Was China Behind Stuxnet?


Earlier this month, I wrote about the Stuxnet computer worm, which some analysts have dubbed the world’s first cyber super weapon. Back then, with Iran’s nuclear facilities having been one of the places where the malware had reportedly been discovered, suspicion was falling on either the United States or Israel as the likely instigators.

But one leading analyst suggests that the sophisticated worm may actually have originated in a completely different part of the world—China. Writing late last month in Forbes, Jeffrey Carr noted that back in July, a power glitch in an India satellite resulted in ‘an estimated 70 percent of India’s Direct-To-Home companies’ customers (being) without service’.

In response, Carr says DTH service provider SunDirect ‘ordered its servicemen to redirect customer satellite dishes to point to ASIASAT-5, a Chinese satellite owned and operated by Asia Satellite Telecommunications Co.’ Carr notes that one of AsiaSat’s two primary shareholders is a state-owned Chinese investment country.

So where does Stuxnet come into it? Carr says India’s Space Research Organization is a Siemens customer, and Stuxnet appears to have been designed to target Siemens SCADA software. As Carr notes, the two countries are engaged in a space race (both have already declared ambitious dates for sending a man to the moon, for example) and the strategic and economic rivalry between them has been frequently noted in The Diplomat.

Of course, as Carr points out, China is only one of several possibilities. But he also noted when I talked with him about the issue that there’s an extremely limited pool of countries that could pull something like Stuxnet off, if indeed the satellite failure was really the result of a Stuxnet infection.

I asked Carr to tell me a bit more about why he believes China could be behind the worm, and also about the prospects of cyber warfare more generally.

So could you tell me a bit more about why you think China could be behind Stuxnet?

It’s one possible culprit. The reason why is that if you look at the states that have been impacted—it has generally been those in Asia or Eurasia—what they have in common is that they are producers of key resources. It might be oil, iron ore, copper, gold—things that are critical to many states, but which are particularly critical to China right now.

That’s one way of looking at this – what do the victims have in common and to whom does it have the most value? In addition to China, we can also narrow the field to include countries that have been associated with cyber attacks in the past, and there are only a handful that have the capability to produce something this sophisticated. Even though this particular worm was discovered, which means it had a failure occur somewhere in the process that allowed the discovery to be made, it’s still a sophisticated piece of malware. And the thing is, we only see the failures. So I’m not sure that this is unique and I actually think this is what we should expect in the future.

So something like this requires a team with disparate skills, it requires funding, it requires a laboratory and it probably required a minimum of several months, so these individuals would need to be supported during that time. There’s no gain from the criminal side—this isn’t a moneymaking opportunity, so you can most likely rule out the Eastern European hackers who are behind Zeus or other types of banking malware. Considering the target—a sophisticated SCADA system or piece of software that runs in a SCADA system—the most value is going to be to a state. And generally speaking, states don’t get their hands dirty and they’ll generally use non-state actors to initiate attacks.

The states that have done that in the past are Israel—they have the technical experience—China, Russia, Turkey, Pakistan, the United States. So it’s really a small field, and that’s what I’m trying to do, I’m trying to expand this analysis, rather than focusing on Israel and Iran.

Is there any danger of unintended consequences with something like Stuxnet?

Certainly, it can get away from you and it can be used to accomplish multiple things. In fact, no one really knows what the purpose of Stuxnet really is. The Siemens software that it infects can be used in many different types of industry, not just nuclear power plants. Oil drilling platforms use it, for example, mining operations use it, the Indian Space Research Organization uses it—so it’s really pretty common and there’s no way to tell what the target really was.

How accurate are the common Western media portrayals of a China busily building a cyber army?

Every nation is building a cyber warfare division within their armed forces. There’s nothing wrong with that and it’s to be expected—China, Russia, the United States, UK, France, Germany—probably over a 100 countries. But what makes China pop up on everyone’s radar so often is that they’re military thinkers. Military officers have published papers and have over the years stated that from a strategic perspective, if they felt like China was going to be attacked, that they want to have the capability of attacking the networks and stopping an attack before it’s launched. And as our (the US) military in particular is so network centric, that’s an easy vulnerability. Now in order to do that, and if you take them at their word (which I do), they have to be inside the network now so that when the time comes—and if they do feel attacked—they can initiate that strategy. Without this, and assuming that they decided to attack Taiwan tomorrow and the US decided to dispatch its Pacific Fleet in response, it would be too late. That’s why I think it’s easy to assume that they’re engaged in that kind of behavior now.

In addition, China is also engaging in a strategy to increase its technology and improve its own infrastructure. They’ve been very successful at this by encouraging R&D labs to open in China, with the carrot being the amazing potential of the Chinese market, which every company is drooling over. The benefit of having what today I believe is over 1200 R&D labs operating in China is technology transfer—Chinese engineers learning about foreign technologies and cutting edge research. And there’s also the reasonable risk of espionage.

When you put all this together, you can see that there’s a peaceful kind of warfare going on. There are no bullets and no blood, but there’s the movement toward achieving political objectives which favour their national interests, which is ultimately the bottom line in warfare.

Are Western or other countries doing enough to prepare for possible cyber attacks?

No, I don’t think so. And I think China and Russia are actually doing more than the United States is. They’re cracking down on cybercrime within their own borders, they’re shutting down bad ISPs that are engaged in cyber criminal activities. So China is actually leading, followed by Russia.

The US is way behind—we haven’t even attempted to shutdown bad ISPs in this country. But in my opinion, no country is really addressing the sophistication of this threat. Partly it’s because it’s so new and we don’t understand the scope of it. The other reason is that we don’t want to spend the money to harden networks that might have an adverse effect on our economy because it really is an expensive thing to do.

Scout Truther
March 10, 2012 at 15:27

Has anyone given thought that American businessmen working with foreign countries are training them in the ways of hacking into US corporations’ systems in order to gain edge using their private information? It is being done, has been done, and I believe cyber-security between companies who outsource their employees to land outside the US is non-existent. Take Intel, for example. HP. Koch Brothers, anyone? A few months ago there was a story about foreign hacking, computer screens showing outdated versions of software- XP systems are VERY vulnerable to foreign attacks due to MS updating to versions of Windows that aren’t compatible with the older service packs or system requirements of old computers. They are being taught how to inject SQL attacks into Java, finding the codes for Norton and other programs that have worked hard to “impress & improve” their product’s outer look, yet sloppily disregarded attention to update the code integrated in order to actually do what it claims it will- save your precious computer from viruses and trojans. I cringe each time I need to use Java, and think Adobe is a landmine of atrocity- it is the hacker’s dream and the typical beginner-user’s nightmare. They are tearing old code apart to find new ways of integrating attacks into new systems. And being taught by various traveling businessmen who are being paid like Wall Street brokers for giving them this opportunity, a backdoor yellow-brick road into each of our homes, into our bank accounts, into our lives- no longer private, nothing sacred in this age of tech-hell. Not an exaggeration, this is a reality. And those who travel to teach corporate secrets in order to benefit themselves or whomever else- are the ones who need to be investigated and put to a stop.

February 10, 2011 at 22:24

Nah, seem like Israel and USA are behind Stuxnet. However many algorithms and mutations in Stuxnet are very similar to Conficker, pretty sure from China.

October 25, 2010 at 15:42

i am an Indian…..and very proud to be an Indian but i have to agree that India is doing nothing towards the network security…India have a lot of talents in this field..but most of them working in other countries.. i am an engineering student and want to specialize in information security..but I think currently there is no scope for information security in India…

October 25, 2010 at 02:36

Non-sense! A person of Jason’s vast intelligence obviously knows who’s truly behind it. The expert he quoted agrees.

October 21, 2010 at 18:13

Stuxnet is obviously created by israeli and western military agencies!!! I’m sure it’s pure coincidence that the Stuxnet virus is affecting Iran’s computers at their nuclear facilities!

Share your thoughts

Your Name
Your Email
required, but not published
Your Comment

Sign up for our weekly newsletter
The Diplomat Brief