Given the unofficial confirmation Friday that the United States was behind Stuxnet—the malware designed to sabotage the Iranian nuclear program—political and technical experts suggest that this may effectively put the United States in a more dangerous foreign policy position.
“This is the end of plausible deniability on Stuxnet,” said Chris Bronk, a former State Department official, who is now a research fellow at Rice University. “Cyber is a dangerous place to play. This makes me very nervous that we don’t understand the entire set of consequences of releasing malware into the wild.”
In other words, he told Ars, it sets a potentially dangerous precedent for other countries looking to develop or expand their own clandestine operations.
“Countries realize that cyber espionage is a heck of a lot easier than anything else,” he said. “Now the question is: to what degree [will we have] malware that is designed to impact the physical world? When is that going to become a more widely utilized capability?”
Undercutting “Internet Freedom”
Indeed, things could not be more contentious with Iran right now than they already are—both countries, along with other major world powers are set to meet in Moscow later this month for the third round of the “P5+1″ negotiations on Iran’s nuclear program.
“[This revelation won’t] help the atmosphere,” said Nader Entessar, a professor of political science and Iran expert at the University of South Alabama. “These are contentious negotiations to begin with. What is missing in this whole process is confidence-building measures. These things do not add to the positive side of the ledger.”
Another problem with admitting to being behind Stuxnet is that experts say it may damage the oft-touted “21st Century Statecraft” and “Internet Freedom” agenda that the United States Department of State has been promoting in recent years.
“I think this undercuts the Internet Freedom agenda in a big way,” Bronk, the former State Department official, added. “[It shows that the US] is willing to use the digital agora as a weapon whenever we need to. I think that’s playing both sides of the fence.”
Finally, some even wondered if the Stuxnet situation will be used as an excuse to keep a closer eye on Iran’s domestic Internet use.
“[Iran is] going to use this as a justification for further clampdowns, that ‘we’re not trying to deny average citizens access, but all we’re trying to do is [ensure that the] Internet is not used as a means of warfare against Iran,’” Entessar told Ars. “It [becomes] a national security issue, as opposed to freedom of information issue.”
Report: Obama Ordered Stuxnet to Continue After Bug Caused It to Spread Wildly
Despite an error in the Stuxnet worm that attacked Iran’s uranium enrichment program, which caused the malware to spread wildly out of control and infect computers outside of Iran in 2010, President Barack Obama ordered U.S. officials who were behind the attack to continue the operation.
That was despite the fact that Stuxnet was spreading to machines in the United States and elsewhere and could have contained other unknown errors that might affect U.S. machines.
The information comes in a new report from The New York Times, which asserts that an error in the code led it to spread to an engineer’s computer after it was hooked up to systems controlling the centrifuges at Iran’s uranium enrichment plant near Natanz. When the engineer left the Natanz facility, he spread it to other machines, writesTimes reporter David Sanger, based on a book he has written that will be released next week.
Sources told Sanger that they believed the Israelis introduced the error in the code.
“We think there was a modification done by the Israelis,” an unidentified U.S. source reportedly told the president, “and we don’t know if we were part of that activity.”