The memory sticks were scattered in a washroom at a US military base in the Middle East that was providing support for the Iraq war.
They were deliberately infected with a computer worm, and the undisclosed foreign intelligence agency behind the operation was counting on the fallibility of human nature. According to those familiar with the events, it calculated that a soldier would pick up one of the memory sticks, pocket it and — against regulations — eventually plug it into a military laptop.
It was correct.
The result was the delivery of a self-propagating malicious worm into the computer system of the US military’s central command — Centcom — which would take 14 months to eradicate.
That attack took place in 2008 and was acknowledged by the Pentagon only this August. It was strikingly similar to the recently disclosed cyber attack on Iran’s nuclear facilities using the Stuxnet worm, which also appears to have used contaminated hardware in an attempt to cripple Iran’s nuclear program.
Like the attack on Centcom’s computers, the Stuxnet worm, which Iran admits has affected 30,000 of its computers, was a sophisticated attack almost certainly orchestrated by a state. It also appears that intelligence operatives were used to deliver the worm to its goal.
Its primary target, computer security experts say, was a control system manufactured by Siemens and used widely by Iran, not least in its nuclear facilities.
On Wednesday, Iran confirmed that the worm had been found on laptops at the Bushehr nuclear reactor, which had been due to go online next month but has now been delayed. It denied the worm had infected the main operating system or caused the delay.
“I say firmly that enemies have failed so far to damage our nuclear systems through computer worms, despite all of their measures, and we have cleaned our systems,” Ali Akbar Salehi, the head of Iran’s atomic energy agency, told the Iranian Students News Agency.
If the Stuxnet attack on Iran was a limited act of cyber sabotage, on Tuesday the US attempted to imagine what an all-out cyber war might look like and whether it was equipped to deal with it.
In an exercise named Cyber Storm III, involving government agencies and 60 private sector organizations including the banking, chemical, nuclear energy and information sectors, it presented a scenario where the US was hit by a coordinated cyber shock-and-awe campaign, hitting 1,500 different targets. The results of the exercise have not been released.
One of those who believes that cyber war has finally come of age is James Lewis of the Center for Strategic and International Studies in Washington. Lewis said that while previous large-scale hacking attacks had been an annoyance, Stuxnet and the attack on Centcom represented the use of malicious programs as significant weapons.
“Cyber war is already here,” Lewis said. “We are in the same place as we were after the -invention of the aeroplane. It was inevitable someone would work out how to use planes to drop bombs. Militaries will now have a cyber-war capability in their arsenals. There are five already that have that capacity, including Russia and China.”
Of those, Lewis said he believed only three had the motivation and capability to mount the Stuxnet attack on Iran: the US, Israel and the UK.
He added that a deliberate hack of an electric generator at the Idaho National Laboratory, via the Internet, had previously demonstrated that infrastructure could be persuaded to destroy itself.
“There is growing concern that there has already been hostile reconnaissance of the US electricity grid,” he said.
Last year, the Wall Street Journal quoted US intelligence officials describing how cyber spies had charted the on-off controls for large sections of the US grid and its vulnerability to hacking.
The head of the Pentagon’s newly inaugurated US Cyber Command, General Keith Alexander, has recently said that it is only a matter of time before the US is attacked by something like the Stuxnet worm.
In recent testimony to Congress, Alexander underlined how the cyber war threat had rapidly evolved in the past three years, describing two of the most high-profile attacks on countries: A 2007 assault on Estonia and a 2008 attack on Georgia during its war with Russia, both blamed on Moscow.
Those were “denial of service” attacks that disabled computer networks. But it is destructive attacks such as Stuxnet that frighten Alexander the most.
He favors agreements similar to nuclear weapons treaties with countries such as Russia to limit the retention and use of cyber-war technology.
One of the problems that will confront states in this new era is identifying who is behind an attack. Some analysts believe Israel is the most likely culprit in the Stuxnet attack on Iran — perhaps through its cyber war “unit 8200,” which has been given greater resources. They point to a file in the worm called Myrtus — perhaps an oblique reference to the book of Esther and Jewish pre-emption of a plot to kill them, but it could also be a red herring.
Dave Clemente, a researcher into conflict and technology at the Royal United Services Institute at Chatham House in London, said where once the threat from cyber war was “hyped ... reality has quickly caught up.”
“You look at the Stuxnet worm. It is of such complexity it could only be a state behind it,” he said.
Clemente points to the fact that the attack used four separate, unpublicized flaws in the operating system of the Bushehr plant to infect it.
Other experts note that Stuxnet used genuine verification code stolen from a Taiwanese company, and that the worm’s designers built in safeguards to limit the amount of collateral damage it would cause.
“The US and the UK are now putting large amounts of resources into cyber warfare, in particular defense against it,” said Clemente, pointing out that there is now a cyber security operations centerin GCHQ (British government communications headquarters) and a new office of cyber security in the Cabinet Office.
“What I think you can say about Stuxnet is that cyber war is now very real. This appears to be the first instance of a destructive use of a cyber war weapon,” he said.
Recently, China launched another diplomatic offensive against Taiwan, improperly linking its “one China principle” with UN General Assembly Resolution 2758 to constrain Taiwan’s diplomatic space. After Taiwan’s presidential election on Jan. 13, China persuaded Nauru to sever diplomatic ties with Taiwan. Nauru cited Resolution 2758 in its declaration of the diplomatic break. Subsequently, during the WHO Executive Board meeting that month, Beijing rallied countries including Venezuela, Zimbabwe, Belarus, Egypt, Nicaragua, Sri Lanka, Laos, Russia, Syria and Pakistan to reiterate the “one China principle” in their statements, and assert that “Resolution 2758 has settled the status of Taiwan” to hinder Taiwan’s
Singaporean Prime Minister Lee Hsien Loong’s (李顯龍) decision to step down after 19 years and hand power to his deputy, Lawrence Wong (黃循財), on May 15 was expected — though, perhaps, not so soon. Most political analysts had been eyeing an end-of-year handover, to ensure more time for Wong to study and shadow the role, ahead of general elections that must be called by November next year. Wong — who is currently both deputy prime minister and minister of finance — would need a combination of fresh ideas, wisdom and experience as he writes the nation’s next chapter. The world that
The past few months have seen tremendous strides in India’s journey to develop a vibrant semiconductor and electronics ecosystem. The nation’s established prowess in information technology (IT) has earned it much-needed revenue and prestige across the globe. Now, through the convergence of engineering talent, supportive government policies, an expanding market and technologically adaptive entrepreneurship, India is striving to become part of global electronics and semiconductor supply chains. Indian Prime Minister Narendra Modi’s Vision of “Make in India” and “Design in India” has been the guiding force behind the government’s incentive schemes that span skilling, design, fabrication, assembly, testing and packaging, and
As former president Ma Ying-jeou (馬英九) wrapped up his visit to the People’s Republic of China, he received his share of attention. Certainly, the trip must be seen within the full context of Ma’s life, that is, his eight-year presidency, the Sunflower movement and his failed Economic Cooperation Framework Agreement, as well as his eight years as Taipei mayor with its posturing, accusations of money laundering, and ups and downs. Through all that, basic questions stand out: “What drives Ma? What is his end game?” Having observed and commented on Ma for decades, it is all ironically reminiscent of former US president Harry