Was Russia Behind Stuxnet?

Recent Features


Was Russia Behind Stuxnet?

The U.S. and Israel are widely assumed to be responsible for the Stuxnet computer worm that hit Iran’s nuclear facilities. But Moscow has just as good a motive.

The Stuxnet computer worm is widely considered to be a U.S.-Israeli cyber weapon crafted to wreak havoc in Iran’s nuclear enrichment plants. But with the identity of the perpetrators still unclear, it might be time to start seeking some alternative explanations. After all, suppose Stuxnet also caught the United States’ defense and intelligence communities with their pants down?  If this is the case, then a very different story could emerge, one involving faceless groups of Russians and their highly sophisticated cyber warriors.

In brief, the case for the United States having designed and developed Stuxnet is as follows: First, neither the United States nor Israel wants Iran to develop nuclear weapons. The worm, then, is seen as likely part of a covert strategy to delay or destroy Iran’s nuclear infrastructure while stopping short of war.

The weapon was designed to target a specific version of the Siemens SCADA programmable logic controls (PLC) operating a specific configuration and number of cascading centrifuges found in Iran. Some analysts point to the fact that there were vulnerability assessments being run at Idaho National Labs on Siemens PLC software. Others note that the design of the cyber weapon closely fit Richard Clark’s description in Cyber War of a well-designed and ethically thought out weapon limiting collateral damage due to a vast army of lawyers scrutinizing the effects. The malware-analyst community, meanwhile, points to digital code strings such as “b:myrtus” taken from biblical events important to Israeli identity. And, as the story goes, after the political decisions, vulnerability assessments, and weapon design took place, either an Iranian agent was found to take the USB memory stick into the nuclear facility, or all the computers around the plants were infected with Stuxnet via the conficker worm.

However, what about the case for Russian development and deployment? The Russians don’t support an Iranian indigenous nuclear capability. Their calculus is that their companies’ profit margins will benefit as long as the Iranians keep Russian scientists and engineers in country, who can oversee Iranian nuclear progress. Using its unique insights, Russia then plays a Byzantine game of delay and diplomacy. Delaying a program on technical grounds can’t go on indefinitely. At the same time, their involvement in the nuclear program is leverage in Russo-American negotiations.

Then there’s so-called nuclear gangsterism that was rampant in Chechnya and other breakaway regions over the past two decades. In 1995, for example, Chechen rebels planted a “dirty bomb” in Moscow’s Izmailovsky Park. Today, nuclear material is much more secure in Russia thanks to Russo-American cooperation. But should Iran develop a full-blown nuclear capability, Russian national security would be put at risk as Chechen or other violent-Islamic extremist and nationalist rebels look to Iran’s version of nuclear entrepreneur AQ Kahn to gain access to nuclear technology. Keeping access to Iran’s nuclear program, while keeping the Iranians far from the capacity to “break out” into full nuclear material production, is the balancing act Russia must play.

So what better way to maintain Russian interests, and innocence, than to plant a worm with digital U.S.-Israeli fingerprints? After all, Russian scientists and engineers are familiar with the cascading centrifuges whose numbers and configuration – and Siemen’s SCADA PLC controller schematics – they have full access to by virtue of designing the plants.

Deception would then play a critical role during the cyber weapon design and deployment phase. In designing the virus, Russian computer programmers may have used signatures (both in the code, and in the conceptualization) that would lead to a U.S.-Israeli mastermind. During deployment of the virus, its designers wouldn’t want it traced back to the Kremlin, and so it would have to appear as if it were a clandestine operation by an adversary that didn’t have access to the gateway entry points.

Finally, the observers of the virus could alert the Iranians before full nuclear catastrophe struck. The Belarusian computer security experts who “discovered” the code seemingly played that role well. They didn’t seem too preoccupied with reverse engineering the malicious code to see what it was designed to do. Symantec researchers took on that task. Finger pointing at the United States and Israel then ensued. In political terms, meanwhile, the United States and Israel have had no particular need to formally deny responsibility.

From the Iranian point of view, the Stuxnet attack, coupled with an assassination campaign targeting Iranian nuclear and computer scientists and various leaks suggesting covert action, all made for a compelling case of U.S. involvement. But whether it was the United States or Russia behind it, it’s clear that in Stuxnet’s aftermath, and with the emergence of other worms within their systems, Iranian nuclear engineers have less confidence in the accuracy of sensor information on digital displays. All this means that there’s now no need for the U.S. or Russia to say anything on the issue – internal conflict in the minds of those responsible for Iran’s nuclear program is doing a perfectly good job of delaying progress.

Dr. Panayotis A. Yannakogeorgos is a cyber defense analyst with the U.S. Air Force Research Institute.