Report: Obama ordered Stuxnet attacks on Iran
The worm, developed by U.S. and Israeli agencies, targeted Iran's nuclear program, the New York Times says
IDG News Service - President Barack Obama ordered the Stuxnet cyberattacks on Iran in an effort to slow the country's development of a nuclear program, according to a report in The New York Times.
The Times, quoting anonymous sources, reported that, in the early days of his presidency, Obama accelerated attacks related to an effort begun by the George W. Bush administration. The Stuxnet worm, long rumored to have been developed by Israel or the U.S., escaped from Iranian computers in mid-2010 and compromised computers across the Internet.
Obama considered shutting down the cyberattacks after Stuxnet began compromising other computers, but decided to continue with the program, according to the Times. The Stuxnet worm came from a joint U.S. and Israeli effort to target the Iranian nuclear program, the Times said. The newspaper interviewed U.S., Israeli and European officials currently and formerly involved with the cyberattack program, it said.
Stuxnet was discovered in July 2010, when a Belarus-based security company detected the worm on computers belonging to an Iranian client. The consensus of security experts at the time was that Stuxnet was built by a sophisticated attacker, likely a nation state, and was designed to destroy something big, such as Iran's Bushehr nuclear reactor. Security experts examining the worm when it was first discovered said that it placed its own code into systems installed with Siemens software, after detecting a certain type of Programmable Logic Controller (PLC) device.
A White House spokesman declined to comment on The New York Times story.
Obama raised concerns that the Stuxnet program, code-named Olympic Games, would embolden other countries, terrorists and hackers to use similar attacks, but concluded that the U.S. had no other options available against Iran, the Times story said.
The goal of the attacks was to gain access to the industrial computer controls in Iran's Natanz nuclear plant, the story said. The U.S. National Security Agency and a secret Israeli cyberunit developed the Stuxnet worm, the story said.
The report that the U.S. and Israel were behind the Stuxnet attack didn't surprise Snorre Fagerland, senior virus analyst with Norman, an IT security vendor in Lysaker, Norway. The Stuxnet worm was "orders of magnitude" more complex and sophisticated than previous cyberattacks, he said, and the creation of the malware would have needed significant resources.
It would have taken a team of 10 to 20 people to write Stuxnet, Fagerland said.
The report of U.S. involvement may lead to an increase in cyberattacks, with other countries stepping up their offensive cybercapabilities, Fagerland said. "It raises the stakes," he said. "That will cause others to think, 'They're doing it, so why shouldn't we?'"
While several other countries may have offensive cybercapabilities, they appear to be "less organized" than the team that put together Stuxnet, he added.
Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's e-mail address is firstname.lastname@example.org.
- Chinese hackers master the art of lying in wait
- Spy court OK'd all U.S. wiretap requests it received in 2012
- Groups denounce FBI plan to require Internet backdoors for wiretaps
- South Korea cyberattacks hold lessons for U.S.
- U.S. military networks not prepared for cyberthreats, report warns
- Return of CISPA: Cybersecurity boon or privacy threat?
- New report says cyberspying group linked to China's army
- Obama executive order redefines critical infrastructure
- Obama cybersecurity order lacks bite, security experts say
- Obama seen likely to urge Congress to pass cybersecurity laws in State of the Union address
- Google I/O 2013's Coolest Products and Services
- 10 Star Trek Technologies That are Almost Here
- 19 Generations of Computer Programmers
- 25 Must-Have Technologies for SMBs
- A walking tour: 33 questions to ask about your company's security
- 15 social media scams
- The 7 elements of a successful security awareness program
- IT Certification Study Tips
- Register for this Computerworld Insider Study Tip guide and gain access to hundreds of premium content articles, cheat sheets, product reviews and more.
- Federal IT Innovation Caught in a Catch-22
- Fed resources shoring up old infrastructure, holding back new technologies.
- Inquiry Spotlight: Consumer-Facing Identity
- The challenges of consumer-facing identity management, access management, and authentication differ in ways subtle and dramatic from those of the employee-facing variety.
- IDC Security Infographic
- From the Era Before security to this current era of empowerment this infographic from Blue coat provides a timeline navigates the rise of...
- Key Drivers: Why CIOs Believe Empowered Users Set the Agenda for Enterprise Security
- Several years ago, a transformation in IT began to take place; a transformation from an IT-centric view of technology to a business-centric view...
- Security Empowers Business
- Every magazine article, presentation or blog about the topic seems to start the same way: trying to scare the living daylights out of... All Government IT White Papers
- Becoming An Analytics Driven Organization
- Join us on Tuesday, June 18, 2013, 11:00 AM EDT and learn how your agency can create an analytics culture that will enable...
- 3 Reasons Why Sepaton is the World's Fastest Backup Solution
- Leading analyst, Storage Switzerland learns how Sepaton backs up and deduplicates massive data volumes while maintaining the industry's fastest performance - all in...
- Enterprise File Sharing: All You Need to Know
- Security. Scalability. Control. These are just some of the many benefits of enterprise cloud file-sharing that you'll discover in this KnowledgeVault, packed with...
- Bridging HTTP and FTP with FileXpress Internet Server
- What if you could take an FTP server on your internal network, and allow external users (partners or customers) to securely access it...
- MFT and FileXpress - An Overview
- Business users and applications exchange files on a regular basis. File transfer is a core part of the flow of business activity. All Government IT Webcasts