was created by the United States or Israel to attack Iran’s nuclear program may actually have been created by China to attack systems in India.
That’s what Jeremy Carr, an American cyber warfare specialist suspects. German Ralph Langner started all the talk of an attack on Iran, which has taken such hold that many publications write about that as if it were an established fact. Langner is now busy telling everyone he has no evidence, only a theory that Iran’s nuclear program was the target.
Providing a fresh twist, Carr, who specializes in investigations of cyber attacks against government, told The Times of India that China, more than any other country, was likely to have written the worm.
While Chinese hackers are known to target Indian government websites, the scale and sophistication of Stuxnet suggests that only a government like that of the US, Israel or China could have done it. “I think it’s more likely that China is behind Stuxnet than any other country,” Carr said, adding that he would provide more details at a security conclave to be held in India in December.
Carr cited the partial failure of India’s INSAT 4B satellite a few months ago. The exact reason is not yet known. But Carr said it was China that gained from the satellite failure.
Carr, like Langner, made it clear that he had not arrived at any definite conclusion. He said he was pointing out that there were alternative targets in countries other than Iran that also made sense and served another nation’s interest to attack—namely India’s Space Research Organization which uses the exact Siemens software targeted by Stuxnet.
“Further, the satellite in question (INSAT 4B) suffered the power `glitch’ in an unexplained fashion, and its failure served another state’s advantage—in this case, China,” he said.
Iran was the immediate focus of attention because more computers in Iran are said to be infected than in any other country, 60,000. Indonesia follows with 13,000 infections and India is third with 6,000. However, Stuxnet infects only those computers that use certain Siemens software systems. Siemens software systems are used in many Indian government agencies including its space agency.
Meanwhile, Prescott Winter, the former US National Security Agency (NSA) chief technology officer, said Stuxnet was probably not the first cyber weapon of its kind and what may have been more unusual was that it has been outed.
Winter spent 25 years at the NSA, the US spy agency responsible for surveillance, protecting US communications and “network warfare.” He visited New Zealand last week where he spoke with The Dominion Post of Wellington.
Winter said he had no inside information. “[But] if you look at first principles and say, ‘who would be building tools to do that?’, particularly when they are that tightly-focused, it is a pretty short list.”
The Russian software security firm Kaspersky has forecast Stuxnet will trigger a new cyber arms race, but Winter scoffed, saying a cyber arms race was already under way.
“I would say, quite frankly, the fact it is out in the open is new. I’m speaking hypothetically but with some sense of how this stuff is done. When you think about the skills available to hacker communities and recognize some governments have had operations in this area for years and are very likely to be totally focused on certain kinds of operational outcomes, it is easy enough to imagine this has been going on for a long time,” he said.
“It is an obvious way for nations to deal with hard problems and they are going to do it with varying degrees of skill or boldness. Some of them will do it well and may have being doing it for years and even their adversaries don’t know.”
The fact Stuxnet had infected a large number of organizations around the world was “a curious footnote to the hypothesis that it might be the work of an intelligence agency,” Winter said.
“Maybe that is someone’s idea of ‘cover’ – the best way to hide an elephant is to put it in a herd of elephants – [but] in some ways that still strikes me as a very peculiar aspect of this picture. You can aim something like this fairly precisely, and this one doesn’t seem to have been managed in that way.
“If you think about the level of skill and operational sophistication that you would expect from a serious governmental organization, the fact that this thing seems to have spilled out all over the world makes it odd in some ways.”
A survey of 1,580 utility firms in 15 countries that was published by software firm Symantec last Thursday said just over half believed their networks had experienced what they perceived as politically-motivated cyber attacks.