StuxNet: Covert Op-Exposing Code In, Covert Op-Exposing Code Out

In this interview between David Sanger and Jake Tapper, Sanger makes a striking claim: that he doesn’t know who leaked StuxNet.

I’ll tell you a deep secret. Who leaked the fact? Whoever it was who programmed this thing and made a mistake in it in 2010 so that the bug made it out of the Natanz nuclear plant, got replicated around the world so the entire world could go see this code and figure out that there was some kind of cyberattack underway. I have no idea who that person was. It wasn’t a person, it wasn’t a person, it was a technological error.

At one level, Sanger is just making the point I made here: the age of cyberwar may erode even very disciplined Administration attempts to cloak their covert operations in secrecy. Once StuxNet got out, it didn’t take Administration (or Israeli) sources leaking to expose the program.

But I’m amused that Sanger claims he doesn’t know who leaked the information because he doesn’t know who committed the “technological error” that allowed the code to escape Natanz. I find it particularly amusing given that Dianne Feinstein recently suggested Sanger misled her about what he would publish (while not denying she might call for jailing journalists who report such secrets).

What you have are very sophisticated journalists. David Sanger is one of the best. I spoke–he came into my office, he saw me, we’ve worked together at the Aspen Strategy Institute. He assured me that what he was publishing he had worked out with various agencies and he didn’t believe that anything was revealed that wasn’t known already. Well, I read the NY Times article and my heart dropped because he wove a tapestry which has an impact that’s beyond any single one thing. And he’s very good at what he does and he spent a year figuring it all out.

Sanger claims, now that DiFi attacked him, he doesn’t know who made this “technological error.”

But that’s not what he said in his article, as I noted here. His article clearly reported two sources–one of them a quote from Joe Biden–blaming the Israelis.

An error in the code, they said, had led it to spread to an engineer’s computer when it was hooked up to the centrifuges. When the engineer left Natanz and connected the computer to the Internet, the American- and Israeli-made bug failed to recognize that its environment had changed. It began replicating itself all around the world. Suddenly, the code was exposed, though its intent would not be clear, at least to ordinary computer users.

“We think there was a modification done by the Israelis,” one of the briefers told the president, “and we don’t know if we were part of that activity.”

Mr. Obama, according to officials in the room, asked a series of questions, fearful that the code could do damage outside the plant. The answers came back in hedged terms. Mr. Biden fumed. “It’s got to be the Israelis,” he said. “They went too far.”

And even though Sanger calls this code an “error,” the quotations he includes show that the President’s briefer and Joe Biden believe it was not an error at all.

In this post, I suggested that the Israelis coded StuxNet to escape, without telling the Americans, so as to undermine American attempts to occupy them with cyberwar to prevent hot war. That is, the implication of Sanger’s article (which he now seems to be trying to retract) is that the Israelis deliberately exposed our cyberwar attack so as to make it more likely they could start a war with Iran.

But there is a far more ominous possibility. The Russians, based on analysis they did at Iran’s Bushehr nuclear plant, have claimed StuxNet might have–and still might–cause Bushehr to explode, effectively setting off a nuclear bomb using code.

Is DiFi so angry at Sanger because he ham-handedly revealed that the Israelis deliberately turned StuxNet into a potential WMD?

Tweet about this on Twitter0Share on Reddit0Share on Facebook0Google+0Email to someone

87 Responses to StuxNet: Covert Op-Exposing Code In, Covert Op-Exposing Code Out

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
Emptywheel Twitterverse
bmaz @Espngreeny Again, Gibson in 1967.
4mreplyretweetfavorite
emptywheel @speechboy71 Btu as I said, those three questions should be fairly basic for anyone making claims you made in your review. @henryfarrell
5mreplyretweetfavorite
emptywheel @speechboy71 Started by pointing out things you were unaware of. You still make claims appear inadequately informed to make @henryfarrell
5mreplyretweetfavorite
bmaz @Espngreeny You might go back and watch Bob gibson in 1967. Gibson 3-0, 3CG,27 IP, 1.00ERA, 26 K's Tough call between the two; both great.
6mreplyretweetfavorite
emptywheel @speechboy71 Those questions are all ones you would need to be able to answer to make claims you made in C4 review. Surely you know answers.
9mreplyretweetfavorite
JimWhiteGNV Also, phone vibrating noisily! RT @OKnox: #monster RT @samsteinhp to the guy in front of me who thinks i’m typing too loudly…. get over it.
11mreplyretweetfavorite
emptywheel @speechboy71 What are the ways back door searches get used?
11mreplyretweetfavorite
emptywheel @speechboy71 How big was 215 watchlist compared to Minaret watchlist?
12mreplyretweetfavorite
emptywheel @speechboy71 OK: How many times in Reggie Walton's tenure did govt not tell him relevant data, that we know of?
12mreplyretweetfavorite
emptywheel @speechboy71 OK. You've done lots of independent reading of the primary documents?
15mreplyretweetfavorite
JimWhiteGNV RT @SIGARHQ: Inexplicable classification of Afghan security forces assessments does a disservice http://t.co/a2blhSrdVz
15mreplyretweetfavorite
emptywheel @speechboy71 We're still discovering ways it has affected USPs, still discovering ways govt has abused FISC process. @henryfarrell
16mreplyretweetfavorite
June 2012
S M T W T F S
« May   Jul »
 12
3456789
10111213141516
17181920212223
24252627282930