Daily Israel Report
More

Zion's Corner Blogs


West is at Mercy of Stuxnet, German Analyst Hints

Top German analyst says Stuxnet virus could be used as WMD against West. Is he pointing at Israel as part of the danger?
By Gil Ronen
First Publish: 4/26/2011, 1:04 PM / Last Update: 4/26/2011, 12:56 PM

German cyber-security expert Ralph Langner, who helped unravel the Stuxnet virus, told a global audience in March that the worm could be used as a weapon of mass destruction against targets in the West. At the end of his presentation on the subject, Langner arguably seemed to hint at the possibility that Israel is part of the danger, although in correspondence a few months ago he named an unspecific "hacker underground" as the possible threat.

 

Langner heads an independent German cyber-security firm that bears his name, which specializes in control systems -- electronic devices that monitor and regulate other devices. Langner's website says that his team analyzed Stuxnet as part of "a global effort to decode the mysterious program," without naming his client.
 
In a March presentation at Ted2011, an elite yet globally public intellectual platform, Langner spoke admiringly of the ingeniousness behind Stuxnet, but also employed an ominous tone, speaking of "the plot behind Stuxnet" and calling its mode of operation "creepy."  
 
Stuxnet's programming is "rocket science," he said, presenting some lines of code from the cyber-virus before his high-tech audience. "It's way above everything that we have ever seen before." The people behind it were "very professional, they knew all the bits and bytes," he explained. "They probably even knew the shoe size of the operator [at the Natanz plant]," he added.
 
The virus was designed to work stealthily, Langner explained. The idea was to take over the uranium-enrichment cascades at Iran's Natanz plant "slowly and creepily" and "to drive maintenance engineers crazy."
 
"When we started our research on Stuxnet six months ago, it was completely unknown what the purpose of this thing was," he said. "We started to work on this around the clock because I thought, well, we don't know what the target is, it could be, let's say for example, a U.S. power plant or a chemical plant in Germany. So we better find out what the target is soon."
 
He went on to describe the danger that Stuxnet would be used to blow up power plants:
"The idea here is not only to fool the operators in the control room. It actually is much more dangerous and aggressive. The idea here is to circumvent a digital safety system.... when they are compromised, then real bad things can happen. Your plant can blow up and and neither your operators nor your safety system will notice it. That's scary. But it gets worse - and this is very important, what I am going to say. Think about this: this attack is generic. It doesn't have anything to do with specifics with centrifuges, with uranium enrichment. So it would work as well, for example in a power plant or in an automobile factory. It is generic. And as an attacker you don't have to deliver this payload by a USB stick, as we saw it in the case of Stuxnet. You could also use conventional worm technology for spreading. Just spread it as wide as possible. And if you do that, what you end up with is a cyberweapon of mass destruction." 
"That's the consequence that we have to face," he said, deliberately, while showing a map that marked Western countries (Israel not included) in green. "So unfortunately, the biggest number of targets for such attacks are not in the Middle East. They are in the United States, in Europe and in Japan. So all the green areas, these are your target-rich environments. We have to face the consquences and we better start to prepare right now."
 
 
The caption on the slide says "This way, Pandora."
 
In what was most likely a "pre-ordered" question from the conference presenter at the end of his lecture, Langner was asked if he thought Israel was behind the attack. His response sounded a dramatic tone:
 
"My opinion is that the Mossad is involved, but that the leading force is not Israel, so that... the leading force behind that is the cyber superpower. There is only one, and that is the United States. Fortunately... fortunately... Because otherwise, our problems would even be bigger." 
The "even bigger" danger Langner is hinting at was deliberately left vague. Based on the presentation alone, and the concluding sentence, it seems possible that he thinks Israel could use the worm against Western targets. Why the German consultant thinks Israel would want to do this, one can only speculate. 
 
However, in a correspondence with cyber-security firm Symantec some six months ago, Langner named a "hacker underground" as the possible threat:
"You fail to understand that the hacker underground has been studying control systems for years without any success. You fail to understand that this community will eagerly dismantle Stuxnet as a blueprint for how to cyber-attack installations from the cookie plant next door to power plants."
So - does Langner think the threat is Mossad or the "hacker underground"? Is the "hacker underground" he fears Jewish, Muslim, or other? Is there an anti-Semitic tinge to the description of the virus as "creepy" and to its inception as a "plot"? Why is Israel not included in the green areas that could come under the Stuxnet threat? Was he hinting that if Mossad and not the U.S. were the leading force behind Stuxnet, the West's problems would be bigger? Is he concerned about a targeted attack or an uncontrolled worldwide attack? These are questions that cannot be answered at this point.
 
Over the decades since Israel's acquisition of nuclear technology, there has occasionally been speculation over the Jewish state's options in case it were faced with a lethal attack. One possible course of action that has been floated is known as the "Samson Option," in which Israel would take down its (past and present) enemies with it, like the Biblical hero.
 
The New York Times recently reported that the Stuxnet virus could possibly still be infecting Iranian systems and that it may unleash additional havoc on new targets. Iranian civil defense commander Gholamreza Jalali said Monday the Islamic Republic's nuclear program has fallen prey to a new computer virus called "Stars."