The U.S. and Israel were responsible for creating the Stuxnet computer worm that wreaked havoc with Iranian nuclear facilities, later spreading to the Internet in 2010. THat’s according to a report from The New York Times, since confirmed by other news organizations.
And the first salvos in the massive cyberattack were launched via an unassuming piece of technology: a thumb drive.
The report, excerpted from the upcoming book Confront and Conceal: Obama’s Secret Wars and Surprising Use of American Power, details how the U.S. conceived, created, tested and deployed Stuxnet, in partnership with Israel. After the program, code-named Olympic Games, successfully tested the worm, the big challenge was physically getting it into Iran’s Natanz nuclear plant.
The answer turned out to be simpler than U.S. officials thought, since some plant personnel weren’t very careful with the thumb drives they were carrying. Thumb drives were “critical” in the initial Stuxnet attacks — which began in 2008 — although unspecified “more sophisticated” means were later used.
“It turns out there is always an idiot around who doesn’t think much about the thumb drive in their hand,” one of the program’s architects said.
Olympic Games began in 2006 under President Bush, and he urged President Obama to continue the program. Obama did, although he considered pulling the plug on it in 2010 when some of the code “escaped” from Natanz to the Internet.
Due to an error in the code, which U.S. officials suspect was introduced by the Israelis, Stuxnet remained active on an Iranian engineer’s laptop even when he was away from the plant. When he connected to the Internet, Stuxnet got out, potentially infecting thousands of machines.
Obama grew concerned about potential damage the worm could inflict, as well as what would happen when cyber-security officials were able to dissect the code and determine its purpose. Without concrete info on the consequences of the leak, and with Stuxnet still being the administration’s best option in disrupting Iran’s nuclear ambitions, the president authorized Olympic Games to continue.
Stuxnet’s origins were debated by security experts after its discovery, though it was generally thought to be a U.S. creation. More recently, the “Flame” cyber weapon was discovered, which is potentially much more destructive. Its origin is unknown, and U.S. officials have denied responsibility.
What’s your take on Stuxnet? How long until cyber threats outweigh the possibility of actual warfare? Have your say in the comments.