China Power

Was China Behind Stuxnet?

Recent Features

China Power

Was China Behind Stuxnet?

A leading analyst talks about Stuxnet, cyber warfare and whether the West is prepared for a cyber attack.

Earlier this month, I wrote about the Stuxnet computer worm, which some analysts have dubbed the world’s first cyber super weapon. Back then, with Iran’s nuclear facilities having been one of the places where the malware had reportedly been discovered, suspicion was falling on either the United States or Israel as the likely instigators.

But one leading analyst suggests that the sophisticated worm may actually have originated in a completely different part of the world—China. Writing late last month in Forbes, Jeffrey Carr noted that back in July, a power glitch in an India satellite resulted in ‘an estimated 70 percent of India’s Direct-To-Home companies’ customers (being) without service’.

In response, Carr says DTH service provider SunDirect ‘ordered its servicemen to redirect customer satellite dishes to point to ASIASAT-5, a Chinese satellite owned and operated by Asia Satellite Telecommunications Co.’ Carr notes that one of AsiaSat’s two primary shareholders is a state-owned Chinese investment country.

So where does Stuxnet come into it? Carr says India’s Space Research Organization is a Siemens customer, and Stuxnet appears to have been designed to target Siemens SCADA software. As Carr notes, the two countries are engaged in a space race (both have already declared ambitious dates for sending a man to the moon, for example) and the strategic and economic rivalry between them has been frequently noted in The Diplomat.

Of course, as Carr points out, China is only one of several possibilities. But he also noted when I talked with him about the issue that there’s an extremely limited pool of countries that could pull something like Stuxnet off, if indeed the satellite failure was really the result of a Stuxnet infection.

I asked Carr to tell me a bit more about why he believes China could be behind the worm, and also about the prospects of cyber warfare more generally.

So could you tell me a bit more about why you think China could be behind Stuxnet?

It’s one possible culprit. The reason why is that if you look at the states that have been impacted—it has generally been those in Asia or Eurasia—what they have in common is that they are producers of key resources. It might be oil, iron ore, copper, gold—things that are critical to many states, but which are particularly critical to China right now.

That’s one way of looking at this – what do the victims have in common and to whom does it have the most value? In addition to China, we can also narrow the field to include countries that have been associated with cyber attacks in the past, and there are only a handful that have the capability to produce something this sophisticated. Even though this particular worm was discovered, which means it had a failure occur somewhere in the process that allowed the discovery to be made, it’s still a sophisticated piece of malware. And the thing is, we only see the failures. So I’m not sure that this is unique and I actually think this is what we should expect in the future.

So something like this requires a team with disparate skills, it requires funding, it requires a laboratory and it probably required a minimum of several months, so these individuals would need to be supported during that time. There’s no gain from the criminal side—this isn’t a moneymaking opportunity, so you can most likely rule out the Eastern European hackers who are behind Zeus or other types of banking malware. Considering the target—a sophisticated SCADA system or piece of software that runs in a SCADA system—the most value is going to be to a state. And generally speaking, states don’t get their hands dirty and they’ll generally use non-state actors to initiate attacks.

The states that have done that in the past are Israel—they have the technical experience—China, Russia, Turkey, Pakistan, the United States. So it’s really a small field, and that’s what I’m trying to do, I’m trying to expand this analysis, rather than focusing on Israel and Iran.

Is there any danger of unintended consequences with something like Stuxnet?

Certainly, it can get away from you and it can be used to accomplish multiple things. In fact, no one really knows what the purpose of Stuxnet really is. The Siemens software that it infects can be used in many different types of industry, not just nuclear power plants. Oil drilling platforms use it, for example, mining operations use it, the Indian Space Research Organization uses it—so it’s really pretty common and there’s no way to tell what the target really was.

How accurate are the common Western media portrayals of a China busily building a cyber army?

Every nation is building a cyber warfare division within their armed forces. There’s nothing wrong with that and it’s to be expected—China, Russia, the United States, UK, France, Germany—probably over a 100 countries. But what makes China pop up on everyone’s radar so often is that they’re military thinkers. Military officers have published papers and have over the years stated that from a strategic perspective, if they felt like China was going to be attacked, that they want to have the capability of attacking the networks and stopping an attack before it’s launched. And as our (the US) military in particular is so network centric, that’s an easy vulnerability. Now in order to do that, and if you take them at their word (which I do), they have to be inside the network now so that when the time comes—and if they do feel attacked—they can initiate that strategy. Without this, and assuming that they decided to attack Taiwan tomorrow and the US decided to dispatch its Pacific Fleet in response, it would be too late. That’s why I think it’s easy to assume that they’re engaged in that kind of behavior now.

In addition, China is also engaging in a strategy to increase its technology and improve its own infrastructure. They’ve been very successful at this by encouraging R&D labs to open in China, with the carrot being the amazing potential of the Chinese market, which every company is drooling over. The benefit of having what today I believe is over 1200 R&D labs operating in China is technology transfer—Chinese engineers learning about foreign technologies and cutting edge research. And there’s also the reasonable risk of espionage.

When you put all this together, you can see that there’s a peaceful kind of warfare going on. There are no bullets and no blood, but there’s the movement toward achieving political objectives which favour their national interests, which is ultimately the bottom line in warfare.

Are Western or other countries doing enough to prepare for possible cyber attacks?

No, I don’t think so. And I think China and Russia are actually doing more than the United States is. They’re cracking down on cybercrime within their own borders, they’re shutting down bad ISPs that are engaged in cyber criminal activities. So China is actually leading, followed by Russia.

The US is way behind—we haven’t even attempted to shutdown bad ISPs in this country. But in my opinion, no country is really addressing the sophistication of this threat. Partly it’s because it’s so new and we don’t understand the scope of it. The other reason is that we don’t want to spend the money to harden networks that might have an adverse effect on our economy because it really is an expensive thing to do.