Halpern: Virtual warfare is real. The first victim? Iran


I'm thinking

by Micah Halpern

Issue of October 8, 2010/ 30 Tishrei 5771

The future is online and it is virtual.

Virtual news, virtual shopping, virtual education — even virtual, online, war.

Want proof?  Look no further than the Spuxnet, the computer virus that is burning through headlines and news stories as fast as it is infecting the computer programs of Iran.

The first real virtual cyberspace battle has been in play since June when the Spuxnet virus was released. The past few weeks have signaled to the world-at-large that this new form of warfare has the potential to be an enormously effective tool, especially against certain types of enemies and certain types of offensive weapons — weapons like nuclear technology.

Make no mistake about it. The Spuxnet and the imitators it will spawn are not mere war-games, the Spuxnet is war-fare. The cyber wars made famous through the Star Wars franchise have come alive. What we once thought farfetched and fantastical has become real. And the truth, even the virtual truth, is much scarier that the celluloid version.

World War I was fought differently than was World War II. Korea was different from Vietnam. As with other, more conventional wars, new rules must be instituted to fight the virtual, cyber war.  Rules already in place in the Geneva Convention, rules that emphasize engaging in war while minimizing civilian casualties are a good and important start.

To the best of our knowledge, right now, Iran is the sole target of the Spuxent virus.

More specifically, the target of this online virus is the SPADA (Supervisory Program and Data Acquisition), the elements of the Iranian nuclear technology infrastructure. The virus is so specific that it only attacks Siemens technology, and technology exclusively connected to nuclear-based equipment.

As of now the West has no way of knowing how badly Iran has been hurt. While they have admitted to the attack, the Iranians are being very coy about releasing further details about the damage that has been caused. The government has claimed to have arrested the spies, the culprits, and is saying that they have already stopped the worm and are now free of any threat. Before this claim the Iranians said that their plants had not been infected and that only several of their employees’ private computers had been infected by the virus. But we have learned that the Iranians were hit much more seriously than they claim. We know that tens of thousands of computers in Iran — if not many more — have been hit by Spuxnet.

The date on the file is January 2010 but the initial launch can be traced to Indonesia in June. Then it hit China and made its way to Iran. The worm was inserted into a computer by way of a memory stick. Once launched it slowly made its way to its target.

At this point the damage could be even far worse than assessed. In November the Iranians were supposed to go online with one of their new nuclear energy plants. That event has officially been postponed until January 2011. There is no doubt that the nuclear postponement is due to the worm invasion.

Iran has reached out to several companies in Europe and to several countries for help. But Iran has even refused to divulge the nature and full extent of their damage even to them. The companies are reluctant to pitch a proposal without knowing how bad the damage is and how extensive the problems may be. They also need to know what computer defense steps Iran has already attempted in order to try to stop the damage to their nuclear program. A proper assessment of the damage is the most essential part of any computer security response.

No matter how badly Iran wants or needs help, the Iranians cannot break out of their mold. Full disclosure is not a part of the government of Iran’s psyche.

Speculation as to the source of the attack is rampant. There are only a few countries that have the wherewithal to do it: the United States, Israel, France, Germany, China and Russia. China and Russia are totally out because they stand to lose too much if Iran collapses. The United States would not officially launch an attack because the ramifications are not clear. Germany, France and Israel are good options. Israel is once again an ideal culprit.

My best guess analysis of ‘who done it’ is a group of college or grad school students. They have the time and the desire. They are the hottest, the fastest, the best hackers around. They are much better than the professionals Iran approached. Today’s students are current, today’s pros are where the students were 5 years ago.

But ‘who done it’ does not really matter. I would let the worm run its course and pick up the pieces after it’s all over. Find your weaknesses and improve your product. My big question right now is whether or not there is a kill-switch which will both shut the worm down before it is out of control and eliminate all traces of its source.

Spuxnet is right out of a science fiction novel.  It is a system that thinks for itself. It is a system that gets stronger and more powerful the more you confront it. That’s the best we know for now.

Micah D. Halpern is a columnist and a social and political commentator. Read his latest book THUGS.