Threat of highly sophiscated cyber weapon against infrastructures is now reality

This is indeed a hugely important occurance.

If it is attacked, Iran has threatened to retaliate with an attack on all important targets in the gulf belonging to its enemies and the allies of its enemies.

However it seems it has been attacked, but not by physical force, instead there are reports of 60,000 of its computers containing Malware, but apparently the virus hasnt caused major problems!?

Computer worm infects Iran's nuclear station - Telegraph

At the moment it is hard to figure out how much damage has been done, let alone what the outcome will be, can Iran even fully retailate? or has its weapons systems been attacked in the same manner that Syrias were a while ago

will be watching this one closely

China is hit too.

Originally Posted by Asymptote

The appearance of Stuxnet created a ripple of amazement among computer security experts. Too large, too encrypted, too complex to be immediately understood, it employed amazing new tricks, like taking control of a computer system without the user taking any action or clicking any button other than inserting an infected memory stick.

Why is this amazing? This happens all the time.

israel use computer virus to shut down syria air defense system,during there attack against intelligent believe to be nuclear reactor under construction.
computer virus may have come from USAF, according to atimes.com USAF developed the computer virus as part of there "grand safari" program.
during the bombing of serbia, US uses computer virus against serbian airdefense system, but the outcome still not yet known.

Originally Posted by challenge

israel use computer virus to shut down syria air defense system,during there attack against intelligent believe to be nuclear reactor under construction.
computer virus may have come from USAF, according to atimes.com USAF developed the computer virus as part of there "grand safari" program.
during the bombing of serbia, US uses computer virus against serbian airdefense system, but the outcome still not yet known.

That is not true. Electronic warfare is not just sending computer virus... there are more to it.

In actual fact, no one actually know for sure how Israel defeated Syria's ADS, because no information is available... and all that was on net was nothing but speculation. (ref: http://www.airforce-technology.com/f...s/feature1625/)

Once again... for the umpteenth time, don't state something without any backing.

Superbug that attacked 6 mn computers in China traced to US - The Economic Times

Superbug that attacked 6 mn computers in China traced to US

BEIJING: The much-feared new cyber-weapon, the 'Superbug', which has attacked over six million personal and almost 1,000 corporate computers in has been traced to the US, official media reported today.

The Stuxnet cyberworm can break into computers and steal private information, especially from industrial firms, sending it back to a server in the , state-run quoted Wang Zhantao, an engineer at the Beijing-based , an antivirus service producer in China, as saying.

The super virus made use of a bug in Siemens auto-control systems used in industrial manufacturing to skip the security check, Wang who has been vastly quoted in the local media for the past few days, said.

The virus can copy itself and spread via U-disk in the network of a company and government.

"Hackers may take control of a company's machinery run under computers infected by Stuxnet, and give dangerous orders causing serious damage," he said.

The company has developed softwares to kill the virus, which can be downloaded for free from the company's official website, he said.

Official media has been carrying reports about the superbug virus for the past few days said it contained sophisticated malicious software, or malware, believed to be a "new cyber-weapon," which infiltrates mainly factory computers in China threatening the country's national security.

The Stuxnet worm was first discovered in mid-June and was specially written to attack Siemens supervisory control and data (SCADA) systems commonly used to control and monitor industrial facilities - from traffic lights and oil rigs to power and nuclear plants, state run Global Times daily reported few days ago.

"This malware is specially designed to sabotage plants and damage industrial systems, instead of stealing personal data. It will seriously threaten pillar industries in China, which has 420 million internet users," Wang said.

"Once Stuxnet successfully penetrates factory computers in China, those industries may collapse, which would damage national security," he said adding that it posed no harm to personal computers or Internet surfers.

Well most countries like the Russian Fed , China and even India is already on the path to establish cyber defense systems....in fact there was a news bit recently about PLA officers being trained in Cyber Warfare....both offensive and defensive aspects of it....however the report went on to mention that while the Chinese offensive capability was quite credible its defensive shields were porous and could be easily penetrated by a foreign agency.....this Worm attack originating from the U.S is quite likely to have covert U.S govt backing....with a purpose to probe how robust the Chinese Cyber defense is....

Well i found two interesting pieces that could add to this thread.

Israeli unit behind Iran Nuclear plant attack - The Times of India

The idea that Israel was responsible is a theory that has been spread around the net for a while now, though I think its just as likely it was done to implicate Israel, or just naive to think another culture wouldn't use biblical references.

The Associated Press: Air Force declares cyberwarfare unit operational

Incidentally the US has finally made their own cyber warfare department operational, so perhaps it was in fact a US weapon.

I must say so far there's just no credible source that can reliably say were the worm originated. There's a lot of possibilities that may even have some merit, but nothing even is close to being conclusive.
I've read one article saying the worm showed up in India, disabling some kind of satcom system so indian sat users now have to use a chinese sat, wich suggests China is behind the attack to help it's own industry.
Basicly, up until now the whole world is responsible for this thing with the intent of harming every other country on the planet.
Another article somewhere claimed that stuxnet actually hit it's itended target already in january and wasn't therefore detected for half a year.

Whatever it is, it at least seems to be a really sophisticated thing that most likely hints at a national departments work that is either tested or actually at work. This incident is now probably an eye opener to the broad public I suspect, so a lot more people will get a climpse of how vulnerable a modern IT based society can be.

Interestingly, one of the first group to dissect the Stuxnet is Langner Communication of Germany.

Their analysis points strongly to Israel or US being the perpetrator of this attack - due mainly to the "finger printing process and specific algorithm used to stop a very specific industrial process" - this worm wasn't design to shut down anything else but a specific target - and it is strongly suggested it was designed to shut down Iran's Bushehr nuclear power plant.




........."Among its peculiar capabilities is a fingerprinting technology which allows it to precisely identify the systems it infects. It appears to be looking for a particular system to destroy at a specific time and place. Once it has infected a system it performs a check every 5 seconds to determine if its parameters for launching an attack are met."


".....Now you may ask, what about the many other infections in India, Indonesia, Pakistan etc. Strange for such a directed attack. Than, on the other hand, probably not. Check who comissions the Bushehr plant. It's a Russian integrator that also has business in some of the countries where we see high infection rates. What we also see is that this company too doesn't seem to be overly concerned about IT security. As I am writing this, they're having a compromised web site (http://www.atomstroyexport.com/index-e.htm) that tries to download stuff from a malware site that had been shut down more than two years ago (www.bubamubaches.info). So we're talking about a company in nukes that seems to be running a compromised web presence for over two years? Strange."

....."Operation myrtus can be broken down into three major stages: Preparation, infiltration, and execution."


Langner Communications: The Production-to-Business Company



It occurs to me only Israel and US have such extensive doctrine in preparation, infiltration and execution of such complex operation. This is not run of the mill cyber attack, but requires the extensive coordination of physical intelligence (MOSSAD comes to mind, or CIA), planting the worm into target's computer/laptop (may even be physically); and extensive understanding of industrial process and machine.


Another thing I notice is that the ORIGINAL EPIDEMIC CENTER was Iran - this is the intended target all along. Then the virus travel eastward, to India, then finally China. Since this virus is design SO SPECIFICALLY for targeting a particular target, it is clear the first center of epidemic is the intended target - the rest are "collateral".
This was obviously initiated by a highly sophisticated inter-agency mililtary operation. The design of the worm tells us this. And since this is a military operation, you don't spread your bullets and pray hoping it will hit the target. You target. Which reinforce the idea that Iran was the target from the beginning because of the high level of saturation of such worm right at the beginning.


Langner Communication's analysis is quite indepth, where as the Jeffrey Carr that accuse China as behind this has nothing to show for but red herring. I am guessing this is all a smoke screen to shift blame to China as all the security experts are now pinning Stuxnet as originated from Israel/US.

I wonder if they'll blame China for the failure of Commonwealth Games next. I was watching a round table news show over the weekend and one of the journalists put out there that China created this and infected Iran so eveyone can blame the US and Israel.

China hitting India via Net worm?
Sachin Parashar, TNN, Oct 11, 2010, 12.40am IST
NEW DELHI: The deadly Stuxnet internet worm, which was thought to be targeting Iran's nuclear programme, might actually have been aimed at India by none other than China.

Providing a fresh twist in the tale, well-known American cyber warfare expert Jeffrey Carr, who specialises in investigations of cyber attacks against government, told TOI that China, more than any other country, was likely to have written the worm which has terrorised the world since June.

While Chinese hackers are known to target Indian government websites, the scale and sophistication of Stuxnet suggests that only a government no less than that of countries like US, Israel or China could have done it. "I think it's more likely that China is behind Stuxnet than any other country," Carr told TOI, adding that he would provide more details at the upcoming NASSCOM DSCI Security Conclave in Chennai in December.

Attributing the partial failure of ISRO's INSAT 4B satellite a few months ago -- the exact reason for which is not yet known -- to Stuxnet, Carr said it was China which gained from the satellite failure.

Carr, however, made it clear that he had not arrived at any definite conclusion till now. He said he was pointing out that there were alternative targets in countries other than Iran that also made sense and served another nation's interest to attack -- namely India's Space Research Organisation which uses the exact Siemens software targeted by Stuxnet.

"Further, the satellite in question (INSAT 4B) suffered the power `glitch' in an unexplained fashion, and it's failure served another state's advantage -- in this case China," he said.

Alongwith Indonesia and Iran, India has had the maximum number of infections from Stuxnet which affects Windows computers and gets transmitted through USB sticks. While Iran and Indonesia had about 60,000 and 13,000 Stuxnet infections respectively till late September, India was at the third position with over 6,000 infections. However, it infects only those computers which use certain Siemens software systems. Siemens software systems are used in many Indian government agencies including ISRO.

As it had impacted Bushehr nuclear power plant in Iran, it was thought that Iran might have been the intended target. Israel, in fact, had emerged as the prime suspect.

According to Carr, the Siemens software in use in ISRO's Liquid Propulsion Systems Centre is S7-400 PLC and SIMATIC WinCC, both of which, he said, would activate the Stuxnet worm. The Stuxnet worm was first discovered in June this year, a month before INSAT 4B was hit by the mysterious power failure.


Read more: China hitting India via Net worm? - The Times of India China hitting India via Net worm? - The Times of India

Judging the cyber war terrorist threat : The New Yorker


The Online Threat
Should we be worried about a cyber war?
by Seymour M. Hersh
November 1, 2010 Text Size:Small TextMedium TextLarge TextPrint E-Mail Feeds

Some experts say that the real danger lies in confusing cyber espionage with cyber war.

KeywordsCyber Espionage;Cyber War;Internet;Technology;China, Chinese;Foreign Policy;National Security Agency (N.S.A.)On April 1, 2001, an American EP-3E Aries II reconnaissance plane on an eavesdropping mission collided with a Chinese interceptor jet over the South China Sea, triggering the first international crisis of George W. Bush’s Administration. The Chinese jet crashed, and its pilot was killed, but the pilot of the American aircraft, Navy Lieutenant Shane Osborn, managed to make an emergency landing at a Chinese F-8 fighter base on Hainan Island, fifteen miles from the mainland. Osborn later published a memoir, in which he described the “incessant jackhammer vibration” as the plane fell eight thousand feet in thirty seconds, before he regained control.

The plane carried twenty-four officers and enlisted men and women attached to the Naval Security Group Command, a field component of the National Security Agency. They were repatriated after eleven days; the plane stayed behind. The Pentagon told the press that the crew had followed its protocol, which called for the use of a fire axe, and even hot coffee, to disable the plane’s equipment and software. These included an operating system created and controlled by the N.S.A., and the drivers needed to monitor encrypted Chinese radar, voice, and electronic communications. It was more than two years before the Navy acknowledged that things had not gone so well. “Compromise by the People’s Republic of China of undestroyed classified material . . . is highly probable and cannot be ruled out,” a Navy report issued in September, 2003, said.

The loss was even more devastating than the 2003 report suggested, and its dimensions have still not been fully revealed. Retired Rear Admiral Eric McVadon, who flew patrols off the coast of Russia and served as a defense attaché in Beijing, told me that the radio reports from the aircraft indicated that essential electronic gear had been dealt with. He said that the crew of the EP-3E managed to erase the hard drive—“zeroed it out”—but did not destroy the hardware, which left data retrievable: “No one took a hammer.” Worse, the electronics had recently been upgraded. “Some might think it would not turn out as badly as it did, but I sat in some meetings about the intelligence cost,” McVadon said. “It was grim.”

The Navy’s experts didn’t believe that China was capable of reverse-engineering the plane’s N.S.A.-supplied operating system, estimated at between thirty and fifty million lines of computer code, according to a former senior intelligence official. Mastering it would give China a road map for decrypting the Navy’s classified intelligence and operational data. “If the operating system was controlling what you’d expect on an intelligence aircraft, it would have a bunch of drivers to capture radar and telemetry,” Whitfield Diffie, a pioneer in the field of encryption, said. “The plane was configured for what it wants to snoop, and the Chinese would want to know what we wanted to know about them—what we could intercept and they could not.” And over the next few years the U.S. intelligence community began to “read the tells” that China had access to sensitive traffic.

The U.S. realized the extent of its exposure only in late 2008. A few weeks after Barack Obama’s election, the Chinese began flooding a group of communications links known to be monitored by the N.S.A. with a barrage of intercepts, two Bush Administration national-security officials and the former senior intelligence official told me. The intercepts included details of planned American naval movements. The Chinese were apparently showing the U.S. their hand. (“The N.S.A. would ask, ‘Can the Chinese be that good?’ ” the former official told me. “My response was that they only invented gunpowder in the tenth century and built the bomb in 1965. I’d say, ‘Can you read Chinese?’ We don’t even know the Chinese pictograph for ‘Happy hour.’ ”)

Why would the Chinese reveal that they had access to American communications? One of the Bush national-security officials told me that some of the aides then working for Vice-President Dick Cheney believed—or wanted to believe—that the barrage was meant as a welcome to President Obama. It is also possible that the Chinese simply made a mistake, given the difficulty of operating surgically in the cyber world.

Admiral Timothy J. Keating, who was then the head of the Pacific Command, convened a series of frantic meetings in Hawaii, according to a former C.I.A. official. In early 2009, Keating brought the issue to the new Obama Administration. If China had reverse-engineered the EP-3E’s operating system, all such systems in the Navy would have to be replaced, at a cost of hundreds of millions of dollars. After much discussion, several current and former officials said, this was done. (The Navy did not respond to a request for comment on the incident.)

Admiral McVadon said that the loss prompted some black humor, with one Navy program officer quoted as saying, “This is one hell of a way to go about getting a new operating system.”

The EP-3E debacle fuelled a longstanding debate within the military and in the Obama Administration. Many military leaders view the Chinese penetration as a warning about present and future vulnerabilities—about the possibility that China, or some other nation, could use its expanding cyber skills to attack America’s civilian infrastructure and military complex. On the other side are those who argue for a civilian response to the threat, focussed on a wider use of encryption. They fear that an overreliance on the military will have adverse consequences for privacy and civil liberties.

In May, after years of planning, the U.S. Cyber Command was officially activated, and took operational control of disparate cyber-security and attack units that had been scattered among the four military services. Its commander, Army General Keith Alexander, a career intelligence officer, has made it clear that he wants more access to e-mail, social networks, and the Internet to protect America and fight in what he sees as a new warfare domain—cyberspace. In the next few months, President Obama, who has publicly pledged that his Administration will protect openness and privacy on the Internet, will have to make choices that will have enormous consequences for the future of an ever-growing maze of new communication techniques: Will America’s networks be entrusted to civilians or to the military? Will cyber security be treated as a kind of war?

Even as the full story of China’s EP-3E coup remained hidden, “cyber war” was emerging as one of the nation’s most widely publicized national-security concerns. Early this year, Richard Clarke, a former White House national-security aide who warned about the threat from Al Qaeda before the September 11th attacks, published “Cyber War,” an edgy account of America’s vulnerability to hackers, both state-sponsored and individual, especially from China. “Since the late 1990s, China has systematically done all the things a nation would do if it contemplated having an offensive cyber war capability,” Clarke wrote. He forecast a world in which China might unleash havoc:



Within a quarter of an hour, 157 major metropolitan areas have been thrown into knots by a nationwide power blackout hitting during rush hour. Poison gas clouds are wafting toward Wilmington and Houston. Refineries are burning up oil supplies in several cities. Subways have crashed in New York, Oakland, Washington, and Los Angeles. . . . Aircraft are literally falling out of the sky as a result of midair collisions across the country. . . . Several thousand Americans have already died.


Retired Vice-Admiral J. Michael McConnell, Bush’s second director of National Intelligence, has issued similar warnings. “The United States is fighting a cyber war today, and we are losing,” McConnell wrote earlier this year in the Washington Post. “Our cyber-defenses are woefully lacking.” In February, in testimony before the Senate Commerce, Science, and Transportation Committee, he said, “As a consequence of not mitigating the risk, we’re going to have a catastrophic event.”

A great deal of money is at stake. Cyber security is a major growth industry, and warnings from Clarke, McConnell, and others have helped to create what has become a military-cyber complex. The federal government currently spends between six and seven billion dollars annually for unclassified cyber-security work, and, it is estimated, an equal amount on the classified portion. In July, the Washington Post published a critical assessment of the unchecked growth of government intelligence agencies and private contractors. Benjamin Powell, who served as general counsel for three directors of the Office of National Intelligence, was quoted as saying of the cyber-security sector, “Sometimes there was an unfortunate attitude of bring your knives, your guns, your fists, and be fully prepared to defend your turf. . . . Because it’s funded, it’s hot and it’s sexy.”

Clarke is the chairman of Good Harbor Consulting, a strategic-planning firm that advises governments and companies on cyber security and other issues. (He says that more than ninety per cent of his company’s revenue comes from non-cyber-related work.) McConnell is now an executive vice-president of Booz Allen Hamilton, a major defense contractor. Two months after McConnell testified before the Senate, Booz Allen Hamilton landed a thirty-four-million-dollar cyber contract. It included fourteen million dollars to build a bunker for the Pentagon’s new Cyber Command.

American intelligence and security officials for the most part agree that the Chinese military, or, for that matter, an independent hacker, is theoretically capable of creating a degree of chaos inside America. But I was told by military, technical, and intelligence experts that these fears have been exaggerated, and are based on a fundamental confusion between cyber espionage and cyber war. Cyber espionage is the science of covertly capturing e-mail traffic, text messages, other electronic communications, and corporate data for the purpose of gathering national-security or commercial intelligence. Cyber war involves the penetration of foreign networks for the purpose of disrupting or dismantling those networks, and making them inoperable. (Some of those I spoke to made the point that China had demonstrated its mastery of cyber espionage in the EP-3E incident, but it did not make overt use of it to wage cyber war.) Blurring the distinction between cyber war and cyber espionage has been profitable for defense contractors—and dispiriting for privacy advocates.

Clarke’s book, with its alarming vignettes, was praised by many reviewers. But it received much harsher treatment from writers in the technical press, who pointed out factual errors and faulty assumptions. For example, Clarke attributed a severe power outage in Brazil to a hacker; the evidence pointed to sooty insulators.

The most common cyber-war scare scenarios involve America’s electrical grid. Even the most vigorous privacy advocate would not dispute the need to improve the safety of the power infrastructure, but there is no documented case of an electrical shutdown forced by a cyber attack. And the cartoonish view that a hacker pressing a button could cause the lights to go out across the country is simply wrong. There is no national power grid in the United States. There are more than a hundred publicly and privately owned power companies that operate their own lines, with separate computer systems and separate security arrangements. The companies have formed many regional grids, which means that an electrical supplier that found itself under cyber attack would be able to avail itself of power from nearby systems. Decentralization, which alarms security experts like Clarke and many in the military, can also protect networks.

In July, there were reports that a computer worm, known as Stuxnet, had infected thousands of computers worldwide. Victims, most of whom were unharmed, were able to overcome the attacks, although it sometimes took hours or days to even notice them. Some of the computers were inside the Bushehr nuclear-energy plant, in Iran, and this led to speculation that Israel or the United States might have developed the virus. A Pentagon adviser on information warfare told me that it could have been an attempted “semantic attack,” in which the virus or worm is designed to fool its victim into thinking that its computer systems are functioning properly, when in fact they are not, and may not have been for some time. (This month, Microsoft, whose Windows operating systems were the main target of Stuxnet, completed a lengthy security fix, or patch.)

If Stuxnet was aimed specifically at Bushehr, it exhibited one of the weaknesses of cyber attacks: they are difficult to target and also to contain. India and China were both hit harder than Iran, and the virus could easily have spread in a different direction, and hit Israel itself. Again, the very openness of the Internet serves as a deterrent against the use of cyber weapons.

Bruce Schneier, a computer scientist who publishes a widely read blog on cyber security, told me that he didn’t know whether Stuxnet posed a new threat. “There’s certainly no actual evidence that the worm is targeted against Iran or anybody,” he said in an e-mail. “On the other hand, it’s very well designed and well written.” The real hazard of Stuxnet, he added, might be that it was “great for those who want to believe cyber war is here. It is going to be harder than ever to hold off the military.”

A defense contractor who is regarded as one of America’s most knowledgeable experts on Chinese military and cyber capabilities took exception to the phrase “cyber war.” “Yes, the Chinese would love to stick it to us,” the contractor told me. “They would love to transfer economic and business innovation from West to East. But cyber espionage is not cyber war.” He added, “People have been sloppy in their language. McConnell and Clarke have been pushing cyber war, but their evidentiary basis is weak.”

James Lewis, a senior fellow at the Center for Strategic and International Studies, who worked for the Departments of State and Commerce in the Clinton Administration, has written extensively on the huge economic costs due to cyber espionage from China and other countries, like Russia, whose hackers are closely linked to organized crime. Lewis, too, made a distinction between this and cyber war: “Current Chinese officials have told me that we’re not going to attack Wall Street, because we basically own it”—a reference to China’s holdings of nearly a trillion dollars in American securities—“and a cyber-war attack would do as much economic harm to us as to you.”

Nonetheless, China “is in full economic attack” inside the United States, Lewis says. “Some of it is economic espionage that we know and understand. Some of it is like the Wild West. Everybody is pirating from everybody else. The U.S.’s problem is what to do about it. I believe we have to begin by thinking about it”—the Chinese cyber threat—“as a trade issue that we have not dealt with.”

The bureaucratic battle between the military and civilian agencies over cyber security—and the budget that comes with it—has made threat assessments more problematic. General Alexander, the head of Cyber Command, is also the director of the N.S.A., a double role that has caused some apprehension, particularly on the part of privacy advocates and civil libertarians. (The N.S.A. is formally part of the Department of Defense.) One of Alexander’s first goals was to make sure that the military would take the lead role in cyber security and in determining the future shape of computer networks. (A Department of Defense spokesman, in response to a request to comment on this story, said that the department “continues to adhere to all laws, policies, directives, or regulations regarding cyberspace. The Department of Defense maintains strong commitments to protecting civil liberties and privacy.”)

The Department of Homeland Security has nominal responsibility for the safety of America’s civilian and private infrastructure, but the military leadership believes that the D.H.S. does not have the resources to protect the electrical grids and other networks. (The department intends to hire a thousand more cyber-security staff members over the next three years.) This dispute became public when, in March, 2009, Rodney Beckstrom, the director of the D.H.S.’s National Cybersecurity Center, abruptly resigned. In a letter to Secretary Janet Napolitano, Beckstrom warned that the N.S.A. was effectively controlling her department’s cyber operations: “While acknowledging the critical importance of N.S.A. to our intelligence efforts . . . the threats to our democratic processes are significant if all top level government network security and monitoring are handled by any one organization.” Beckstrom added that he had argued for civilian control of cyber security, “which interfaces with, but is not controlled by, the N.S.A.”

General Alexander has done little to reassure critics about the N.S.A.’s growing role. In the public portion of his confirmation hearing, in April, before the Senate Armed Services Committee, he complained of a “mismatch between our technical capabilities to conduct operations and the governing laws and policies.”

Alexander later addressed a controversial area: when to use conventional armed forces to respond to, or even preëmpt, a network attack. He told the senators that one problem for Cyber Command would be to formulate a response based on nothing more than a rough judgment about a hacker’s intent. “What’s his game plan? Does he have one?” he said. “These are tough issues, especially when attribution and neutrality are brought in, and when trying to figure out what’s come in.” At this point, he said, he did not have “the authority . . . to reach out into a neutral country and do an attack. And therein lies the complication. . . . What do you do to take that second step?”

Making the same argument, William J. Lynn III, the Deputy Secretary of Defense, published an essay this fall in Foreign Affairs in which he wrote of applying the N.S.A.’s “defense capabilities beyond the ‘.gov’ domain,” and asserted, “As a doctrinal matter, the Pentagon has formally recognized cyberspace as a new domain of warfare.” This definition raises questions about where the battlefield begins and where it ends. If the military is operating in “cyberspace,” does that include civilian computers in American homes?

Lynn also alluded to a previously classified incident, in 2008, in which some N.S.A. unit commanders, facing penetration of their bases’ secure networks, concluded that the break-in was caused by a disabling thumb drive; Lynn said that it had been corrupted by “a foreign intelligence agency.” (According to press reports, the program was just as likely to be the product of hackers as that of a government.) Lynn termed it a “wakeup call” and a “turning point in U.S. cyber defense strategy.” He compared the present moment to the day in 1939 when President Franklin D. Roosevelt got a letter from Albert Einstein about the possibility of atomic warfare.

But Lynn didn’t mention one key element in the commanders’ response: they ordered all ports on the computers on their bases to be sealed with liquid cement. Such a demand would be a tough sell in the civilian realm. (And a Pentagon adviser suggested that many military computer operators had simply ignored the order.)

A senior official in the Department of Homeland Security told me, “Every time the N.S.A. gets involved in domestic security, there’s a hue and cry from people in the privacy world.” He said, though, that coöperation between the military and civilians had increased. (The Department of Homeland Security recently signed a memorandum with the Pentagon that gives the military authority to operate inside the United States in case of cyber attack.) “We need the N.S.A., but the question we have is how to work with them and still say and demonstrate that we are in charge in the areas for which we are responsible.”

This official, like many I spoke to, portrayed the talk about cyber war as a bureaucratic effort “to raise the alarm” and garner support for an increased Defense Department role in the protection of private infrastructure. He said, “You hear about cyber war all over town. This”—he mentioned statements by Clarke and others—“is being done to mobilize a political effort. We always turn to war analogies to mobilize the people.”

In theory, the fight over whether the Pentagon or civilian agencies should be in charge of cyber security should be mediated by President Obama’s coördinator for cyber security, Howard Schmidt—the cyber czar. But Schmidt has done little to assert his authority. He has no independent budget control and in a crisis would be at the mercy of those with more assets, such as General Alexander. He was not the Administration’s first choice for the cyber-czar job—reportedly, several people turned it down. The Pentagon adviser on information warfare, in an e-mail that described the lack of an over-all policy and the “cyber-pillage” of intellectual property, added the sort of dismissive comment that I heard from others: “It’s ironic that all this goes on under the nose of our first cyber President. . . . Maybe he should have picked a cyber czar with more than a mail-order degree.” (Schmidt’s bachelor’s and master’s degrees are from the University of Phoenix.)

Howard Schmidt doesn’t like the term “cyber war.” “The key point is that cyber war benefits no one,” Schmidt told me in an interview at the Old Executive Office Building. “We need to focus on that fact. When people tell me that these guys or this government is going to take down the U.S. military with information warfare I say that, if you look at the history of conflicts, there’s always been the goal of intercepting the communications of combatants—whether it’s cutting down telephone poles or intercepting Morse-code signalling. We have people now who have found that warning about ‘cyber war’ has become an unlikely career path”—an obvious reference to McConnell and Clarke. “All of a sudden, they have become experts, and they get a lot of attention. ‘War’ is a big word, and the media is responsible for pushing this, too. Economic espionage on the Internet has been mischaracterized by people as cyber war.”

Schmidt served in Vietnam, worked as a police officer for several years on a SWAT team in Arizona, and then specialized in computer-related crimes at the F.B.I. and in the Air Force’s investigative division. In 1997, he joined Microsoft, where he became chief of security, leaving after the 9/11 attacks to serve in the Bush Administration as a special adviser for cyber security. When Obama hired him, he was working as the head of security for eBay. When I asked him about the ongoing military-civilian dispute, Schmidt said, “The middle way is not to give too much authority to one group or another and to make sure that we share information with each other.”

Schmidt continued, “We have to protect our infrastructure and our way of life, for sure. We do have vulnerabilities, and we do talk about worst-case scenarios” with the Pentagon and the Department of Homeland Security. “You don’t see a looming war and just wait for it to come.” But, at the same time, “we have to keep our shipping lanes open, to continue to do commerce, and to freely use the Internet.”

How should the power grid be protected? It does remain far too easy for a sophisticated hacker to break into American networks. In 2008, the computers of both the Obama and the McCain campaigns were hacked. Suspicion fell on Chinese hackers. People routinely open e-mails with infected attachments, allowing hackers to “enslave” their computers. Such machines, known as zombies, can be linked to create a “botnet,” which can flood and effectively shut down a major system. Hackers are also capable of penetrating a major server, like Gmail. Guesses about the cost of cyber crime vary widely, but one survey, cited by President Obama in a speech in May, 2009, put the price at more than eight billion dollars in 2007 and 2008 combined. Obama added, referring to corporate cyber espionage, “It’s been estimated that last year alone cyber criminals stole intellectual property from businesses worldwide worth up to one trillion dollars.”

One solution is mandated encryption: the government would compel both corporations and individuals to install the most up-to-date protection tools. This option, in some form, has broad support in the technology community and among privacy advocates. In contrast, military and intelligence eavesdroppers have resisted nationwide encryption since 1976, when the Diffie-Hellman key exchange (an encryption tool co-developed by Whitfield Diffie) was invented, for the most obvious of reasons: it would hinder their ability to intercept signals. In this sense, the N.S.A.’s interests align with those of the hackers.

John Arquilla, who has taught since 1993 at the U.S. Naval Postgraduate School in Monterey, California, writes in his book “Worst Enemies,” “We would all be far better off if virtually all civil, commercial, governmental, and military internet and web traffic were strongly encrypted.” Instead, many of those charged with security have adopted the view that “cyberspace can be defended with virtual fortifications—basically the ‘firewalls’ that everyone knows about. . . . A kind of Maginot Line mentality prevails.”

Arquilla added that America’s intelligence agencies and law-enforcement officials have consistently resisted encryption because of fears that a serious, widespread effort to secure data would interfere with their ability to electronically monitor and track would-be criminals or international terrorists. This hasn’t stopped sophisticated wrongdoers from, say, hiring hackers or encrypting files; it just leaves the public exposed, Arquilla writes. “Today drug lords still enjoy secure internet and web communications, as do many in terror networks, while most Americans don’t.”

Schmidt told me that he supports mandated encryption for the nation’s power and electrical infrastructure, though not beyond that. But, early last year, President Obama declined to support such a mandate, in part, Schmidt said, because of the costs it would entail for corporations. In addition to the setup expenses, sophisticated encryption systems involve a reliance on security cards and on constantly changing passwords, along with increased demands on employees and a ceding of control by executives to their security teams.

General Alexander, meanwhile, has continued to press for more authority, and even for a separate Internet domain—another Maginot Line, perhaps. One morning in September, he told a group of journalists that the Cyber Command needed what he called “a secure zone,” a separate space within the Internet to shelter the military and essential industries from cyber attacks. The secure zone would be kept under tight government control. He also assured the journalists, according to the Times, that “we can protect civil liberties, privacy, and still do our mission.” The General was more skeptical about his ability to please privacy advocates when he testified, a few hours later, before the House Armed Services Committee: “A lot of people bring up privacy and civil liberties. And then you say, ‘Well, what specifically are you concerned about?’ And they say, ‘Well, privacy and civil liberties.’ . . . Are you concerned that the anti-virus program that McAfee runs invades your privacy or civil liberties?’ And the answer is ‘No, no, no—but I’m worried that you would.’ ”

This summer, the Wall Street Journal reported that the N.S.A. had begun financing a secret surveillance program called Perfect Citizen to monitor attempted intrusions into the computer networks of private power companies. The program calls for the installation of government sensors in those networks to watch for unusual activity. The Journal noted that some companies expressed concerns about privacy, and said that what they needed instead was better guidance on what to do in case of a major cyber attack. The N.S.A. issued a rare public response, insisting that there was no “monitoring activity” involved: “We strictly adhere to both the spirit and the letter of U.S. laws and regulations.”

A former N.S.A. operative I spoke to said, of Perfect Citizen, “This would put the N.S.A. into the job of being able to watch over our national communications grid. If it was all dot-gov, I would have no problem with the sensors, but what if the private companies rely on Gmail or att.net to communicate? This could put the N.S.A. into every service provider in the country.”

The N.S.A. has its own hackers. Many of them are based at a secret annex near Thurgood Marshall International Airport, outside Baltimore. (The airport used to be called Friendship Airport, and the annex is known to insiders as the FANX, for “Friendship annex.”) There teams of attackers seek to penetrate the communications of both friendly and unfriendly governments, and teams of defenders monitor penetrations and attempted penetrations of U.S. systems. The former N.S.A. operative, who served as a senior watch officer at a major covert installation, told me that the N.S.A. obtained invaluable on-the-job training in cyber espionage during the attack on Iraq in 1991. Its techniques were perfected during the struggle in Kosovo in 1999 and, later, against Al Qaeda in Iraq. “Whatever the Chinese can do to us, we can do better,” the technician said. “Our offensive cyber capabilities are far more advanced.”

Nonetheless, Marc Rotenberg, the president of the Electronic Privacy Information Center and a leading privacy advocate, argues that the N.S.A. is simply not competent enough to take a leadership role in cyber security. “Let’s put the issue of privacy of communications aside,” Rotenberg, a former Senate aide who has testified often before Congress on encryption policy and consumer protection, said. “The question is: Do you want an agency that spies with mixed success to be responsible for securing the nation’s security? If you do, that’s crazy.”

Nearly two decades ago, the Clinton Administration, under pressure from the N.S.A., said that it would permit encryption-equipped computers to be exported only if their American manufacturers agreed to install a government-approved chip, known as the Clipper Chip, in each one. It was subsequently revealed that the Clipper Chip would enable law-enforcement officials to have access to data in the computers. The ensuing privacy row embarrassed Clinton, and the encryption-equipped computers were permitted to be exported without the chip, in what amounted to a rebuke to the N.S.A.

That history may be repeating itself. The Obama Administration is now planning to seek broad new legislation that would enable national-security and law-enforcement officials to police online communications. The legislation, similar to that sought two decades ago in the Clipper Chip debate, would require manufacturers of equipment such as the BlackBerry, and all domestic and foreign purveyors of communications, such as Skype, to develop technology that would allow the federal government to intercept and decode traffic.

“The lesson of Clipper is that the N.S.A. is really not good at what it does, and its desire to eavesdrop overwhelms its ability to protect, and puts at risk U.S. security,” Rotenberg said. “The N.S.A. wants security, sure, but it also wants to get to capture as much as it can. Its view is you can get great security as long as you listen in.” Rotenberg added, “General Alexander is not interested in communication privacy. He’s not pushing for encryption. He wants to learn more about people who are on the Internet”—to get access to the original internal protocol, or I.P., addresses identifying the computers sending e-mail messages. “Alexander wants user I.D. He wants to know who you are talking to.”

Rotenberg concedes that the government has a role to play in the cyber world. “We privacy guys want strong encryption for the security of America’s infrastructure,” he said. He also supports Howard Schmidt in his willingness to mandate encryption for the few industries whose disruption could lead to chaos. “Howard is trying to provide a reasoned debate on an important issue.”

Whitfield Diffie, the encryption pioneer, offered a different note of skepticism in an e-mail to me: “It would be easy to write a rule mandating encryption but hard to do it in such a way as to get good results. To make encryption effective, someone has to manage and maintain the systems (the way N.S.A. does for D.O.D. and, to a lesser extent, other parts of government). I think that what is needed is more by way of standards, guidance, etc., that would make it easier for industry to implement encryption without making more trouble for itself than it saves.”

More broadly, Diffie wrote, “I am not convinced that lack of encryption is the primary problem. The problem with the Internet is that it is meant for communications among non-friends.”

What about China? Does it pose such a threat that, on its own, it justifies putting cyber security on a war footing? The U.S. has long viewed China as a strategic military threat, and as a potential adversary in the sixty-year dispute over Taiwan. Contingency plans dating back to the Cold War include calls for an American military response, led by a Navy carrier group, if a Chinese fleet sails into the Taiwan Strait. “They’ll want to stop our carriers from coming, and they will throw whatever they have in cyber war—everything but the kitchen sink—to blind us, or slow our fleet down,” Admiral McVadon, the retired defense attaché, said. “Our fear is that the Chinese may think that cyber war will work, but it may not. And that’s a danger because it”—a test of cyber warfare—“could lead to a bigger war.”

However, the prospect of a naval battle for Taiwan and its escalation into a cyber attack on America’s domestic infrastructure is remote. Jonathan Pollack, an expert on the Chinese military who teaches at the Naval War College in Newport, Rhode Island, said, “The fact is that the Chinese are remarkably risk-averse.” He went on, “Yes, there have been dustups, and the United States collects intelligence around China’s border, but there is an accommodation process under way today between China and Taiwan.” In June, Taiwan approved a trade agreement with China that had, as its ultimate goal, a political rapprochement. “The movement there is palpable, and, given that, somebody’s got to tell me how we are going to find ourselves in a war with China,” Pollack said.

Many long-standing allies of the United States have been deeply engaged in cyber espionage for decades. A retired four-star Navy admiral, who spent much of his career in signals intelligence, said that Russia, France, Israel, and Taiwan conduct the most cyber espionage against the U.S. “I’ve looked at the extraordinary amount of Russian and Chinese cyber activity,” he told me, “and I am hard put to it to sort out how much is planning for warfare and how much is for economic purposes.”

The admiral said that the U.S. Navy, worried about budget cuts, “needs an enemy, and it’s settled on China,” and that “using what your enemy is building to justify your budget is not a new game.”

There is surprising unanimity among cyber-security experts on one issue: that the immediate cyber threat does not come from traditional terrorist groups like Al Qaeda, at least, not for the moment. “Terrorist groups are not particularly good now in attacking our computer system,” John Arquilla told me. “They’re not that interested in it—yet. The question is: Do vulnerabilities exist inside America? And, if they do, the terrorists eventually will exploit them.” Arquilla added a disturbing thought: “The terrorists of today rely on cyberspace, and they have to be good at cyber security to protect their operations.” As terrorist groups get better at defense, they may eventually turn to offense.

Jeffrey Carr, a Seattle-based consultant on cyber issues, looked into state and non-state cyber espionage throughout the recent conflicts in Estonia and Georgia. Carr, too, said he was skeptical that China or Russia would mount a cyber-war attack against the United States. “It’s not in their interest to hurt the country that is feeding them money,” he said. “On the other hand, it does make sense for lawless groups.” He envisaged “five- or six-year-old kids in the Middle East who are working on the Internet,” and who would “become radicalized fifteen- or sixteen-year-old hackers.” Carr is an advocate of making all Internet service providers require their customers to use verifiable registration information, as a means of helping authorities reduce cyber espionage.

Earlier this year, Carr published “Inside Cyber Warfare,” an account, in part, of his research into cyber activity around the world. But he added, “I hate the term ‘cyber war.’ ” Asked why he used “cyber warfare” in the title of his book, he responded, “I don’t like hype, but hype sells.”

Why not ignore the privacy community and put cyber security on a war footing? Granting the military more access to private Internet communications, and to the Internet itself, may seem prudent to many in these days of international terrorism and growing American tensions with the Muslim world. But there are always unintended consequences of military activity—some that may take years to unravel. Ironically, the story of the EP-3E aircraft that was downed off the coast of China provides an example. The account, as relayed to me by a fully informed retired American diplomat, begins with the contested Presidential election between Vice-President Al Gore and George W. Bush the previous November. That fall, a routine military review concluded that certain reconnaissance flights off the eastern coast of the former Soviet Union—daily Air Force and Navy sorties flying out of bases in the Aleutian Islands—were redundant, and recommended that they be cut back.

“Finally, on the eve of the 2000 election, the flights were released,” the former diplomat related. “But there was nobody around with any authority to make changes, and everyone was looking for a job.” The reality is that no military commander would unilaterally give up any mission. “So the system defaulted to the next target, which was China, and the surveillance flights there went from one every two weeks or so to something like one a day,” the former diplomat continued. By early December, “the Chinese were acting aggressively toward our now increased reconnaissance flights, and we complained to our military about their complaints. But there was no one with political authority in Washington to respond, or explain.” The Chinese would not have been told that the increase in American reconnaissance had little to do with anything other than the fact that inertia was driving day-to-day policy. There was no leadership in the Defense Department, as both Democrats and Republicans waited for the Supreme Court to decide the fate of the Presidency.

The predictable result was an increase in provocative behavior by Chinese fighter pilots who were assigned to monitor and shadow the reconnaissance flights. This evolved into a pattern of harassment in which a Chinese jet would maneuver a few dozen yards in front of the slow, plodding EP-3E, and suddenly blast on its afterburners, soaring away and leaving behind a shock wave that severely rocked the American aircraft. On April 1, 2001, the Chinese pilot miscalculated the distance between his plane and the American aircraft. It was a mistake with consequences for the American debate on cyber security that have yet to be fully reckoned. ♦

Interesting article on the Stuxnet worm. Posted by Palembang on CMF.

How the

Computer expert says US behind Stuxnet worm
2:30 PM Friday Mar 4, 2011
By Glenn Chapman (AFP)

LONG BEACH, California — A German computer security expert said Thursday he believes the United States and Israel's Mossad unleashed the malicious Stuxnet worm on Iran's nuclear program.

"My opinion is that the Mossad is involved," Ralph Langner said while discussing his in-depth Stuxnet analysis at a prestigious TED conference in the Southern California city of Long Beach.

"But, the leading source is not Israel... There is only one leading source, and that is the United States."

There has been widespread speculation Israel was behind the Stuxnet worm that has attacked computers in Iran, and Tehran has blamed the Jewish state and the United States for the killing of two nuclear scientists in November and January.

"The idea behind Stuxnet computer worm is really quite simple," Langner said. "We don't want Iran to get the bomb."

The malicious code was crafted to stealthily take control of valves and rotors at an Iranian nuclear plant, according to Langner.

"It was engineered by people who obviously had inside information," he explained. "They probably also knew the shoe size of the operator."

Stuxnet targets computer control systems made by German industrial giant Siemens and commonly used to manage water supplies, oil rigs, power plants and other critical infrastructure.

"The idea here is to circumvent digital data systems, so the human operator could not get there fast enough," Langner said.

"When digital safety systems are compromised, really bad things can happen -- your plant can blow up.

Most Stuxnet infections have been discovered in Iran, giving rise to speculation it was intended to sabotage nuclear facilities there. The worm was crafted to recognize the system it was to attack.

The New York Times reported in January that US and Israeli intelligence services collaborated to develop the computer worm to sabotage Iran's efforts to make a nuclear bomb.

Russia called on NATO in January to launch an investigation into the computer worm that targeted a Russian-built Iranian nuclear power plant, saying the incident could have triggered a new Chernobyl.

Russia's envoy to NATO in January said Stuxnet caused centrifuges producing enriched uranium at the Bushehr plant to spin out of control, which could have sparked a new "Chernobyl tragedy," the 1986 nuclear meltdown in Ukraine.

"The operators saw on their screens that the centrifuges were working normally when in fact they were out of control," Dmitry Rogozin told reporters after meeting with ambassadors from the 28-nation Western alliance.

Russia is helping Iran build a nuclear power plant in the southern city of Bushehr for civilian use.

Langner said the Stuxnet code was designed to trick human operators by showing them recorded readings indicating machinery is running normally while behind the scenes they are heading for destruction.

"It's definitely hard-core sabotage," Langner said of Stuxnet. "It's like in the movies where during a heist the security camera is running pre-recorded video showing nothing is wrong."

Iran's envoy to the International Atomic Energy Agency has denied that the Stuxnet attack effected the country's nuclear program, including Bushehr.

A terrifying aspect of Stuxnet, according to Langner, is that it is a generic attack that would work well in factories, power plants, or other operations plentiful in the United States.

"It's a cyber weapon of mass destruction," Langner said. "We'd better start preparing right now."


Computer expert says US behind Stuxnet worm - Yahoo! News

AFP: Computer expert says US behind Stuxnet worm