Cyber-Retaliation a new government threat

For years, the federal government has been telling us it needs broad, new powers in order to protect us from cybersecurity threats.  Recent events, however, including the government’s response to the WikiLeaks challenge, suggest that among the serious cybersecurity threats we face may be retaliatory actions against private industry by the government itself. 

In this new era of cyber warfare, sophisticated tools developed by governments to attack and disable adversaries’ nuclear and other military programs, can just as easily be turned against civilian, non-military business or economic targets within its own borders or elsewhere.  And it is not clear whether the new, GOP-controlled Congress, loath to be blamed for placing limits on the government’s power to thwart what it sees as potential military threats, will step in and investigate this new phenomenon of cyber-retaliation. 

In the national security arena, development of aggressive, cyber-security tools has led to at least one spectacular success – against Iran’s developing nuclear technology. Last summer, computer security analysts uncovered something called “Stuxnet,” a malware (malicious software) program widely believed to have originated in Israel, which targets very specific industrial computer systems. Reports indicate the worm was used successfully to attack computers located in at least two nuclear sites in Iran – a clear attempt to slow down, if not cripple Teheran’s atomic ambitions. 

Despite earlier denials, Iranian President Mahmoud Ahmadinejad subsequently admitted Stuxnet indeed had created some problems for his country’s nuclear program. The United Nations confirmed that Iran temporarily halted enriching uranium. While the extent of the damage wrought by Stuxnet is unknown, Iran clearly appears to have been the first sovereign victim of nation-sanctioned cyber warfare. 

Stuxnet, already recognized as a “game changer” by security officials, can, in the words of one expert,  “automatically enter a system, steal the formula for the product you are manufacturing, alter the ingredients being mixed in your product, and indicate to the operator and your anti-virus software that everything is functioning as expected.” 

Kaspersky Lab, a Russian-based computer security company, told the media that because of the financial resources needed to develop such a sophisticated worm, it could only be carried out “with nation-state support.” The Russians also noted that this new, weaponized software “will lead to the creation of a new arms race in the world.” 

Other national regimes posing real or suspected threats to international security obviously are or could become similar victims of Stuxnet.  North Korea, which already has developed a rudimentary nuclear weapons and delivery system, is a clear target. 

The technology reflected in Stuxnet, however, which should properly send chills down the spines not only of dictators in Pyongyang and national leaders elsewhere on the “outs” with Washington, also should worry lawful business and other internet-based operations such as WikiLeaks.  In fact, WikiLeaks appears already to have been the target of just such action.  As former CIA officer Philip Giradli reported recently in the American Conservative, the Pentagon – aided by Israel – hacked WikiLeaks’ servers to make the organization’s website “inoperable.”  WikiLeaks’ sin?  Not the development of a rogue nuclear weapons system or harboring terrorist cells; but merely the publication over the internet of official, US-government communications that have proved embarrassing to Washington. 

Such actions ought to be the subject of oversight investigations by the Congress which, now under GOP leadership in the House, promises aggressive oversight of abuses of power by the executive branch.  One goal of oversight hearings would be to consider and enact measures to ensure such powerful and easily abused capabilities are kept within legitimate, constitutional boundaries.  Unfortunately, the new, 112th Congress thus far has indicated no interest in actually limiting government power; and may instead succumb to executive branch entreaties to expand its legal authority over the internet, and actually to make it more difficult to limit government-sanctioned cyber-retaliation.

- by Bob Barr, The Barr Code

25 comments Add your comment

VietVet

January 10th, 2011
6:47 am

Barr’s right on this one. The US just created a cyber weapon that can be easily and cheaply deployed against us. And it could cause far more disruption to our economy than it did to North Korea’s or Iran’s. I’m disappointed but not shocked that the new Congress doesn’t seem to care. They aren’t conservatives, they are corporatists, whose loyalty is to the short term profits of their campaign contributors.

David Z

January 10th, 2011
6:55 am

“The technology reflected in Stuxnet” is going to be difficult to deal with within the Constitution because it is (only, virtually, and essentially) ones and zeros. With respect to it being only information that can be exchanged, modified and broadcast, it is like speech. With respect to being potentially intrusive, controling, and surreptious, it is like guns. We citizens should be careful our representatives preserve the citizen’s rights with respect to both aspects of it.

[...] This post was mentioned on Twitter by Bob Barr, Teresa, Roger Lancefield, Staatsfeind, shadowcat and others. shadowcat said: Priv Corp Security: Cyber-Retaliation a new government threat – Atlanta Journal Constitution (blog): http://bit.ly/fhJAdl [...]

5 Easy Pieces

January 10th, 2011
7:49 am

So it’s Stuxnet that has prevented some of my more officious comments from being published here on the Anarchist Blog. I knew that the moniters here couldn’t possibly keep up with my prodigious posts, and that ony the most expansive, expensive, software program written by teams of engineers working around the clock at the Cyber-nuclear level in Tehran, could possibly thwart my attempt to take over all the blogs at the AJC. I would have ruled the AJC on line.

And I would have got away with it too! If it hadn’t been for Stuxnet.

Stuxnet sucks, man.

[...] Cyber-Retaliation a New Government Threat For years, the federal government has been telling us it needs broad, new powers in order to protect us from cybersecurity threats. Recent events, however, including the government’s response to the WikiLeaks challenge, suggest that among the serious cybersecurity threats we face may be retaliatory actions against private industry by the government itself. In this new era of cyber warfare, sophisticated tools developed by governments to attack and disable adversaries’ nuclear and other military programs, can just as easily be turned against civilian, non-military business or economic targets within its own borders or elsewhere. And it is not clear whether the new, GOP-controlled Congress, loath to be blamed for placing limits on the government’s power to thwart what it sees as potential military threats, will step in and investigate this new phenomenon of cyber-retaliation. Read the full Barr Code post here. [...]

q

January 10th, 2011
9:38 am

Stuxnet is a cyberworm created to cross from the digital realm to the physical world to destroy something. That is what I like about this column, I learn something new everyday..

What stuxnet rrepresents is a future in which people with the funds will be able to buy attackware like this on the black market.

This is the first direct example of weaponized software. It is not spyware but attackware. Stuxnet is programmed to to activate a sequence that will cause the end process to self distruct. Stuxnet’s codename is “DEADF007″ it could infiltrate electrical grid systems and upset the whole operation.
Congress should take the authority to limit the exectutive department’s authority like wikileaks which it is assummed to have been invaded by stuxnet.

Old man Robert Cox

January 10th, 2011
10:21 am

who cares……….

David Z

January 10th, 2011
10:37 am

Just to be clear, the fact that ones and zeros can be weaponized means: The citizens (should) have the right to bear ones and zeros IN ALL FORMS. We should be able to video tape the activities of the state, we should have the right to amass as many ones and zeros as we want in any form (say, a wikileaks-sized dossier on Hillary Clinton or Hillary Duff) as long as we don’t steal them from somebody who is trying to protect thier information, say, by owning them inside a closed property, secured say, by a closed car window or a simple password.

David Z

January 10th, 2011
10:42 am

Again, just to be clear: Use of ASSULT ones and zeros (like, Stuxnet) should be limited by law. I’ve got nothing against the assult ones and zeros in themselves, just don’t use them on me. Remember, Ones and Zeros don’t kill people, only people kill people.

[...] Cyber-Retaliation a new government threat | The Barr Code. This entry was posted in Opinion, Politics and tagged anti-virus software, Bob Barr, Central Intelligence Agency, congress, Cyber-Retaliation, Cybersecurity, developing nuclear technology, federal government, industrial computer systems, internet-based operations, Islamic Republic of Iran, Kaspersky Lab, Mahmoud Ahmadinejad, Malicious Software, North Korea, nuclear technology, opinion, Pentagon, Philip Giradli, Pyongyang, Republican Party, Teheran, The Barr Code, United Nations, Washington, Wikileaks. Bookmark the permalink. ← For Law School Graduates, Debts if Not Job Offers – NYTimes.com [...]

carlosgvv

January 10th, 2011
12:47 pm

The Republican congress will react to this challenge only if the money comes their way. If reacting to this would cost corporations any money at all, then forget the Republicans doing anything.

Crypto

January 10th, 2011
1:12 pm

1s and 0s are not always free. Cryptography is treated as a munition under ITAR. Stuxnet contains cryptography to hide portions of its payload, and thus Americans are not free to create such code and release it overseas. There are other laws that come into play, and don’t even try to understand the international aspects.

We deal with attacks from overseas every day, but the sophistication of Stuxnet is unprecedented. The sophisitcation is the concern. If this becomes a malware toolkit component, modern malware techniques will have a new challenge.

bank walker

January 10th, 2011
1:53 pm

It was all a show, put on by big Bro, and so was the whole BP fiasco to promote cap and trade.

Please read….
http://www.economicpolicyjournal.com/2011/01/coming-internet-national-id-card.html

[...] claimed that Iran's nuclear programme is facing difficulties, says BBC stat more… Cyber-Retaliation a new government threat – Atlanta Journal Constitution (blog) – blogs.ajc.com 01/10/2011 Cyber-Retaliation a new government threatAtlanta Journal [...]

Al Gore

January 10th, 2011
2:57 pm

Look outside…Stuxnet is a major factor in global warming.

q

January 10th, 2011
4:38 pm

I just read where the Icelandic Government has summoned the U.S. ambassador to the foreign service office to explain why they[U.S] is interested in an Icelandic elected official. Apparently it has something to do with Wikileaks. Iceland is developing a new open attitude towards free speech.

DeborahinAthens

January 11th, 2011
7:55 am

The government has always controlled what we see on the internet, and if you think otherwise, you’re naive. Right after Dubya started bombing Iraq, the only place that you could get any real news was the BBC and Al-Jazeera. After pictures of widescale massive destruction in Bagdad and thousands of dead civilians, the websites became inaccessible. Bush held a very tight control over the media. One of the other bad things Dubya did was put 30% tariffs on steel and wood (one of the reasons the price of houses escalated??) and the only thing we heard about it was from the British press, the Canadian press, and the Japanese press. After accessing the stories a few times on the internet, they “disappeared”.The thing that I find frightening is that the media knows this and goes along with it. When the government controls the press, the government controls the people–we are no better off in this country than China or Malaysia.

Thought Police

January 11th, 2011
10:23 am

DeborahinAthens…You better keep on your tin foil hat or we are going to find you.

[...] This post was mentioned on Twitter by Kaspersky Lab. Kaspersky Lab said: Cyber-Retaliation a new government threat http://bit.ly/g9cniO (via @ajc & @bobbarr) [...]

MLO

January 11th, 2011
1:25 pm

‘Not the development of a rogue nuclear weapons system or harboring terrorist cells; but merely the publication over the internet of official, US-government communications that have proved embarrassing to Washington.’
Were these ‘mere’ publications for public dissemination or were they obtained illegally?

Patriot

January 11th, 2011
3:20 pm

Being afraid of the government’s actions should be the foremost priority for all americans. Somewhere along the lines we forgot that.

[...] Cyber-Retaliation a new government threat (Atlanta Journal Constitution) [...]

Angelina Doherty

January 13th, 2011
8:04 am

As likely as a visit from E.T.?

Is the idea of an upcoming cyberwar just nonsense? Or does the attention given to the topic only distract us from the ‘bigger issues’?

Instead of gambling on a future of electronic warfare, should we continue to develop conventional defense technologies?

More on this discussion available here also…

http://www.theeuropean-magazine.com/133-cavelty/134-cyberwar-and-cyberfear

EtentSnut

January 15th, 2011
6:25 am

You obviously know what you are talking about when it comes to audio. Can you please help me with my installation? I figured this would be the best place to ask such a tech question. I am having trouble
with my video software, and I am not sure if it is my sound card or my software.
I tried the advice from this thread about pro video editing software
with no success.
Thanks and keep you are doing a very good job.

katie

January 17th, 2011
9:08 am

how do i join