Israel Behind Iran’s Computer Worm?
by James Zumwalt
As Iran awaited delivery of nuclear fuel at its Bushehr facility in late August, all eyes were upon Israel. In two previous attempts by Middle East countries unfriendly to Israel to develop a nuclear capability, the Israelis never allowed development of a facility to get that far. In both the case of Iraq in 1981 and Syria in 2007, Israel initiated decisive military strikes to destroy them before nuclear fuel could be transferred.
This deadline, self-imposed by Israel, was to avoid the risk during a strike of releasing nuclear radiation into the atmosphere. As the transfer of nuclear fuel to Bushehr’s reactor was completed with no Israeli attack, observers were surprised.
However, it now appears an attack may actually have been launched by Israel last year—with continuing impact on Iran today.
Indications are the Israelis may have quietly extracted from their quiver of options on how to setback Tehran’s nuclear program a “computer-transmitted disease.” And, like a sexually transmitted one, this “cyber super weapon” is a “gift” that keeps on giving.
In June 2010, a Belarus security firm identified existence of a very mysterious computer worm known as “Stuxnet.” Now dubbed the “malware of the century,” it was designed to infiltrate industrial control systems. Accessing its target, the worm can then spy, reprogram or sabotage a system and the equipment it operates.
Stuxnet is very complex, making identification of its architect extremely difficult—if not impossible. However, some indicators suggest an Israeli connection.
• An individual or group would be hard-pressed to design such complex malware. Thus, state support was involved.
• While most advanced nations air concerns about cyber wars of the future, few have taken the threat as seriously as Israel. Its Unit 8200 is a highly secretive cyber-warfare group established within its intelligence services that works not only on defending against cyber attacks but launching them as well.
• As of August 2010, of nine countries hit by Stuxnet, the country most adversely impacted was Iran—i.e., 60% of all infected computers worldwide are located there.
• A New York Times report suggests an Israeli fingerprint exists deep within the malware’s code. In trying to peel back Stuxnet’s complexities, the word “Myrtus” appears. Debate continues as to this word’s significance but one possibility is a biblical reference to the Book of Esther. Esther’s birth name was “Hadassah,” meaning “myrtle”—an evergreen shrub of the genus Myrtus, native to the Mediterranean region. A Jewish orphan, Esther was later taken by a Persian king—not knowing her ethnicity—to become his queen. Risking death, she subsequently revealed to the king she was a Jew in a courageous effort to prevent a campaign to exterminate all Jews in Persia. She succeeded as the Jews launched a pre-emptive attack against their enemies. While some experts contend “Myrtus” is an Israeli calling card intended to cause the Iranians to question the ability to control their own nuclear program, others contend it was planted as misinformation.
It is uncertain when this cyber attack was first launched. There are time stamps on pieces of the code suggesting it was created in early 2009. While the worm may have been released then, it probably was programmed with a time-delay feature—allowing it to infect as many Iranian systems as possible before being activated to do its damage. And, it was in late 2009 the Iranians began encountering problems with their centrifuges, used to enrich uranium, at their main nuclear facility at Natanz.
In the aftermath of Israel’s 2007 air strike against Syria’s nuclear facility, Damascus maintained a low profile—failing to even challenge Israel for violating its airspace—so as not to focus further attention on its nuclear program.
Similarly, although Iran is under cyber attack, Tehran maintains a low profile for this reason as well as to avoid giving credibility to Israel’s cyber-warfare capabilities. Nonetheless, Stuxnet’s impact must be significant as it appears to have generated a schizophrenic Iranian government’s witch hunt for nuclear spies, as evidenced by several recently announced arrests.
The potential dangers from industrial control system failures triggered by malware are endless. On September 9, however, we got a taste of this potential from an accidental failure of a control system monitoring pressure in a gas pipeline under a residential community in San Bruno, Calif. The resulting explosion and fireball claimed eight lives, destroying dozens of homes.
More than 2,500 years ago, the brilliant Chinese military strategist Sun Tzu emphasized the importance of the element of surprise in warfare. The cyber attack against Iran undoubtedly caught the Iranians by surprise. Regardless of who designed Stuxnet, Sun Tzu would be proud of the architect.
Lieutenant Colonel James Zumwalt is a retired Marine infantry officer who served in the Vietnam war, the 1989 intervention into Panama and Desert Storm. An author, speaker and business executive, he also currently heads a security consulting firm named after his father -- Admiral Zumwalt & Consultants, Inc. He has also been cited in numerous other books and publications for unique insights based on his research on the Vietnam war, North Korea (a country he has visited ten times and about which he is able to share some very telling observations) and Desert Storm.