NY Times: US is easiest country to destroy because its infrastructure is most dependent on computer systems: "No country’s infrastructure is more dependent on computer systems, and thus more vulnerable to attack, than that of the United States."
"Countries hostile to the United States may feel justified in launching their own attacks against US facilities, perhaps even using a modified Stuxnet code."
"Achieving, with computer code, what until then could be accomplished only by bombing a country or sending in agents to plant explosives....“This is the first attack of a major nature in which a cyber attack was used to effect physical destruction,” said former CIA chief Michael V. Hayden....It is only a matter of time, most experts believe, before it [the US] becomes the target of the same kind of weapon that the Americans have used, secretly, against Iran."..."Such an attack could shut down large portions of national power grids or other critical infrastructure using malware designed to target critical components inside a major system, causing a national emergency."
6/1/2012, "Obama Order Sped Up Wave of Cyberattacks Against Iran," NY Times, David E. Sanger ("This article is adapted from “Confront and Conceal: Obama’s Secret Wars and Surprising Use of American Power,” [by NY Times' David E. Sanger] to be published by Crown on Tuesday.")
Mr. Obama decided to accelerate the attacks-begun in the Bush administration and code-named Olympic Games-
because of a programming error that allowed it to escape Iran’s Natanz plant and sent it around the world on the Internet. Computer security experts who began studying the worm, which had been developed by the United States and Israel, gave it a name: Stuxnet.
At a tense meeting in the White House Situation Room within days of the worm’s “escape,” Mr. Obama, Vice President Joseph R. Biden Jr. and the director of the Central Intelligence Agency at the time, Leon E. Panetta, considered whether America’s most ambitious attempt to slow the progress of Iran’s nuclear efforts had been fatally compromised.
“Should we shut this thing down?” Mr. Obama asked, according to members of the president’s national security team who were in the room.
Told it was unclear how much the Iranians knew about the code, and offered evidence that it was still causing havoc, Mr. Obama decided that the cyberattacks should proceed. In the following weeks, the Natanz plant was hit by a newer version of the computer worm, and then another after that. The last of that series of attacks, a few weeks after Stuxnet was detected around the world, temporarily took out nearly 1,000 of the 5,000 centrifuges Iran had spinning at the time to purify uranium.
This account of the American and Israeli effort to undermine the Iranian nuclear program is based on interviews over the past 18 months with current and former American, European and Israeli officials involved in the program, as well as a range of outside experts. None would allow their names to be used because the effort remains highly classified, and parts of it continue to this day.
These officials gave differing assessments of how successful the sabotage program was in slowing Iran’s progress toward developing the ability to build nuclear weapons. Internal Obama administration estimates say the effort was set back by 18 months to two years, but some experts inside and outside the government are more skeptical, noting that Iran’s enrichment levels have steadily recovered, giving the country enough fuel today for five or more weapons, with additional enrichment.
Whether Iran is still trying to design and build a weapon is in dispute. The most recent United States intelligence estimate concludes that Iran suspended major parts of its weaponization effort after 2003, though there is evidence that some remnants of it continue.
Iran initially denied that its enrichment facilities had been hit by Stuxnet, then said it had found the worm and contained it. Last year, the nation announced that it had begun its own military cyberunit, and Brig. Gen. Gholamreza Jalali, the head of Iran’s Passive Defense Organization, said that the Iranian military was prepared “to fight our enemies” in “cyberspace and Internet warfare.” But there has been scant evidence that it has begun to strike back.
The United States government only recently acknowledged developing cyberweapons, and it has never admitted using them. There have been reports of one-time attacks against personal computers used by members of Al Qaeda, and of contemplated attacks against the computers that run air defense systems, including during the NATO-led air attack on Libya last year . But Olympic Games [Stuxnet] was of an entirely different type and sophistication.
It appears to be the first time the United States has repeatedly used cyberweapons to cripple another country’s infrastructure, achieving, with computer code, what until then could be accomplished only by bombing a country or sending in agents to plant explosives. The code itself is 50 times as big as the typical computer worm, Carey Nachenberg, a vice president of Symantec, one of the many groups that have dissected the code, said at a symposium at Stanford University in April. Those forensic investigations into the inner workings of the code, while picking apart how it worked, came to no conclusions about who was responsible.
A similar process is now under way to figure out the origins of another cyberweapon called Flame that was recently discovered to have attacked the computers of Iranian officials, sweeping up information from those machines. But the computer code appears to be at least five years old, and American officials say that it was not part of Olympic Games [Stuxnet]. They have declined to say whether the United States was responsible for the Flame attack.
Mr. Obama, according to participants in the many Situation Room meetings on Olympic Games [Stuxnet], was acutely aware that with every attack he was pushing the United States into new territory, much as his predecessors had with the first use of atomic weapons in the 1940s, of intercontinental missiles in the 1950s and of drones in the past decade. He repeatedly expressed concerns that any American acknowledgment that it was using cyberweapons-even under the most careful and limited circumstances-could enable other countries, terrorists or hackers to justify their own attacks."...
[Ed. note: So now everyone knows. Obama's "concerns" for America's safety somehow vanished by Jan. 2017 when, as he was leaving office, he pardoned his friend General Cartwright for leaking Stuxnet details to the NY Times and lying to the FBI.]
(continuing): "Yet Mr. Obama concluded that when it came to stopping Iran, the United States had no other choice. If Olympic Games [Stuxnet] failed, he told aides, there would be no time for sanctions and diplomacy with Iran to work. Israel could carry out a conventional military attack, prompting a conflict that could spread throughout the region.
The impetus for Olympic Games [Stuxnet] dates from 2006, when President George W. Bush saw few good options in dealing with Iran. At the time, America’s European allies were divided about the cost that imposing sanctions on Iran would have on their own economies. Having falsely accused Saddam Hussein of reconstituting his nuclear program in Iraq, Mr. Bush had little credibility in publicly discussing another nation’s nuclear ambitions. The Iranians seemed to sense his vulnerability, and, frustrated by negotiations, they resumed enriching uranium at an underground site at Natanz, one whose existence had been exposed just three years before....
Hawks in the Bush administration like Vice President Dick Cheney urged Mr. Bush to consider a military strike against the Iranian nuclear facilities before they could produce fuel suitable for a weapon. Several times, the administration reviewed military options and concluded that they would only further inflame a region already at war, and would have uncertain results.
For years the C.I.A. had introduced faulty parts and designs into Iran’s systems--even tinkering with imported power supplies so that they would blow up--but the sabotage had had relatively little effect.
General James E. Cartwright, who had established a small cyberoperation inside the United States Strategic Command, which is responsible for many of America’s nuclear forces, joined intelligence officials in presenting a radical new idea to Mr. Bush and his national security team. It involved a far more sophisticated cyberweapon than the United States had designed before.
The goal was to gain access to the Natanz plant’s industrial computer controls. That required leaping the electronic moat that cut the Natanz plant off from the Internet — called the air gap, because it physically separates the facility from the outside world. The computer code would invade the specialized computers that command the centrifuges.
The first stage in the effort was to develop a bit of computer code called a beacon that could be inserted into the computers, which were made by the German company Siemens and an Iranian manufacturer, to map their operations. The idea was to draw the equivalent of an electrical blueprint of the Natanz plant, to understand how the computers control the giant silvery centrifuges that spin at tremendous speeds. The connections were complex, and unless every circuit was understood, efforts to seize control of the centrifuges could fail....
When Colonel Qaddafi gave up his nuclear weapons program in 2003, he turned over the centrifuges he had bought from the Pakistani nuclear ring, and they were placed in storage at a weapons laboratory in Tennessee. The military and intelligence officials overseeing Olympic Games [Stuxnet] borrowed some for what they termed “destructive testing,” essentially building a virtual replica of Natanz, but spreading the test over several of the Energy Department’s national laboratories to keep even the most trusted nuclear workers from figuring out what was afoot.
Those first small-scale tests were surprisingly successful: the bug invaded the computers, lurking for days or weeks, before sending instructions to speed them up or slow them down so suddenly that their delicate parts, spinning at supersonic speeds, self-destructed. After several false starts, it worked. One day, toward the end of Mr. Bush’s term, the rubble of a centrifuge was spread out on the conference table in the Situation Room, proof of the potential power of a cyberweapon. The worm was declared ready to test against the real target: Iran’s underground enrichment plant.
“Previous cyberattacks had effects limited to other computers,” Michael V. Hayden, the former chief of the C.I.A., said, declining to describe what he knew of these attacks when he was in office. “This is the first attack of a major nature in which a cyberattack was used to effect physical destruction,” rather than just slow another computer, or hack into it to steal data....
In fact, thumb drives turned out to be critical in spreading the first variants of the computer worm; later, more sophisticated methods were developed to deliver the malicious code.
The first attacks were small, and when the centrifuges began spinning out of control in 2008, the Iranians were mystified about the cause, according to intercepts that the United States later picked up. “The thinking was that the Iranians would blame bad parts, or bad engineering, or just incompetence,” one of the architects of the early attack said.
The Iranians were confused partly because no two attacks were exactly alike. Moreover, the code would lurk inside the plant for weeks, recording normal operations; when it attacked, it sent signals to the Natanz control room indicating that everything downstairs was operating normally. “This may have been the most brilliant part of the code,” one American official said....
But by the time Mr. Bush left office, no wholesale destruction had been accomplished. Meeting with Mr. Obama in the White House days before his inauguration, Mr. Bush urged him to preserve two classified programs, Olympic Games [Stuxnet] and the drone program in Pakistan. Mr. Obama took Mr. Bush’s advice.
Mr. Obama came to office with an interest in cyberissues, but he had discussed them during the campaign mostly in terms of threats to personal privacy and the risks to infrastructure like the electrical grid and the air traffic control system. He commissioned a major study on how to improve America’s defenses and announced it with great fanfare in the East Room.
What he did not say then was that he was also learning the arts of cyberwar. The architects of Olympic Games [Stuxnet] would meet him in the Situation Room, often with what they called the “horse blanket,” a giant foldout schematic diagram of Iran’s nuclear production facilities. Mr. Obama authorized the attacks to continue, and every few weeks — certainly after a major attack — he would get updates and authorize the next step. Sometimes it was a strike riskier and bolder than what had been tried previously.
“From his first days in office, he was deep into every step in slowing the Iranian program..."...a senior administration official said....
But the good luck did not last. In the summer of 2010, shortly after a new variant of the worm had been sent into Natanz, it became clear that the worm, which was never supposed to leave the Natanz machines, had broken free, like a zoo animal that found the keys to the cage. It fell to Mr. Panetta and two other crucial players in Olympic Games-General Cartwright, the vice chairman of the Joint Chiefs of Staff, and Michael J. Morell, the deputy director of the C.I.A.-to break the news to Mr. Obama and Mr. Biden.
An error in the code, they said, had led it to spread to an engineer’s computer when it was hooked up to the centrifuges.
When the engineer left Natanz and connected the computer to the Internet, the American- and Israeli-made bug failed to recognize that its environment had changed. It began replicating itself all around the world. Suddenly, the code was exposed, though its intent would not be clear, at least to ordinary computer users.
“We think there was a modification done by the Israelis,” one of the briefers told the president, “and we don’t know if we were part of that activity.”
Mr. Obama, according to officials in the room, asked a series of questions, fearful that the code could do damage outside the plant.
The answers came back in hedged terms. Mr. Biden fumed. “It’s got to be the Israelis,” he said. “They went too far.”
In fact, both the Israelis and the Americans had been aiming for a particular part of the centrifuge plant, a critical area whose loss, they had concluded, would set the Iranians back considerably.
It is unclear who introduced the programming error.
The question facing Mr. Obama was whether the rest of Olympic Games [Stuxnet] was in jeopardy, now that a variant of the bug was replicating itself “in the wild,” where computer security experts can dissect it and figure out its purpose.
“I don’t think we have enough information,” Mr. Obama told the group that day, according to the officials.
They were his best hope of disrupting the Iranian nuclear program unless economic sanctions began to bite harder and reduced Iran’s oil revenues.
Within a week, another version of the bug brought down just under 1,000 centrifuges. Olympic Games [Stuxnet] was still on.
American cyberattacks are not limited to Iran, but the focus of attention, as one administration official put it, “has been overwhelmingly on one country.” There is no reason to believe that will remain the case for long. Some officials question why the same techniques have not been used more aggressively against North Korea. Others see chances to disrupt Chinese military plans, forces in Syria on the way to suppress the uprising there, and Qaeda operations around the world. “We’ve considered a lot more attacks than we have gone ahead with,” one former intelligence official said.
Mr. Obama has repeatedly told his aides that there are risks to using -and particularly to overusing-the weapon. In fact, no country’s infrastructure is more dependent on computer systems, and thus more vulnerable to attack, than that of the United States.
It is only a matter of time, most experts believe, before it becomes the target of the same kind of weapon that the Americans have used, secretly, against Iran."
"This article is adapted from “Confront and Conceal: Obama’s Secret Wars and Surprising Use of American Power,” [by David E. Sanger of the New York Times] to be published by Crown on Tuesday."
"A version of this article appears in print on June 1, 2012, on Page A1 of the New York edition with the headline: Obama Order Sped Up Wave Of Cyberattacks Against Iran."
Added: 'Obama's General' James Cartwright admits leaking Stuxnet details to NY Times:
10/17/2016, "'Obama's General' Pleads Guilty to Leaking Stuxnet Operation [to David E. Sanger of the NY Times]," Foreign Policy
Added: In Jan. 2017 Obama pardoned his friend General Cartwright who lied to F.B.I. and leaked Stuxnet details to NY Times:
1/17/2017, "Obama Pardons James Cartwright, General Who Lied to F.B.I. in Leak," NY Times
Added: US should expect consequences: Stuxnet variant could attack the US, rendering it unable to protect itself said "little noticed" but "strongly worded" Dec. 2010 report from Congressional Research Service:
12/15/2010, "Stuxnet 'virus' could be altered to attack US facilities, report warns," CSMonitor.com,Mark Clayton
"Stuxnet 'virus,' a cyberweapon aimed at Iran's nuclear facilities, could be redirected to launch a broad attack on US basic services, such as water and power supplies, says a report to Congress."
"Stuxnet, a computer worm that hit and may have severely damaged Iranian nuclear facilities, is the type of cyberweapon that could broadly harm the United States, undermining both society and government ability to defend the nation, says a strongly worded report to Congress.
A successful broad-based attack on the US, using new variants of the Stuxnet weapon, could do enough widespread damage to critical infrastructure – including water, power, transportation, and other services – that it "threatens to cause harm to many activities deemed critical to the basic functioning of modern society," said the little-noticed report issued by the Congressional Research Service (CRS) Dec. 9. ...
Terrorist groups, previously deemed not to have much independent ability to launch damaging cyberattacks, could potentially purchase or even rent a Stuxnet-based variant from organized crime groups to launch an infrastructure attack on the US, the report warns."...
Added: More, US should expect conseqences: "Countries hostile to the United States may feel justified in launching their own attacks against US facilities, perhaps even using a modified Stuxnet code," the Institute for Science and International Security in a Dec. 23, 2011 report:
1/3/2011, "Stuxnet attack on Iran nuclear program came about a year ago, report says," CSMonitor.com, Mark Clayton
"Stuxnet attack could result in harm to US interests in the future.
"Countries hostile to the United States may feel justified in launching their own attacks against US facilities, perhaps even using a modified Stuxnet code," ISIS [Institute for Science and International Security (ISIS), Dec. 23 report, "a little-noticed analysis"] concluded. "Such an attack could shut down large portions of national power grids or other critical infrastructure using malware designed to target critical components inside a major system, causing a national emergency.""
Added: Obama's Stuxnet attack on Iran was equivalent of a military bombing: "If we're going to attack the infrastructure of a foreign nation, let it be a clear military operation." It was also an act of war when NSA technology was used to invade Belgium's telecom from 2010 through 2013 or later, though US "special partner," UK's GCHQ, and not their US Daddy, was credited with carrying out the attack:
2/20/2014, "It's time to break up the NSA," CNN, Bruce Schneier, opinion
"[NSA's] TAO [Tailored Access Operations] and its targeted surveillance mission should be moved under the control of U.S. Cyber Command, and Cyber Command should be completely separated from the NSA. Actively attacking enemy networks is an offensive military operation, and should be part of an offensive military unit.
Whatever rules of engagement Cyber Command operates under should apply equally to active [US] operations such as sabotaging the Natanz nuclear enrichment facility in Iran [Stuxnet] and hacking a Belgian telephone company."...
[Ed. note: Re: "Hacking a Belgian telephone company": NSA technology was used in a massive criminal attack on Belgium's telecom giant by US "special partner," the UK and its spy agency GCHQ. "Technology that had been developed by the NSA" was used in the attack. The invasion continued for several years, from at least 2010 to 2013 or later, had no compelling reason other than general curiosity, and caused millions in damages. To date, neither the UK nor its DADDY, the US, has admitted responsibility. 9/20/2013, "UK hacked Belgium telecom company, documents show-report," Reuters]
(continuing): ""If we're going to attack the infrastructure of a foreign nation, let it be a clear military operation."
"About Bruce Schneier: "I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998. I write books, articles, and academic papers. Currently, I'm the Chief Technology Officer of IBM Resilient, a fellow at Harvard's Berkman Center, and a board member of EFF.""
Added: More on UK and its US Daddy:
In UK's attack on Belgium telecom, "Initially, the NSA was suspected, but the presentation shows that it was a British operation using surveillance technology developed by the NSA."... 9/20/2013, "Britain's GCHQ Hacked Belgian Telco: Report," securityweek.com, Rochford
UK "got away with" the Belgium telecom attack because its equally criminal US Daddy protected them. UK opted to become subservient to the US when for example it secretly accepted $139 million in new spy equipment from the Obama admin. 2009-2012. UK is said to be desperate to maintain approval of its US cronies believing the connection is all that stands between them and global irrelevance.
Though UK GCHQ's brutal attacks on the Belgium telecom network caused millions of dollars in damages, Belgium chose not to pursue the matter with required aggressiveness fearing political repercussions, citing the US: (Meaning, Belgium knew UK had Daddy US behind them):
"But we [Belgium telecom giant of which Belgian gov. is majority owner] were fighting against two big cyber armies from the UK and the US. We knew we could never win this."
2/17/18, "How U.K. Spies Hacked a European Ally and Got Away With It," The Intercept, Ryan Gallagher
Stuxnet attack related links:
'Obama's General' Pleads Guilty to Leaking Stuxnet Operation. Show Comments. Loading comments... Latest. Don't Make African Nations Borrow Money to Support Refugees. February 21, 2018, 1:47 PM. Curb Your Enthusiasm. February 21, 2018, 1:42 PM. Trump Administration Turns Away Iranian Christians. February 21 ...
Jan 17, 2017 - President Obama has granted a pardon to retired Marine Corps general James Cartwright, according to The Wall Street Journal. ... Cartwright, the government alleged, leaked information to the press about the operation. In October, he pleaded guilty to lying to investigators about speaking to journalists.
Jun 9, 2012 - Stirring stuff, eh? Obama goes on. "The digital world is no longer the province of a small elite. It is a place where the norms of responsible, just, and peaceful conduct among states and peoples have begun to take hold. It is one of the finest examples of a community self-organising, as civil society, academia, ...
Jun 2, 2012 - A damaging cyberattack against Iran's nuclear program was the work of U.S. and Israeli experts and proceeded under the secret orders of President Obama, who was eager to slow that nation's apparent progress toward building an atomic bomb without launching a traditional military attack, say current and ...