Home » News » Balance of Power » We’re Slowly Starting to See U.S.’ Cyber Weapons

We’re Slowly Starting to See U.S.’ Cyber Weapons

by John Reed on June 20, 2012

For years now, Defense Department officials have refused to discuss the details of the Pentagon’s offensive capabilities in the cyber arena, even as they railed against all the cyber attacks against the United States’ ever-vulnerable networks.

It seems however, that the Pentagon is happy to let actions speak for it. Earlier this spring, news reports emerged saying that it was indeed the U.S. and Israel who were behind the Stuxnet worm that famously wreaked havoc on Iran’s attempts to enrich uranium for its nuclear program. That worm was designed to make its way accross copmuter networks around the globe before infiltrating the specific type of Seimens-made SCADA computer that controlled the speeds at which Iran’s uranium enrichment centrifuges spun at. Once inside said computers, the infamous worm reprogrammed the centrifuges to spin at the wrong speeds where they would wreck the enrichment process.

At its time, Stuxnet was considered one of the most sophisticated cyber-weapons ever discovered. It was so sophisticated that analysts speculated that it had to have been made by an organization with the backing of significant government and/or corporate resources.

Well, as you know, Stuxnet has just been topped in sophistication by another American and Israeli-made virus that targeted Iran’s nuclear program. Flame.

So it seems that the virus that has been described as ushering in a new era cyber-warfare by experts at places like Kaspersky Labs, was one of the U.S.’ cyber weapons.

As we wrote last month:

showing that it can take snapshots of an infected computer’s display screen, record audio conversations using the computer’s microphones as well as steal normal computer files.

However, it can also be remotely re-programmed to switch from intel-gathering to offensive mode, turning itself into a cyber weapon capable of disrupting its targets’ basic functions, much like the Stuxnet virus did to Iran’s Uranium enrichment centrifuges.

All of these advanced features in one worm led Internet security firm Kaspersky to call the arrival of Flame, “another phase in this [cyber ]war, and it’s important to understand that such cyber weapons can easily be used against any country. Unlike with conventional warfare, the more developed countries are actually the most vulnerable in this case.”

Or as former DT cyber writer Kevin Coleman quoted another analyst as saying, “Flame redefines cyber espionage, it makes all the other software in that category look like cheap toys!”

What’s most  impressive — or scary — is that, according to the Washington Post, Flame — which has been hiding out there undiscovered for years as a routine Microsoft software update — is just the tip of the iceberg in a massive cyber espionage effort against Iran.

 

The massive piece of malware secretly mapped and monitored Iran’s computer networks, sending back a steady stream of intelligence to prepare for a cyber­warfare campaign, according to the officials.

The effort, involving the National Security Agency, the CIA and Israel’s military, has included the use of destructive software such as the Stuxnet virus to cause malfunctions in Iran’s nuclear-enrichment equipment.

The emerging details about Flame provide new clues to what is thought to be the first sustained campaign of cyber-sabotage against an adversary of the United States.

“This is about preparing the battlefield for another type of covert action,” said one former high-ranking U.S. intelligence official, who added that Flame and Stuxnet were elements of a broader assault that continues today. “Cyber-collection against the Iranian program is way further down the road than this.”

Who knows what other types of cyber weapons we’ll see coming from the U.S. or what types of weapons will now be unleashed on the U.S. Remember, reality can often be stranger than fiction. However, as impressive and worrisome as these cyber weapons may be, they might just be playing a role in reducing the risk of a potentially much more destructive shooting war breaking out, as the Post points out.

The U.S.-Israeli collaboration was intended to slow Iran’s nuclear program, reduce the pressure for a conventional military attack and extend the timetable for diplomacy and sanctions.

 

Share |

{ 55 comments… read them below or add one }

Black Owl June 20, 2012 at 12:16 pm

I remember reading somewhere that a Chinese general was interviewed on cyber weapons and cyber warfare. One of the things he said during the interview was that although China had made significant advances the Americans are still getting the most information and the are still the best at cyber warfare.

Reply

TomUK June 20, 2012 at 1:06 pm

The word ‘boomerang’ comes to mind. If you initiate and thereby legitimate such actions, expect the eventual results. (And it’s rather a foolish idea, given the dependency of much of ‘Western’ infrastructure on computers).

Reply

JackBlack June 20, 2012 at 1:55 pm

First test = let it in the wild = make it publicly available online, see what happens.
Yeah leak, right, pipe leaked.

Reply

Jeff M June 21, 2012 at 3:22 pm

I don't think most of the world realizes how big of a threat they are. It's worse than backyard nuclear weapons. A smart hacker could design a cyber-weapon that wiped out every computer on earth. The one's that're really intriguing to me are phone malware, I can picture a game of "climb the ladder" where a hacker infiltrates someones phone and with the aid of voice synthesis can BE that person, and passes the malware from handset to handset. Even if this phone malware is delivered via bluetooth or direct contact it's still a major threat. Your phone knows EVERYTHING about you, the camera, the microphone, the onboard "sigint package."

Reply

Edward June 21, 2012 at 1:44 pm

Chinese no tell US how powder works. Let US believe China behind. Chinese intelligent, no make mistake.

Reply

Steven Oliver June 21, 2012 at 3:54 pm

Racist and hilarious! I love it!

Reply

Matthew June 20, 2012 at 2:10 pm

Loose lips sink ships. I agree with the boomerang comment. Time will tell.

Reply

dfor June 20, 2012 at 2:10 pm

One of the most fascinating aspects about this subject is how cyber-weapons are usually a one-off capability, like China's rocket forces. So the real challenge, it appears to me, is continuously finding new exploits that the enemy will not expect. In other words, I think surprise can be far harder to achieve in the cyber domain than in RL, but when it works, it works fine. Just fine.

Reply

NathanS June 20, 2012 at 11:18 pm

Think of them like spies. Sometimes their cover gets blown, and their means of entry is discovered. It just means that other ways of disclosing their identity and other means of entry will have to be found. With the complexity and fast progression of technology, this is actually relatively easy. New exploits are discovered daily.

As mentioned in the article, Flame has been there undiscovered for years. So it's probably been quite successful. I do not believe for a second that these are the only cyber-warfare assets that the US / Israel have deployed.

It's believed that the Chinese have potentially compromised thousands of machines they they use to mask the origin of attacks, and also use as a platform to launch denial of service attacks.

Reply

dfor June 22, 2012 at 1:59 am

An interesting thought, however–what if software progresses to the point where code-checking programs render such exploits far less common?

Reply

Jeff M June 21, 2012 at 3:54 pm

When I first heard about Stuxnet, I predicted the existence of something like Flame, something even more powerful and used for general espionage. Stuxnet and Flame are a derivative of a larger suite of malware that is evolving. Think drone aircraft, you can load it up with bombs, sensors, fuel tanks, etc. Stuxnet was only a one-off because it was designed that way. Flame is what I expected it to be, a swiss-army knife of espionage tools to compliment the stealth, precision "weapons" like Stuxnet.

Reply

Rohan June 20, 2012 at 2:26 pm

Thats toooo slow to be from our part….lets make it fast……we are relying on 6G !!!

Reply

mehrdad June 20, 2012 at 2:36 pm

why to expose all these kind of information to our sworn enemies,the more information we give,less safe we will be at home.that's a big mistake obama administration is doing and did in the past.

Reply

Rohan June 20, 2012 at 2:39 pm

EXACTLY ……..

Reply

Joeblow June 21, 2012 at 2:25 am

Right… because it's not like the Iranians don't already suspect Israel and the U.S. of being behind Stuxnet.

I'd like to know just how the Iranians knowing we're behind Stuxnet makes us less safe at home?

Reply

Bobby May 11, 2013 at 8:16 pm

Shouldnt u be helping India out of poverty

Reply

shawn1999 March 14, 2014 at 3:56 pm

You only tell the enemy what you are doing when you:
1) Are bluffing to get them to act in a manner you want them to
2) Are distracting them from what you are REALLY doing (for example, you want them to stop looking for a bigger asset, so you "let" them find a smaller asset instead)
3) Have already made it obsolete and moved on to something better (in which case, it makes a great target decoy for #2)

Reply

R.Confused June 20, 2012 at 2:49 pm

Wow. Did everybody miss the big point here? I have suspected for sometime this might be a possibility:

"which has been hiding out there undiscovered for years as a routine Microsoft software update"

I guess since Google has climbed in bed with the NS@, Microsoft felt jealous and climbed into bed with the DoD.

My guess is that Microsoft has the ability to place selected software updates via auto-updating to individual computers systems.Since they know and can verify specific hardware their software is installed on.
The question is how many other government agency are using this method to upload spyware on computers of people (and or citizens) they want to keep track of via spyware upload under the disguise of a M$-software security update patch it sends out monthly.
Since nobody in any country would suspect M$ of doing something like this. (All of this under a presidential executive order that bypassing all legal pathways that might question the procedure, thus protecting M$ from future legal claims.)

x.x.x.

Reply

JackBlack June 20, 2012 at 3:00 pm

Exclude Germany where brains still work, read Heise.de.

Reply

joe June 21, 2012 at 2:52 am

Well, if 'cyber attack' can be defined as 'cause a computer to completely lock up for no readily apparent reason', I must admit Microsoft to be one of the most experienced organisations in the world.

Reply

Thomas L. Nielsen June 21, 2012 at 5:51 am

That reminds me of this one (an oldie, but a goodie):

Why Windows is not a virus:

1. Viruses replicate quickly – okay, Windows does that.

2. Viruses use up valuable system resources, slowing down the system as they do so – okay, Windows does that as well.

3. Viruses will, from time to time, trash your hard disk – okay, so Windows does that too.

4. Viruses are usually carried, unknown to the user, along with valuable programs and systems. Sigh… Windows as well.

5. Viruses will occasionally make the user suspect their system is too slow (see pt. 2) and the user will buy new hardware. Yup, that's Windows again.

6. Viruses are well supported by their authors, run on most systems, their program code is fast, compact and efficient and they tend to become more sophisticated as they mature. THIS IS WHY WINDOWS IS NOT A VIRUS!

Regards & all,

Thomas L. Nielsen
Luxembourg

Reply

Gridlock June 21, 2012 at 6:44 am

You're close, in that it is a big deal – but the attackers counterfeited a digital certificate that made the virus look like MS-signed code, and fiddled with the local network so windowsupdate.microsoft.com was their bitch. One auto-update later and all the local machines are infected.

900 million PCs check in with MS each month. Subverting this has been an antivirus nightmare for years, and it has now been proven possible.

Reply

Matt June 20, 2012 at 3:14 pm

Resistance is futile

Reply

Pilgrimman June 20, 2012 at 3:18 pm

I'm afraid I can't let you do that, Iran.

Reply

Tom Hendricks June 20, 2012 at 4:42 pm

Cyber attack against other countries by US is terrorism at highest level. But no body calls it terrorism because it's done by US.

We might want to ask ourselves why that is?!
When hizbollah? attack they are called terrorist. But when terrorist attack in Syria they are rebels in western media.

I belive in YIn and YANG and right now there is 2 much Yang from our side and it can only go the other way.

Reply

Josh June 20, 2012 at 5:15 pm

You might want to look up the definition of terrorism before you make statements like that. Just saying…

Reply

O.J. Sampson June 20, 2012 at 5:16 pm

By definition an act of terrorism is warfare waged on a civilian population. Stuxnet and Flame do not exactly fall into that category. This attack can be more accurately described as an act of war, however, there is no governing legislation regarding cyber warfare written by any national or international body. Therefore, it even fails to meet the "legal" definition of an act of war. Unfortunately, these attacks – right or wrong – fall into the legal abyss that allows governments to act unimpeded.

Reply

Josh June 20, 2012 at 5:18 pm

Well said

Reply

NathanS June 20, 2012 at 11:02 pm

When CIA caused the trans-Siberian gas pipeline disaster in 1982, was this an act of war?

The term "Cyber-warfare" is slightly misleading, as it has nothing to do with war as in bombs and bullets. It's linage is actually from that of spying and espionage.

Reply

O.J. Sampson June 21, 2012 at 12:41 am

Snooping on someone's computer networks is pure espionage. When these programs begin to cause physical damage to an enemy's military, political, and/or economic infrastructures they become kinetic strikes. In this example the delivery system for our bombs or bullets was a pc virus. The only difference is that the laws of war are currently several years behind today's technologies.

Reply

STemplar June 21, 2012 at 2:36 am

We get to ask ourselves these questions though. In China freedom is banned word in search engines. In Iran they have installed surveillance cameras in coffee shops. You might want to ask yourself do you want to win or lose against those kinds of mentalities and quit the silly moral equivocation crap.

Reply

Anthony June 21, 2012 at 8:23 am

Want to know the difference Tom, its that IF this occurred, it was purely defensive. We have as many nuclear weapons as anyone in the world, but you wont see us letting them lose. The second Iran has one, the auction begins…think about what you're saying.

Reply

Lance June 20, 2012 at 8:48 pm

Good let the Cyber Command send Iran's economy to the same century as its society is the 5th century!!!!!

Reply

Hear the truth May 11, 2013 at 8:24 pm

You really are ignorant. In Iran women can drive what about Saudi Arabia where women are banned from driving where's your brain then. It seems you've been brainwashed by the controlled news/media to think bad of a country where you've never been and to like a country like Saudi which is the one behind the times. Open your eyes and wake up to reality

Reply

Joshua June 21, 2012 at 3:01 am

This article put a smile on my face.

Reply

ltfunk2 June 21, 2012 at 4:23 am

With the US government getting into teh cybercrime business the effect on our software industry will be very bad.

Why would you buy Microsoft phones and tablets when they simply let the IRS and government agencies snoop around your company at will.

At the same time with so much more cash available for exploits if you are a Microsoft employee in India and you arn't putting in some extra exploits into MS code and selling it you are one of the slow ones.

We could have had a massive industry selling electronic services to the world. But that is going to die now because you cant turn a market into a battlefield and your customers into enemies and expect the industry to survive.

Reply

longshadow June 21, 2012 at 9:36 am

We just handed the world a polished malware management framework that can be used to jumpstart cyber warfare capabilities. Duqu, Stuxnet, and Flame are the new 'baseline' and there isn't any reason why a state or private actor can't produce and deploy their own variant in a matter of months.

The real question is what are they going to do to US now that our enemies and fringe actors have reliable cyber warfare capabilities?..

Reply

Josh June 21, 2012 at 11:15 am

I highly doubt we would have used these capabilities if we didn't know how to counter them and we obviously know that people are going to use these as the building block for complex attacks. That kind of stuff always comes into consideration before you release something. It would be beyond stupid for us to use a weapon like this and not be able to protect ourselves from the backlash of people using the source weapon, or their own modified version. Dont forget that a lot of the technologies you see today have been classified for sometimes decades before they are made public. And 90% of the time the reason they are made public is bigger, better, and more capable sytems are already in use or being worked on. Flame pre-dated Stuxnet, and if we're just seeing Flame now I'm sure there are even more capable and at the same time scarier things in the cyber warfare bag of tricks

Reply

Joe June 21, 2012 at 11:09 am

We are at the manhatten project stage of cyber weapon development. The thing that worries me is proliferation of this stuff.

Code does not get unwritten. This could be a MAJOR leveler of the conflict playing field.

Reply

leeretarmy June 21, 2012 at 12:04 pm

What the hell happened to OPSEC

Reply

blight_ June 21, 2012 at 12:12 pm

Consider Kapersky Labs isn't a branch of the US government (if anything, they are a Russian company), what OPSEC?

As for Washington Post, it would depend on who is talking. Then again, considering Kapersky isolated the virus and decompiled the binaries, the source code itself will tell you everything you needed to know about its capabilities.

Reply

Infidel4LIFE June 21, 2012 at 1:22 pm

ALL IS FAIR IN LOVE AND WAR.

Reply

longshadow June 21, 2012 at 2:36 pm

There is no such thing as OPSEC for this kind of thing. All it takes is one person somewhere in the world to find and capture an instance of the software and then the secret is out.

Reply

JackBlack June 20, 2012 at 1:54 pm

What they lack in skill they gain in numbers. You speak like a true fan boy defending Apple against Samsung, you can do that only you should be told in advance it is futile. US tech is in fact not superior at all, only the school of thinking is different. Your paragraph reminds me of the cold war, when they spoke about Ruskies that way.

Reply

Black Owl June 20, 2012 at 3:16 pm

You have no idea what I was thinking. I was just citing a quote from an interview. They have copied a lot of Russian tech to reach space. Also you do realize that the Chinese have great difficulty in using cyber espionage to get any major design advances from Russia. They have difficulty getting anything from Russia without stealing an actual unit or unless the Russians sell them an old or rejected design like the MiG-1.44 that was used to make the J-20. The Chinese even tried to buy 48 Su-35S Super Flankers from Russia and of course the Russians refused because they knew the Chinese just wanted to copy them. Their difficulty in stealing Russian tech is most likely attributed to the fact that Russian designers and engineers have a long history of hand writing out everything, even their calculations, on paper. It doesn't matter how many hackers you have or how great they are. You simply can't hack paper. By comparison we practically abuse computers to do the numbers for us and store the date on electronic hard drives while simultaneously manufacturing most of our electronics and computers parts from Chinese factories. Maybe we should stop using computers for convenience and start hand writing our things out like the Russians.

Reply

blight_ June 20, 2012 at 4:18 pm

"Their difficulty in stealing Russian tech is most likely attributed to the fact that Russian designers and engineers have a long history of hand writing out everything, even their calculations, on paper"

I wonder what MiG and Sukhoi would say…

Reply

JackBlack June 20, 2012 at 4:32 pm

Indeed I am not at the level of mind reading, just reading at face value of what you said, granted.
What makes you think they copied Ruskie space tech, did it ever occur to you they might have being given a few or more clues as to what goes where from them, just so they can become an annoyance on the side, while not publicly implicating Russia. I mean it was done in the past, look at Korea and Nam, Iran the lates, Cuba previously. I mean the Baikonur is a rent space, anyone can take of from. Speaking about copying Russians, do you remember the famous Mig-25 flyover in Korea, one the US have mere hours to disassemble before they had to return it, the Mig-25 in the same way, was anything implemented in the US jets, you betcha Sabre, Tomcat respectively.
As for the types of school of engineering, you are correct, you can have one designer and engineer doing it all by hand in the USSR, whereas in the West you would have teams doing it piece by piece. Pen and paper you would not believe are way better then computers except for running the dynamic stress tests like Catia can. So basically where you can't have computer theft you have corruption, only they are quite efficient in wiping that out in all terms of speaking. One thing western engineers are not understanding about Slavic tech is that all is redundant especially planes and there is a parallel electronic system running side by side. If you ever opened and SU 30+ or Mig 29+ plane and tried to repair it you'd know. In China however the system is even more perfected than in West, everybody is creating but a small piece of the entire puzzle, only thing is those knowing how the puzzle adds up are not always let to govern the project but the Party is instead. And it is the same as with Hitler and the Generalismus staff, he is crazy and they know what needs to be done, so he wins.

Reply

Riceball June 20, 2012 at 5:57 pm

In all fairness, the Chinese probably stole or copied a fair bit of our space tech too but they almost certainly stole from the Russians well. What makes me and other think that? Two things, first thing is how behind tech wise China was up until 20 – 30 years ago and who's their closest neighbor that has a robust space program and were (relatively) friendly with when they started their rise to where they are now? Only one country comes to mind and that's Russia.

Reply

Black Owl June 21, 2012 at 12:12 am

Considering their director of the CIA equivalent was working for us and defected to our side recently I highly doubt that.

As for the reasonable time frame, that doesn't seem to make sense because the Russians had started the development of the PAK-FA some time in 2003. They had plenty of time to make calculations and do things right. They went pretty slow, but they were also very deliberate in everything that they did. They repeatedly said that they were not looking to get the PAK-FA out quickly, but to make it the best stealth fighter out there. The difference between the F-35 and the T-50 is that the T-50 is actually progressing in its testing and will most likely make it to service in 2016. The Russians don't seem to have added a complex DAS system that would have slowed down development and took forever to make. They settled for a simple suite of IR scanners, rearward facing AESA radar, and L-band radar to seek other stealth jets. These were much more simple to make and provide fairly decent capabilities in comparison to the known abilities of other 5th gen fighters.

Reply

joe June 21, 2012 at 2:50 am

Not an unreasonable argument, *except* we're not talking about a software analogue of a spy, but rather the software analogue of a saboteur.

Had a CIA agent walked into Bushehr, calmly stuck a claymore to the side of a centrifuge and set it off, there would be a non-trivial case for calling it an act of war.

This goes back to the argument that was being had a while back about what the military equivalents (justified under reciprocal action) are to various forms of cyber attack.

Reply

NathanS June 21, 2012 at 3:54 am

Modern day spies may deal in intelligence, counter-intelligence, subversion, and even assassinations and sabotage.

In 2006 a Russian spy assassinated Alexander Litvinenko in London with a radioactive poisoned umbrella. In 1982 CIA operatives modified gas controllers resulting in the trans-Siberian gas pipe-line explosion.

Likewise, Flame and Stuxnet can do both intelligence gathering, or perform more disruptive tasks as required. As for a declaration of war, it's very much a grey area. It usually just results in unhappy governments.

In 2008, Israel violated Syrian air-space and bombed a nuclear plant – a declaration of war if you've ever seen one. That to my mind is playing with fire far more than Flame or Stuxnet is.

Reply

Black Owl June 21, 2012 at 11:35 am

You know what. I really don't know all of the complexities of making a stealth aircraft and neither do you. This thread is kind of pointless since we're both just guessing. I'm just going to say that I think it's possible the Russians did it the way I suggested.

Reply

blight_ June 21, 2012 at 12:21 pm

"Considering their director of the CIA equivalent was working for us and defected to our side recently I highly doubt that. "

Looking through the old KGB director list, I don't see any defections. In the FSB director list, same thing.

Reply

Black Owl June 21, 2012 at 1:08 pm

Check the SVR. It's their agency responsible for foreign operations.

Reply

blight_ June 22, 2012 at 4:42 pm

I knew I forgot an agency. The FSB is more like the FBI, and the SVR more foreign intelligence. Then again, after 9/11 the FBI has begun doing more work overseas, and it's not like the CIA is really hands off in domestic affairs.

That said, Sergei Tretyakov appeared to be a station chief, which is fairly high level; though Gordievsky was the same rank in the KGB during his defection.

Reply

Leave a Comment

Previous post:

Next post: