October 7, 2010
Number 10/10 #01
This Update looks at the recently discovered Stuxnet computer worm, designed to infect certain Siemens electronic components and which some experts have speculated may have been developed by parties unknown to slow Iran’s nuclear program.
First up is David Kay, former chief UN weapons inspector in Iraq. He says the idea of a computer worm being able to do what everyone else has been unable to do through numerous means – stop the Iranian nuclear program – has a delicious comic irony. He speculates that while Israel and the US are obvious suspects for having authored the worm, Russia and China are also possible suspects. He also suggests that Stuxnet and similar malicious software have considerable potential to cause Iranian leaders to fear what unexpected asymmetrical warfare can do to them. For his full argument, CLICK HERE. A report says that Stuxnet may already be having some of the effects on the Iranian leadership that Kay speculates about – causing arrests and suspicion of Iranian nuclear scientists.
Next up is a New York Times piece featuring consultations with various experts about the worm, and in particular, speculation it might have an Israeli origin. The principal evidence canvassed for this theory concerns the use of the word “Myrtus” in the code for one component, possibly meaning the plant myrtle, and according to a rather convoluted argument, might refer to the biblical figure Queen Esther. However, the piece points out that this could well be a red herring, while also discussing evidence for and against the speculation that the target of the worm is Iran’s nuclear program. For the complete piece, CLICK HERE. More on Stuxnet and the argument it may be related to the Iranian nuclear program is here. Meanwhile, Israeli intelligence analyst Yossi Melman looks again at arguments Israel may or may not have been involved.
Finally, we include a piece that has touched off major speculation about a new turn in the Israeli-Palestinian standoff over the end of the 10-month moratorium on construction in settlements last week and the continuation of the peace process. Washington Institute scholar David Makovsky reports details of a alleged offer from the US Obama Administration to Israel’s Netanyahu Goverment, offering Israel various guarantees in exchange for a one-off 60-day extension to the construction moratorium. Much press has since been written about this reported offer from Washington, which reports say Netanyahu is now leaning toward accepting, but is having trouble gaining cabinet approval for. For all the details of the reported offer as well as their implications, CLICK HERE. Some confirmation of this story has now come from Israel’s Ambassador to the US Michael Oren. A good piece on Netanyahu’s thinking on the offer and cabinet difficulties come from veteran Israeli journalist Leslie Susser. Meanwhile, veteran Israeli columnist Evelyn Gordon writes about why calls for Netanyahu to find a way to re-align his coalition to exclude right-wing parties and include the opposition Kadima party are ignoring the huge political costs to him if he does.
Readers may also be interested in:
- Lee Smith examines Israeli preparations for cyberwarfare. Meanwhile, Iran reportedly is preparing a “cyber-army.“
- Iran sentences its most famous blogger to 19 years prison. Meanwhile, here is the defence of a young Iranian songwriter, Arya Aramnejad, who is on trial because a song he wrote allegedly “endanger the national security of the country.”
- Israeli proliferation expert Efraim Asculai’s new piece on the state of efforts to stop the Iranian nuclear program. Plus, with colleague Emily Landau, he also authored a paper about the outcome of the latest IAEA General Conference last month, where an Egyptian-led effort to make Israel a central question was not successful.
- Signs that sanctions on Iran are starting to significantly bite the economy and public confidence in the Iranian currency.
- Two reports that Hezbollah is strengthening its role in Lebanon, here and here. Meanwhile, in preparation for the visit of Iranian President Ahmadinejad to Lebanon, they have a built a scale model of Jerusalem’s al-Aqsa mosque surmounted by the Iranian flag.
- Some analysis of the latest terror alerts in Europe, involving planned Mumbai -style attacks perpetrated by European passport holders trained by al-Qaeda – see here, here, here and here.
- Two more Qassam rockets fired at Israel from Gaza.
- Israel convicts two soldiers for using a Palestinian boy to open suspect bags during the Gaza conflict last year.
The National Interest, October 1, 2010
The thought of a nerdy computer worm bringing Iran’s nuclear program to an at-least-temporary standstill, something that repeated “red line” declarations from Washington, four sanction resolutions from the UN Security Council, and IAEA inspections and safeguards have failed to do, adds an element of comic irony to a dangerous challenge to global stability.
The more one digs into what are the likely origins and motivations behind the “Stuxnet” computer worm, the more it comes to resemble a cross between an Agatha Christie mystery and a Frederick Forsyth thriller. First, there are the obvious suspects that clearly have the motivations, expertise and opportunity to have created a stealthy computer termite that might bring the nuke-house of Mahmoud Ahmadinejad tumbling down. At the top of this list would be the United States and Israel. Both say they feel threatened by Iran’s nuclear ambitions. Israel describes Iran as an existential threat. Both have considerable prowess in the computer tools necessary to craft a clandestine computer attack. Israel has even spread the word that its cyberwarriors were able to turn off Syria’s air defenses in 2007 so that the IDF could attack unhindered a secret Syrian nuclear project.
But as in any good Agatha Christie mystery, it turns out that the obvious suspects are not the only suspects, but even may be just thrown up to stop any further investigation. Who are the others? Certainly at the top of the list of less obvious, but highly capable and motivated, are the Russians and the Chinese. The Russians, at least the Medvedev faction, have shown increasing unease at the prospects of an Iran that would really have nuclear weapons. As long as Iran was seen as the only eager buyer of Russian technology—and a thorn in America’s side, leading it deeper into the quagmire of the Middle East and Central Asia—Iran served a useful geopolitical purpose for Moscow. On the other hand, once Moscow became convinced that Tehran not only was driving for nuclear weapons, but would actually have such weapons at some point, the Islamic Republic began to become a danger to a Russian Federation whose borders have a population dangerously vulnerable to Iran’s influence. This is not to say that Russia welcomed military action by the United States or Israel to halt the nuclear program. Far from it—Iran was still an important market for Russian technology that has few other markets with ready cash. Russia, whether it be Putin or Medvedev, does not welcome U.S. military action on its borders. Also, having milked the Iranian cash cow for over a billion dollars to build the Bushehr nuclear power plant, the Russians may well have, and certainly should have, become concerned that Iran’s spotty operational and safety culture, and the temptation that others might have to sabotage this plant as it began operating, could lead to a nuclear accident that would further blacken the reputation of Russian nuclear reactors and close off all hope for further sales of its reactors in the worldwide market.
As regards to opportunity and expertise, the Russians stand at the top of any suspect list. Russian scientists, engineers and technical workers have been all over the Iranian nuclear establishment for years. They well understand the Siemens control systems that seem to have been the target of the Stuxnet worm. These same Siemens systems made their way to the Soviet Union through the NATO technology-control barriers and they have been more legally transferred after the collapse of the Soviets. The Russians at Bushehr had full access to these systems. Russian expertise in cyber attacks is a daily fact of life throughout the world, both in the service of criminal enterprise and espionage.
The Chinese may not seem as reasonable a suspect as the Russians, but they have as strong motivations and expertise. The Chinese are on a global pillage to make up for the decades of neglect toward their own resources. The Chinese well understand that their political control and stability requires continued economic growth at a rate that they cannot sustain without foreign raw materials, the first of which is oil. To this end the Chinese have well north of $100 billion invested in Iranian oil and gas and other enterprises. A devastating attack by the United States and/or Israel on Iran and the chaos likely to ensue could well render these investments worthless. And the cost would not be primarily financial, but still would be a serious brake on the Chinese economy. The Chinese, like the Russians, seem to have finally seen the light and concluded that the Iranians are driving for a nuclear-weapons capability and that the likely outcome will be war. How to stop this? Well, Stuxnet and the children of Stuxnet certainly could slow the Iranian drive to nuclear weapons and therefore the rush to war. As to expertise, the Chinese both have access to Siemens control systems and a cyber-warfare capability that is second to none in numbers of warriors.
While it is interesting to solve the “who done it” mystery, the more interesting issues may be much closer to what a Frederick Forsyth thriller would reveal. The Iranians have held themselves out as the premier practitioners of asymmetrical warfare. Attribution, and defenses, become difficult and expensive for those trying to counter asymmetrical attacks. Iran uses terrorist groups such as Hamas and Hezbollah to advance its policies, and terrorist methods to remove the regime’s opponents. Its naval forces have studied and advanced a doctrine that would allow it to control the Gulf without having to match the U.S. Navy ship-for-ship.
But now for the first time Iran must confront the logic of asymmetrical warfare against itself and from an opponent that it cannot identify with certainty. If the Stuxnet worm can be inserted by stealth into the prized jewels of Iran’s nuclear program, who can assure the Iranian leadership that the son of Stuxnet is not quietly sitting in the guidance- and flight-control systems of Iran’s missile-delivery capability? For after all, a “good” cyber worm does not have to reveal itself except under the conditions that its creator has chosen. Static tests may not show anything. Maybe sudden acceleration and heavy G loading is required. Or some other wickedly difficult conditions to simulate and test. Beyond missiles there are a whole range of systems—the electrical grid, telecommunications, air defense—that the offspring of Stuxnet may already be populating or soon could be.
The good news is that someone has shown a way other than sending in the bombers to give pause and buy time in confronting Iran’s nuclear challenge.
David Kay led the UN inspection after the first Gulf War that uncovered the previously unknown Iraqi nuclear program and, after the most recent Gulf War, led the CIA’s Iraq Survey Group that determined that there had been no Iraqi weapons of mass destruction at the time of the war.
Back to Top
By JOHN MARKOFF and DAVID E. SANGER
New York Times
Published: September 29, 2010
Deep inside the computer worm that some specialists suspect is aimed at slowing Iran’s race for a nuclear weapon lies what could be a fleeting reference to the Book of Esther, the Old Testament tale in which the Jews pre-empt a Persian plot to destroy them.
That use of the word “Myrtus” — which can be read as an allusion to Esther — to name a file inside the code is one of several murky clues that have emerged as computer experts try to trace the origin and purpose of the rogue Stuxnet program, which seeks out a specific kind of command module for industrial equipment.
Not surprisingly, the Israelis are not saying whether Stuxnet has any connection to the secretive cyberwar unit it has built inside Israel’s intelligence service. Nor is the Obama administration, which while talking about cyberdefenses has also rapidly ramped up a broad covert program, inherited from the Bush administration, to undermine Iran’s nuclear program. In interviews in several countries, experts in both cyberwar and nuclear enrichment technology say the Stuxnet mystery may never be solved.
There are many competing explanations for myrtus, which could simply signify myrtle, a plant important to many cultures in the region. But some security experts see the reference as a signature allusion to Esther, a clear warning in a mounting technological and psychological battle as Israel and its allies try to breach Tehran’s most heavily guarded project. Others doubt the Israelis were involved and say the word could have been inserted as deliberate misinformation, to implicate Israel.
“The Iranians are already paranoid about the fact that some of their scientists have defected and several of their secret nuclear sites have been revealed,” one former intelligence official who still works on Iran issues said recently. “Whatever the origin and purpose of Stuxnet, it ramps up the psychological pressure.”
So a calling card in the code could be part of a mind game, or sloppiness or whimsy from the coders.
The malicious code has appeared in many countries, notably China, India, Indonesia and Iran. But there are tantalizing hints that Iran’s nuclear program was the primary target. Officials in both the United States and Israel have made no secret of the fact that undermining the computer systems that control Iran’s huge enrichment plant at Natanz is a high priority. (The Iranians know it, too: They have never let international inspectors into the control room of the plant, the inspectors report, presumably to keep secret what kind of equipment they are using.)
The fact that Stuxnet appears designed to attack a certain type of Siemens industrial control computer, used widely to manage oil pipelines, electrical power grids and many kinds of nuclear plants, may be telling. Just last year officials in Dubai seized a large shipment of those controllers — known as the Simatic S-7 — after Western intelligence agencies warned that the shipment was bound for Iran and would likely be used in its nuclear program.
“What we were told by many sources,” said Olli Heinonen, who retired last month as the head of inspections at the International Atomic Energy Agency in Vienna, “was that the Iranian nuclear program was acquiring this kind of equipment.”
Also, starting in the summer of 2009, the Iranians began having tremendous difficulty running their centrifuges, the tall, silvery machines that spin at supersonic speed to enrich uranium — and which can explode spectacularly if they become unstable. In New York last week, Iran’s president, Mahmoud Ahmadinejad, shrugged off suggestions that the country was having trouble keeping its enrichment plants going.
Yet something — perhaps the worm or some other form of sabotage, bad parts or a dearth of skilled technicians — is indeed slowing Iran’s advance.
The reports on Iran show a fairly steady drop in the number of centrifuges used to enrich uranium at the main Natanz plant. After reaching a peak of 4,920 machines in May 2009, the numbers declined to 3,772 centrifuges this past August, the most recent reporting period. That is a decline of 23 percent. (At the same time, production of low-enriched uranium has remained fairly constant, indicating the Iranians have learned how to make better use of fewer working machines.)
Computer experts say the first versions of the worm appeared as early as 2009 and that the sophisticated version contained an internal time stamp from January of this year.
These events add up to a mass of suspicions, not proof. Moreover, the difficulty experts have had in figuring out the origin of Stuxnet points to both the appeal and the danger of computer attacks in a new age of cyberwar.
For intelligence agencies they are an almost irresistible weapon, free of fingerprints. Israel has poured huge resources into Unit 8200, its secretive cyberwar operation, and the United States has built its capacity inside the National Security Agency and inside the military, which just opened a Cyber Command.
But the near impossibility of figuring out where they came from makes deterrence a huge problem — and explains why many have warned against the use of cyberweapons. No country, President Obama was warned even before he took office, is more vulnerable to cyberattack than the United States.
For now, it is hard to determine if the worm has infected centrifuge controllers at Natanz. While the S-7 industrial controller is used widely in Iran, and many other countries, even Siemens says it does not know where it is being used. Alexander Machowetz, a spokesman in Germany for Siemens, said the company did no business with Iran’s nuclear program. “It could be that there is equipment,” he said in a telephone interview. “But we never delivered it to Natanz.”
But Siemens industrial controllers are unregulated commodities that are sold and resold all over the world — the controllers intercepted in Dubai traveled through China, according to officials familiar with the seizure.
Ralph Langner, a German computer security consultant who was the first independent expert to assert that the malware had been “weaponized” and designed to attack the Iranian centrifuge array, argues that the Stuxnet worm could have been brought into the Iranian nuclear complex by Russian contractors.
“It would be an absolute no-brainer to leave an infected USB stick near one of these guys,” he said, “and there would be more than a 50 percent chance of having him pick it up and infect his computer.”
There are many reasons to suspect Israel’s involvement in Stuxnet. Intelligence is the single largest section of its military and the unit devoted to signal, electronic and computer network intelligence, known as Unit 8200, is the largest group within intelligence.
Yossi Melman, who covers intelligence for the newspaper Haaretz and is at work on a book about Israeli intelligence over the past decade, said in a telephone interview that he suspected that Israel was involved.
He noted that Meir Dagan, head of Mossad, had his term extended last year partly because he was said to be involved in important projects. He added that in the past year Israeli estimates of when Iran will have a nuclear weapon had been extended to 2014.
“They seem to know something, that they have more time than originally thought,” he said.
Then there is the allusion to myrtus — which may be telling, or may be a red herring.
Several of the teams of computer security researchers who have been dissecting the software found a text string that suggests that the attackers named their project Myrtus. The guava fruit is part of the Myrtus family, and one of the code modules is identified as Guava.
It was Mr. Langner who first noted that Myrtus is an allusion to the Hebrew word for Esther. The Book of Esther tells the story of a Persian plot against the Jews, who attacked their enemies pre-emptively.
“If you read the Bible you can make a guess,” said Mr. Langner, in a telephone interview from Germany on Wednesday.
Carol Newsom, an Old Testament scholar at Emory University, confirmed the linguistic connection between the plant family and the Old Testament figure, noting that Queen Esther’s original name in Hebrew was Hadassah, which is similar to the Hebrew word for myrtle. Perhaps, she said, “someone was making a learned cross-linguistic wordplay.”
But other Israeli experts said they doubted Israel’s involvement. Shai Blitzblau, the technical director and head of the computer warfare laboratory at Maglan, an Israeli company specializing in information security, said he was “convinced that Israel had nothing to do with Stuxnet.”
“We did a complete simulation of it and we sliced the code to its deepest level,” he said. “We have studied its protocols and functionality. Our two main suspects for this are high-level industrial espionage against Siemens and a kind of academic experiment.”
Mr. Blitzblau noted that the worm hit India, Indonesia and Russia before it hit Iran, though the worm has been found disproportionately in Iranian computers. He also noted that the Stuxnet worm has no code that reports back the results of the infection it creates. Presumably, a good intelligence agency would like to trace its work.
Ethan Bronner contributed reporting from Israel, and William J. Broad from New York.
Back to Top
By David Makovsky
September 29, 2010
With Israel’s ten-month moratorium on West Bank settlement construction now expired, Arab League foreign ministers are expected to convene on October 4 to discuss whether the Palestinian Authority (PA) should continue the peace talks. These developments have created a flurry of behind-the-scenes activity in a bid to keep the process alive. For the moment, the settlements issue is central, with challenges related to refugees, Jerusalem, and Gaza set aside.
The Obama Draft Letter
At the center of the diplomatic activity has been an intensive effort by the Obama administration to secure Israel’s support for a sixty-day moratorium extension. In anticipation of the potential for impasse on the issue, these efforts began over the summer, continued with Secretary of State Hillary Clinton’s recent visit to the region, and reached top pitch last week when the parties attended the UN General Assembly session in New York. According to senior U.S. officials, the administration’s efforts culminated in a draft letter negotiated with Israeli defense minister Ehud Barak and chief Israeli peace negotiator Yitzhak Molcho, and ultimately sent from President Obama’s desk to Prime Minister Binyamin Netanyahu.
At its core, the draft letter offers a string of assurances to Israel in return for a two-month moratorium extension. More specifically, U.S. officials indicate that the document makes commitments on issues ranging from current peace and security matters to future weapons deliveries in the event that peace-related security arrangements are reached.
Regarding policy issues, the draft letter guarantees that Washington will not ask for a moratorium extension beyond sixty days. Rather, the future of settlements is to be settled at the table as part of territorial negotiations. Second, the draft letter promises that the United States will veto any UN Security Council initiative — Arab or otherwise — relating to Arab-Israeli peace during the agreed one-year negotiating period. Third, Washington pledged to accept the legitimacy of existing Israeli security needs and not seek to redefine them. In this context, the draft letter explicitly mentions the need to ensure a complete ban on the smuggling of rockets, mortars, arms, and related items, as well as the infiltration of terrorists into Israel. This touches on one of the most sensitive aspects of negotiations: averting infiltration into Israel from the eastern border of a Palestinian state. In this context, the draft letter offers to help maintain a transitional period for Jordan Valley security that is longer than any other aspect of a negotiated peace — an apparent allusion to keeping Israeli troops in that region for an extended period of time.
Finally, Washington pledges to engage Israel and Arab states in discussions of a “regional security architecture,” addressing the need for more consultations on Iran. Although such a structure would not be formalized until a peace deal is reached, the United States would begin preparing the groundwork in advance. These efforts would not constitute commitments on the part of the PA or Arab states, but they would be important for Israel as unambiguous articulations of U.S. policy, which could in turn bear heavily on how the peace talks unfold.
Finally, the draft letter explicitly discusses the need to enhance Israel’s defense capabilities in the event that the parties reach security arrangements. Even if a security deal fails to materialize, Washington’s offer creates the baseline for Israel’s defense needs in a post-peace era. These needs reportedly include a range of missile systems and aircraft (e.g., additional F-35s), layered missile defense, and multiplatform early warning means, including satellites. The Obama administration realizes that these needs would mean an unspecified increase in U.S. security assistance to Israel once a peace agreement is concluded.
Early indications reveal that Netanyahu likes the inducements of the U.S. package but is not inclined to accept it. This could be a case of brinkmanship regarding the terms, or Netanyahu might simply prefer to reject the offer outright, since backtracking on his earlier insistence that the moratorium would expire could harm his credibility.
The prime minister has put forward three arguments defending his unwillingness to extend the moratorium, relating to the issues of reciprocity, consistency, and relevance. First, he says the original U.S. idea to halt settlement activity in 2009 required reciprocal actions from Arab states, which were not forthcoming. Second, the Palestinians did not initially deem the moratorium as significant, wasting nine out of the moratorium’s ten months by not opening direct talks. In Netanyahu’s view, why would a matter originally deemed insignificant become suddenly indispensable? Finally, he argues that the focus on settlements is excessive, since the parties will be dealing with the far larger issue of reaching the contours of an overall territorial solution within the next year. Beyond these arguments, it is also clear that Netanyahu fears losing elements of his coalition over the moratorium issue.
If Israel rejects Washington’s offer, the United States may seek other steps — possibly moving in the opposite direction — in order to salvage the peace talks before the October 4 Arab League meeting. Such steps could include asking Israel to take confidence-building measures toward the Palestinians in the absence of a moratorium.
Another approach would be for Washington to explicitly adopt a position favored by Abbas, who argues that the 1967 border should be the baseline for talks, with minor modifications allowing Israel to trade for settlement blocs adjacent to its cities in exchange for land from within the 1967 border. Other Arab states would also like the United States to formally adopt this position. It is unclear whether Washington would articulate such a position as part of a broader package that would be acceptable to Israel as well.
Challenges for All Parties
Netanyahu will undoubtedly be asked why he was willing to forego strategic benefits for Israel for reasons that relate in no small measure to retaining his political base. This could pose a very serious challenge for him. Moreover, the Israeli public will wonder how the two leaders’ personal relationship may be affected beyond the U.S. midterm elections. And Obama may wonder whether Netanyahu’s current reluctance implies an unwillingness to concede on bigger issues in the future.
For his part, Obama will be asked whether his longtime focus on settlements put the United States in a more difficult position than he anticipated. Although much of this focus was vocalized during the first six months of his presidency, it has cast a shadow that, according to Abbas’s public admissions, forced the PA to be more maximalist than it would otherwise be. Abbas believes that he cannot allow himself to be outflanked by Washington. Although Obama remained mute on the issue for a long time, he surprised many by publicly endorsing a moratorium extension in recent weeks instead of saying it was up to the parties to work out their differences.
Obama will also likely be questioned about the wisdom of launching peace talks before sorting out the moratorium issue. In response, he will likely point to the various Arab and European initiatives at the Security Council he would have been faced with had the vacuum in peace talks persisted. Netanyahu urgently called for direct talks, and Obama joined hands with him this summer.
Abbas is sure to face questions about his actions as well. Among them is his strategy of insisting on Arab support before every move, believing that past failures are connected to Arab states standing at arms length and not providing adequate backing for the substance of peace talks. Yet the flip side might prove to be equally problematic — his new approach could be more cumbersome, forcing him to take positions that could collapse the peace talks.
Both Israel and the PA will seek U.S. support in adopting positions that they hope will tip the balance of negotiations in their favor. Meanwhile, the settlements issue continues to overshadow other aspects of the negotiations and could even scuttle the talks entirely. It would be a bitter irony if a final peace resolution and the demarcation of a two-state solution were derailed due to problems with managing the lesser issue of the moment.
David Makovsky is the Ziegler distinguished fellow and director of the Project on the Middle East Peace Process at The Washington Institute.