Israel
Israel, through Unit 8200,[113][114] has been speculated to be the country behind Stuxnet in many media reports[76][90][115] and by experts such as Richard A. Falkenrath, former Senior Director for Policy and Plans within the US Office of Homeland Security.[116][77] Yossi Melman, who covers intelligence for the Israeli daily newspaper Haaretz and is writing a book about Israeli intelligence, also suspected that Israel was involved, noting that Meir Dagan, the former (up until 2011) head of the national intelligence agency Mossad, had his term extended in 2009 because he was said to be involved in important projects. Additionally, Israel now expects that Iran will have a nuclear weapon in 2014 or 2015 – at least three years later than earlier estimates – without the need for an Israeli military attack on Iranian nuclear facilities; “They seem to know something, that they have more time than originally thought”, he added.[27][48] Israel has not publicly commented on the Stuxnet attack but confirmed that cyberwarfare is now among the pillars of its defense doctrine, with a military intelligence unit set up to pursue both defensive and offensive options.[117][118][119] When questioned whether Israel was behind the virus in the fall of 2010, some Israeli officials[who?] broke into “wide smiles”, fueling speculation that the government of Israel was involved with its genesis.[120] American presidential advisor Gary Samore also smiled when Stuxnet was mentioned,[48] although American officials have indicated that the virus originated abroad.[120] According to The Telegraph, Israeli newspaper Haaretz reported that a video celebrating operational successes of Gabi Ashkenazi, retiring IDF Chief of Staff, was shown at his retirement party and included references to Stuxnet, thus strengthening claims that Israel’s security forces were responsible.[121]
In 2009, a year before Stuxnet was discovered, Scott Borg of the United States Cyber-Consequences Unit (US-CCU)[122] suggested that Israel might prefer to mount a cyber-attack rather than a military strike on Iran’s nuclear facilities.[99] And, in late 2010 Borg stated, “Israel certainly has the ability to create Stuxnet and there is little downside to such an attack, because it would be virtually impossible to prove who did it. So a tool like Stuxnet is Israel’s obvious weapon of choice.”[123] Iran uses P-1 centrifuges at Natanz, the design for which A. Q. Khan stole in 1976 and took to Pakistan. His black market nuclear-proliferation network sold P-1s to, among other customers, Iran. Experts believe that Israel also somehow acquired P-1s and tested Stuxnet on the centrifuges, installed at the Dimona facility that is part of its own nuclear program.[48] The equipment may be from the United States, which received P-1s from Libya’s former nuclear program.[124][48]
Some have also referred to several clues in the code such as a concealed reference to the word “MYRTUS”, believed to refer to the Myrtle tree, or Hadassah in Hebrew. Hadassah was the birth name of the former Jewish queen of Persia, Queen Esther.[125][126] However, it may be that the “MYRTUS” reference is simply a misinterpreted reference to SCADA components known as RTUs (Remote Terminal Units) and that this reference is actually “My RTUs”–a management feature of SCADA.[127] Also, the number 19790509 appears once in the code and might refer to the date “1979 May 09”, the day Habib Elghanian, a Persian Jew, was executed in Tehran.[53][128][129] Another date that appears in the code is “24 September 2007”, the day that Iran’s president Mahmoud Ahmadinejad spoke at Columbia University and made comments questioning the validity of the Holocaust.[37] Such data is not conclusive, since, as written by Symantec, “Attackers would have the natural desire to implicate another party” with a false flag.[37][53]
United States
There has also been testimony on the involvement of the United States and its collaboration with Israel,[130][131] with one report stating that “there is vanishingly little doubt that [it] played a role in creating the worm.”[37] It has been reported that the United States, under one of its most secret programs, initiated by the Bush administration and accelerated[citation needed] by the Obama administration, has sought to destroy Iran’s nuclear program by novel methods such as undermining Iranian computer systems. A diplomatic cable obtained by WikiLeaks showed how the United States was advised to target Iran’s nuclear capabilities through ‘covert sabotage’.[132] A New York Times article as early as January 2009 credited a then unspecified program with preventing an Israeli military attack on Iran where some of the efforts focused on ways to destabilize the centrifuges.[133] A Wired article claimed that Stuxnet “is believed to have been created by the United States”.[134] The fact that John Bumgarner, a former intelligence officer and member of the United States Cyber-Consequences Unit (US-CCU), published an article prior to Stuxnet being discovered or deciphered, that outlined a strategic cyberstrike on centrifuges[135] and suggests that cyber attacks are permissible against nation states which are operating uranium enrichment programs that violate international treaties gives some credibility to these claims. Bumgarner pointed out that the centrifuges used to process fuel for nuclear weapons are a key target for cybertage operations and that they can be made to destroy themselves by manipulating their rotational speeds.[136]
In a March 2012 interview with CBS News’ “60 Minutes”, retired USAF General Michael Hayden – who served as director of both the Central Intelligence Agency and National Security Agency – while denying knowledge of who created Stuxnet said that he believed it had been “a good idea” but that it carried a downside in that it had legitimized the use of sophisticated cyberweapons designed to cause physical damage. Hayden said, “There are those out there who can take a look at this… and maybe even attempt to turn it to their own purposes”. In the same report, Sean McGurk, a former cybersecurity official at the Department of Homeland Security noted that the Stuxnet source code could now be downloaded online and modified to be directed at new target systems. Speaking of the Stuxnet creators, he said, “They opened the box. They demonstrated the capability… It’s not something that can be put back.”[137]
Joint effort and other states and targets
Ambox current red.svg
This section needs to be updated. Please update this article to reflect recent events or newly available information. (June 2012)
In April 2011 Iranian government official Gholam Reza Jalali stated that an investigation had concluded that the United States and Israel were behind the Stuxnet attack.[138] Frank Rieger stated that three European countries’ intelligence agencies agreed that Stuxnet was a joint United States-Israel effort. The code for the Windows injector and the PLC payload differ in style, likely implying collaboration. Other experts believe that a US-Israel cooperation is unlikely because “the level of trust between the two countries’ intelligence and military establishments is not high.”[37]
A Wired magazine article about US General Keith B. Alexander stated: “And he and his cyberwarriors have already launched their first attack. The cyberweapon that came to be known as Stuxnet was created and built by the NSA in partnership with the CIA and Israeli intelligence in the mid-2000s.”[139]
China,[140] Jordan, and France are other possibilities, and Siemens may have also participated.[37][130] Langner speculated that the infection may have spread from USB drives belonging to Russian contractors since the Iranian targets were not accessible via the Internet.[20][141]
Sandro Gaycken from the Free University Berlin argued that the attack on Iran was a ruse to distract from Stuxnet’s real purpose. According to him, its broad dissemination in more than 100,000 industrial plants worldwide suggests a field test of a cyber weapon in different security cultures, testing their preparedness, resilience, and reactions, all highly valuable information for a cyberwar unit.[142]
The United Kingdom has denied involvement in the worm’s creation.[143]
Stratfor Documents released by Wikileaks suggest that the International Security Firm ‘Stratfor’ believe that Israel is behind Stuxnet - “But we can’t assume that because they did stuxnet that they are capable of doing this blast as well”.[144]
In July 2013, Edward Snowden claimed that Stuxnet was cooperatively developed by the United States and Israel.[145]
Personally, I do think it was the US, but it’s sort of like the Israeli nuclear program…while everyone ‘knows’ they have it, they still having officially acknowledged it nor is there any (unclassified) evidence that they have one or if they do to what extent they do. Same with this…the code certainly has the fingerprints of earlier, US-based cyber-attack code, but then, as we’ve seen, that sort of thing can be stolen or even get out into the wild and be used and morphed by others.