Threat Research

US Government, Stuxnet, and Cyber-Attacks: Caveat Coder

Avast Security Blogger, 5 June 2012

US Government, Stuxnet, and Cyber-Attacks: Caveat Coder

New reports tying the Stuxnet worm to the US government has many people asking questions. What exactly is a cyberattack? Does conducting a cyberattack have the same implications as a physical military attack? Is the US waging an undeclared war on Iran in the same way that a bombing of its nuclear facilities would have done? Is this the new face of warfare and defense?

And now there’s the recent discovery of the Flame virus. We seem to be entering an era where military and diplomatic goals are increasingly embracing the Internet and cyber tools as a vehicle with which to achieve.

One of the big challenges in understanding all this is the lack of agreed upon definitions and principles. We may refer to this attack as cyber-sabotage, while Iran may refer to it as cyber-war or even cyber-terrorism. The Flame virus would be best categorized as cyber-espionage. Without terminology that is clear and agreed upon, the classification of this action is left to be determined by the rhetoric of politicians driven by their own political goals.

There are far more disconcerting implications and considerations if the US is to conduct state-sponsored initiatives in cyberspace.

  • Collateral damage: these viruses could ‘get loose’ and inflict unintended damage. We saw this with Stuxnet in 2010, as it hit more than its intended Iranian targets because of a “programming error” (by the way: it was a “programming error” that caused all the damage arising from the Morris Worm as well, for those who remember that little event in computer history)
  • Re-purposing and reuse: With cyber-attacks, the targeted opponents will have access to the code that was used. This is like handing the enemy the schematics for every weapon you use against them. With the code, an opponent can replicate the malware and modify it to their own needs. The only additional ‘raw material’ being programmer talent.
  • Deniability: Military personnel are clearly identifiable, and armaments all have traceable points of origin. Not so with cyberattacks. We’ve already seen this in the US, where we think past attacks came from China or North Korea, but we can’t be sure. As the US starts to employ such tools, we increase our own ability to deny our actions; war becomes a clandestine affair, which is often at odds with our democratic principles.

Paradoxically, the proponents of building up US cybersecurity defenses will suffer a setback with the US now admitting its role in Stuxnet. These proponents – many of whom are in the military or defense contractor business – had taken up Stuxnet as their cause celebre and chief argument for extending the reach of DHS, NSA, and other federal authorities into our businesses and personal lives. But the government and the cybersecurity industry can’t go clamoring for more funding to defend against a boogeyman of their own creation.

Check 1 comments or write your comment

Discussion (1)