Tuesday, January 15, 2013

The Obama administration "willfully leaked the existence of STUXNET (a computer worm used against Iran), allowing our enemies to learn more of our secrets and of our operations."

The Obama administration "willfully leaked the existence of STUXNET (a computer worm used against Iran), allowing our enemies to learn more of our secrets and of our operations."

Special Operations OPSEC Education Fund on Wednesday, August 15th, 2012 in a Web video

Group says Obama administration 'willfully leaked' existence of computer worm used against Iran

The group of former special forces soldiers and CIA officers behind the video Dishonorable Disclosure wants to make the case that the Obama administration is more than ready to sacrifice national security if it will boost the president’s popularity with voters. The group goes by the name Special Operations -- OPSEC, which stands for operations security.

We have rated two other claims. One was about the White House working with Hollywood producers and giving away intelligent sources and methods, which we rated Mostly False. The other was about whether the Obama administration gave away the identify of of a Pakistani doctor involved in the effort to find Osama bin Laden, which earned a False.

We now turn to the group's statement about the U.S. cyberattacks on Iran’s nuclear program. In the video, the announcer says, "This administration willfully leaked the existence of STUXNET, allowing our enemies to learn more of our secrets and of our operations."

"When we stand up and admit that we were part of putting STUXNET together with our Israeli friends," Bill Cowan, a retired Marine Lt. Colonel, said. "We have really undermined our ability to one, have the Israelis or anyone else work with us on the technology side, and second, we have made it very clear to the Iranians, who did it and who they need to be coming back to pay back."

We wondered if the Obama administration did reveal the nature of the computer worm STUXNET to the world, whether White House insiders shared information that they shouldn’t have, and in so doing, increased the national security threat to America.

We asked the OPSEC group for supporting information. They referred us to a June 2012 New York Times article and comments from two senators.

Zeroing in on STUXNET

STUXNET was a complex computer program that infected the centrifuges used by Iran to enrich uranium. It had two main lines of attack. One would take over the centrifuges and cause them to speed up until they shattered. The other component was especially deceptive. It recorded the pattern of normal operations and fed those signals to the machine technicians so they would never see what was actually going on until it was too late. With 15,000 lines of code, it was more sophisticated and, as computer security experts eventually learned, more targeted than any worm seen before. Needless to say, it was intriguing.

Much in the OPSEC claim hinges on what was known at various times, so let's start with a time line.

First, it's important to note there were revelations about a possible U.S. computer attack before Obama took office. When President George W. Bush was in office, he pushed the idea of targeting Iran's computers as an alternative to an Israeli air strike, according to a January 2009 New York Times article. The article relies on unnamed "senior American and foreign officials" and says, "Mr. Bush embraced more intensive covert operations actions aimed at Iran" that included the possibility of attacking the country's computer systems and networks.

We searched the Nexis database and found the earliest press reports on STUXNET came in late July 2010. Computer security firms had picked up an unusual virus that seemed to be found more in Iran than anywhere else. But there were just five articles in July and only two in August. The articles indicate the information came from private security companies, not the U.S. government.

The number shot up to nearly 150 articles in September. By that time, the experts had begun to pick STUXNET apart -- and they were impressed. Its subtleties and single focus on one type of German-made computer control device attracted a lot of attention. By the end of the month, the British newspaper The Independent, had the headline "Has West declared cyber war on Iran? Experts say the computer virus found in a nuclear plant is the work of a foreign power."

By October, reporters were talking about Israel as the likely force behind the virus. In November the Christian Science Monitor wrote of speculation that America and Israel had teamed up to build it. That same month, Iranian President Mahmoud Ahmadinejad acknowledged that Iranian equipment had been damaged.To some extent, not only was the worm complex, it was also an effective new weapon.

In January 2011 came a more robust linkage to the United States when the New York Times reported that "strong clues" pointed to a virus "designed as an American-Israeli project to sabotage the Iranian program." The article detailed that U.S. government engineers had studied the vulnerabilities of the control units that ran the Iranian centrifuges. It said those were the access points that STUXNET exploited. It described the kind of centrifuge used in Iran, the so-called P-1, and reported that an "American expert in nuclear intelligence, who spoke on the condition of anonymity, said the Israelis used machines of the P-1 style to test the effectiveness of STUXNET."

The article cited "officials familiar with the administration’s Iran strategy" as saying President Barack Obama had ordered researchers to move faster on a Bush administration project to target the electrical and computer systems around Natanz, Iran’s major uranium enrichment facility.

In June 2012, the New York Times reported that Obama personally had endorsed the operation called Olympic Games that produced STUXNET. The article relied on unnamed "members of the president’s national security team who were in the room" when the president and his top advisers discussed using the worm. It repeated many of the details in the earlier article but tied STUXNET into a broader strategy. It conveyed the administration’s reservations of unleashing a new form of warfare. It offered the president’s rationale for moving forward: A cyber attack would be better than a bombing run by Israel.

The attribution makes it clear that the Times reporter got considerable information from top officials in the Obama administration. The article cites "participants in the many Situation Room meetings" and "current and former American, European and Israeli officials involved in the program."

Congress reacts

Democrats and Republicans in Congress voiced alarm. Sen. Diane Feinstein, D-Calif, and Sen. Saxby Chambliss, R-Ga., the chair and vice-chair of the Senate Intelligence Committee, issued a joint press release. They called the accelerating pace of leaks "unacceptable". They warned that "these disclosures have seriously interfered with ongoing intelligence programs and have put at jeopardy our intelligence capability to act in the future."

Sen. John McCain, R-Ariz., criticized the administration. "Our friends and allies," McCain said on the Senate floor, "Especially the Israelis, who have been compromised on the STUXNET operation, the virus in the Iranian nuclear program, of course, feel betrayed.

Obama shot back during a press conference.

"The notion that my White House would purposely release classified national security information is offensive. It's wrong," Obama said.

Obama said there were mechanisms to track down those who leaked and that if they were found, there would be consequences.

Obama also said "as I think has been indicated from these articles, whether or not the information they've received is true, the writers of these articles have all stated unequivocally that they didn't come from this White House. And that's not how we operate."

Actually, the source of the leak remains unclear. The person or persons were pretty clearly part of the administration, which could include the White House staff, the Pentagon or the CIA.

The day of that press conference, U.S. Attorney General Eric Holder named two federal prosecutors to investigate possible leaks of classified information by the Obama administration.

Defining a leak

The New York Times reporter who wrote the June story, David Sanger, was asked many times about White House leaks. On Face the Nation, Sanger diminished the administration’s role in his work.

"I spent a year working the story from the bottom up, and then went to the administration and told them what I had," Sanger said. "Then they had to make some decisions about how much they want to talk about it. All that you read about this being deliberate leaks out of the White House, it wasn't my experience."

Sanger underscored that the start of the story came when the worm spread out of Iran and was detected by computer security companies around the world. The time line of newspaper activity confirms the intense level of interest in STUXNET within the cyber community. The time line also shows that more than a year earlier, in 2011, a team of New York Times reporters had fleshed out and reported many of the details in the 2012 story with no apparent help from the Obama administration.

As for inflaming Iran’s desire to get even, Sanger was skeptical. "I would say that the Iranians had figured out two years ago they were being attacked," he said. And they "strongly suspected the United States and Israel."

But Steve Aftergood with the Federation of American Scientists, is less sanguine about the consequences. While Aftergood agrees that many people knew about STUXNET long before Sanger’s article, the implications of American acknowledgment of its role in unleashing the worm were potentially huge.

"The STUXNET operation was essentially an act of war," Aftergood told us. That’s why the sources in Sanger’s story needed to remain anonymous. To speak openly would open create a legal opening for Iran.

"A confirmed U.S. role in the operation would arguably entitle Iran -- under the laws of war -- to take reciprocal, proportionate offensive measures against the U.S., or to seek legal or financial remedies," Aftergood said.

Our ruling

The Special Operations OPSEC group said the administration "willfully leaked the existence of STUXNET, allowing our enemies to learn more of our secrets and of our operations."

There are big holes in this argument. As the time line shows, public knowledge of STUXNET long preceded any comment from any Obama administration official. There was extensive coverage and speculation about possible U.S. involvement months before June 2012. Our enemies didn't need the Obama administration to tell them this -- there was plenty of coverage before there was any attribution to Obama's team.

Still, it's clear that the Obama administration provided details -- including a quote from Obama himself in a meeting -- to the New York Times. So the administration -- broadly defined -- confirmed its operational role in the creation of the worm.

No comments:

Post a Comment