Skullduggery on a massive scale

2007 Israel destroyed a Syrian nuclear reactor days before it was to receive a shipment of fissile material from North Korea. The new aspect of the attack was not the precision of the Israeli bombing of the reactor buildings in the high desert of northeast Syria. Rather, the new chapter in warfare was opened by the Israel was able, digitally, to turn off power in Syria for an hour and half, thus blinding Syria’s air defenses. Israeli commandoes approached the nuclear site, beamed it with IR beams to guide precision bombs being dropped from bombers above, then were picked up be helicopters that took them back to Israel.

The United States, too, shut down Iraqi power stations during the 1991 and 2003 attacks, but in both cases the means were crude in comparison: aluminum foil strips were dropped on the station to short circuit the generators.

Whoever designed Stuxnet and sent it to attack Iran’s nuclear weapons facilities was building on — and extending and improving — Israel’s IW capabilities as demonstrated on 6 September 2007.

Marks is precise in identifying the qualitative differences — unique and frightening differences — which set Stuxnet apart from previous IW efforts, and which give us a taste of things to come:

Where regular worms merely infect computer systems, Stuxnet can reach out into the physical world. It uses vulnerabilities in Microsoft Windows to give an attacker remote control of the specialized factory-floor computers used to control industrial processes. These programmable logic controllers (PLCs) do not run everyday computer languages: each type of machine has its own customized language.

Stuxnet is the first worm designed to attack a PLC in its own language. Its target is one of the most popular models, made by Siemens and used to run oil pipelines, power grids, and nuclear plants. The worm can allow attackers to run motors so fast they burn out, to turn off alarms and safety cut-offs, open effluent valves and activate pumps — in other words, carry out industrial sabotage and skullduggery on a massive scale.

Stuxnet’s origin is unknown. Iran blames the Pentagon or Israel. Regardless of who wrote it, “cyberwar just got real,” Marks concludes.


We do not know for sure, but we may want to speculate about the origins of Stuxnet. We said earlier that Israel, two years ago, already successfully carried out a digital attack which crossed from the digital to the physical realm.

We may have another indication. During the next six months, between September 2010 and February 2011, the Israel Defense Force (IDF) will see a major rotation of generals and major generals in top military positions. Such a rotation always accompanies a changing of the guard at the very top: those who competed for the top job and lost retire, at times accompanied by commanders who were close to them personally and professionally, while those close to commander who won the top position are promoted.

The replacement in February of the current chief of staff, General Gabbi Ashkenazi, with General Yoav Galant (currently commander of Israel’s Southern Command, who was adamantly opposed by Ashkenazi) is no exception.

One of the top officers who is retiring is Maj. Gen. Amos Yadlin, who headed Military Intelligence in the last five years (although, in his case, it has less to do with changes at the top than with sheer length of service). Amir Oren, Haaretz’s military analyst, wrote over the weekend:

The technology unit of Military Intelligence, once dubbed the 432, last week held a change of command ceremony. The unit’s outgoing commander, identified in the media only as Colonel P., is to head up computer warfare in MI’s Unit 8200, which handles electronic intelligence gathering. The appointment is another step in realizing MI director Maj. Gen. Amos Yadlin’s vision of making 8200 responsible for all aspects of electronic and cybernetic warfare: defense, offense and intelligence-gathering.

Yadlin will retire next month after a 40-year military career, from combat pilot to three command terms in his present rank (Amir Oren, “On loyalty and superiors,” Haaretz, 10 October 2010)

The guess here is that Stuxnet was General Yadlin’s — technically, Unit 8200’s — farewell present to his successors. It is as if this indefatigable advocate of heavy investment in IW capabilities was eager to demonstrate to a new generation of military leaders how such capabilities allow a country to fight a war against an enemy thousands of miles away, and do so without firing a shot.


One day we will know for sure.

Ben Frankel is editor of the Homeland Security NewsWire