June 1, 2012

Confirmed: US and Israel Created Stuxnet, Lost Control of It

Nate Anderson, writing for Ars Technica:

"The code was only supposed to work within Iran's Natanz refining facility, which was air-gapped from outside networks and thus difficult to penetrate. But computers and memory cards could be carried between the public Internet and the private Natanz network, and a preliminary bit of 'beacon' code was used to map out all the network connections within the plant and report them back to the NSA."

An article in The New York Times, summarized here by Ars, puts the blame for the Stuxnet worm where it has long believed to belong: US and Israeli intelligence agencies.

We might never have known about Stuxnet had it not contained a coding flaw. Originally designed to operate only within the Iranian nuclear facility at Natanz, the flaw permitted the code to flourish on the Internet after someone inadvertently carried it from Natanz to a public computer.

Your anti-virus software probably won't ever trigger on it, and if it did, Stuxnet wouldn't have much effect on your home or business computing. Stuxnet is unlikely to ruin your day unless you're operating a set of Siemens centrifuges.

Yet here's the first clear example of a government-sponsored cyber attack, a pre-emptive strike with destructive effect on its target, in the wild, bearing US fingerprints. Sound familiar?