secretary of State Hillary Rodham Clinton also downplayed Tehran’s progress, saying, “Their program, from our best estimate, has been slowed down,” because of “technological problems.”

People who study computer warfare for a living have no doubt about what’s behind these reappraisals: Stuxnet, a game-changing computer worm that may herald a new era of shadowy digital combat.

Identified in June, Stuxnet is being called the most sophisticated cyber weapon ever unleashed because of the insidious way in which it is believed to have secretly targeted specific equipment used in Iran’s nuclear program.

Computer experts have examined the worm for months, and many believe Stuxnet was created by Israel or the United States as part of a covert effort to hamper Iran’s alleged drive for an atomic weapon. But the extent to which the operation succeeded had remained unclear.

In recent weeks, however, a rough consensus has emerged that Stuxnet has had a measurable effect. In addition to the remarks from U.S. and Israeli officials, the Institute for Science and International Security, an independent think tank, judged in late December that Stuxnet appears to have “set back Iran’s progress.”

Stuxnet “will undoubtedly reshape international security and foreign policy forever,” said John Bumgarner, chief technology officer of the U.S. Cyber Consequences Unit, a nonprofit research organization that studies cyber conflict. “It’s a tipping point that will usher in a cyber-defense revolution in military affairs.”

By wreaking havoc on gas centrifuges – spinning machines that separate isotopes to produce enriched uranium, which at higher levels can be used for nuclear bombs – the Stuxnet worm seems to have inflicted significant damage on Iran’s nuclear program, experts say.

“This is a really good example of what cyber war looks like,” said former White House terrorism adviser Richard Clarke, author of “Cyber War: The Next Threat to National Security and What to Do About It.” “It’s a precision-guided munition.”

The worm’s slow-motion trajectory, its ability to secretly seize control of machinery and the fact that its authors remain unknown offer lessons for the future of high-tech warfare.

Stuxnet is not the first apparent state-sponsored cyber attack: Other examples include a massive disruption of websites in Estonia in 2007 after a dispute with Russia, and Israel’s use of digital trickery to fool Syria’s air defenses when Israel bombed an alleged nuclear facility there in 2007.

But in those cases, it became fairly clear who was responsible. Stuxnet is the most significant development yet in the realm of cyber conflict, Bumgarner said, because of the lack of attribution. Although Iran would have been expected to respond ferociously to an Israeli or U.S. airstrike, no response has been forthcoming to Stuxnet, perhaps because Tehran can’t be sure of the culprit.

“Stuxnet takes it to a different level because … Iran doesn’t know who to retaliate against,” he said.

Stuxnet also proves it is possible to use malware to seize control of equipment that runs all sorts of features of a modern economy, from power grids to chemical plants. The U.S. and its allies have that capability, but so do Russia and China, experts say.

And Stuxnet may remain a persistent thorn in Iran’s side, said German expert Ralph Langner, who first disclosed that Stuxnet had targeted Siemens equipment used in Iran’s nuclear program.

In an e-mail, Langner said the Iranians would have to replace all the computer systems in their nuclear program to be sure they were rid of the worm, a tall order for a country under trade sanctions.

Iranian leaders downplay the worm’s damage. Iranian President Mahmoud Ahmadinejad said Nov. 29 that outside powers had “succeeded in creating problems for a limited number of our centrifuges with the software they had installed in electronic parts.”

Israeli and U.S. media reports since 2009 have quoted intelligence officials alluding to covert sabotage programs by both countries against Iran’s nuclear program. But neither country acknowledges creating Stuxnet.

One prominent war authority, Jeffrey Carr, has written a white paper suggesting China may have been behind it. Nor can Russia be ruled out, said Joel Brenner, a former senior counsel at the National Security Agency, which is deeply involved in offensive and defensive U.S. cyber operations.

One thing is clear, experts say: The worm is far too sophisticated to have been cooked up by basement hackers.

Stuxnet made use of four “zero day” vulnerabilities, openings in Microsoft Windows operating systems that were not previously known. Criminal hackers could have used such vulnerabilities to generate millions of dollars in illicit revenue by stealing banking and credit card information, which is one reason experts believe Stuxnet was the work of an intelligence service. Instead of making money, as some malware does, it cost money.

“This was written for one purpose,” Bumgarner said. “Sabotage of national critical infrastructure.”


Top stories in Nation/World

UN says over 25,000 people fled Yemen fighting at Hodeida

UPDATED: 12:34 p.m.

updated  The U.N. spokesman said on Monday that tens of thousands of residents have fled the fighting along Yemen’s western coastline where Yemeni fighters backed by a Saudi-led coalition are engaged in fierce battles with Iranian-backed Houthi rebels.