Stuxnet: A violation of US computer security law
Posted on 22. Jan, 2011 by Wayne Madsen in US
By Wayne Madsen
If a January 15 report in The New York Times, which has a dubious past in reporting on computer security and hacking issues, is 
true — that the United States Department of Homeland Security, Department of Energy — via the Idaho National Laboratory — Siemens (which has a long-standing intelligence relationship with the National Security Agency), the CIA, Britain's intelligence services, Germany, and Israel's Mossad cooperated to develop the Stuxnet computer worm to disable Iranian nuclear program centrifuges, the U.S. government violated a number of federal computer security laws that prohibit the development of malicious computer programs that damage ″federal interest″ computers. The Stuxnet worm, which, according to the Times, was tested at Israel's Dimona nuclear weapons development facility in the Negev, not only infected Iranian nuclear program computers but spread to computers in other countries, including the United States. Stuxnet code was discovered through computer forensics to contain key words from the Jewish Old Testament Book of Esther, further establishing Israeli fingerprints on the malicious code. The malicious code's file name, Myrtus, is the Hebrew word for Esther. According to myth, Esther saved the Jews from a Persian plot to exterminate them.
The New York Times article by William Broad, John Markoff, and David Sanger, three reporters who have their own questionable ties to Israeli interests, states that when Stuxnet first appeared around the world in June last year, it did little harm and did not slow computer networks. However, this is merely an attempt to let the U.S. and Israeli governments off the hook by falsely claiming that the only damage done by Stuxnet was to the centrifuge systems used by Iran to enrich uranium. Although Stuxnet likely did disable Iran's centrifuges, causing a set-back to its nuclear program, the Stuxnet worm, contrary to The New York Times report, resulted in computer down time and disruption far beyond Iran. The disruption by a digital version of a U.S. and Israeli military first strike makes the United States government and Israel civilly liable for the damage and disruption caused by Stuxnet.
The involvement of the Homeland Security Department, which includes the U.S. government's National Cyber Security Division that is tasked to protect U.S. ″federal interest″ computer systems from attack, makes the department and Secretary Janet Napolitano criminally culpable in permitting the Development and launch of malicious software that affected U.S. computer systems. If President Obama authorized the Stuxnet deployment through a classified Presidential Finding, he, too, may have committed a crime, an impeachable offense.
As Stuxnet propagated around the world last year, the Homeland Security Department's Industrial Control System-Cyber Emergency Response Team (ICS-CERT) posted a series of alerts and bulletins about the worm. Either ICS-CERT was unaware of its own department's involvement in creating the worm it was warning people about or it was part of a clever disinformation program is unknown, however, some computer security specialists suspected that ICS-CERT was putting out stale information on Stuxnet. On October 3, 2010, the Christian Science Monitor reported that Dale Peterson, the CEO of Digital Bond, a SCADA control systems security company, stated on his blog on September 20, ″It [ICS-CERT's warning alerts] seems to me to have been a delayed clipping service.″
The possible involvement of computer security officials, like Sean McGurk, the DHS's director of the Control System Security Program, in covering up the true origin of Stuxnet, cannot be overlooked. As a founding board member of the International Information System Security Certification Consortium (ISC2), this editor warned against the infiltration of NSA and other intelligence operatives into the computer security profession. The warnings were backed by colleagues from other nations, including Finland and Australia. Placing intelligence operatives inside computer security management positions can always result in the use of computers for sabotage and intelligence. Stuxnet may be the culmination of such infiltration of the computer security profession. In 2000, this editor resigned from the ISC2 board over the acquiescence of the board and consortium to dictates from NSA and other problematic U.S. government agencies. This editor and a minority of board members also disagreed with offering professional certifications to employees of foreign intelligence agencies in countries with abominable human rights and civil liberties records.
Stuxnet was specifically designed to attack supervisory control and data acquisition (SCADA) computer systems. These systems control everything from electrical power grids and chemical processing plants to the computers that operate traffic light and rail systems. Stuxnet disabled SCADA systems not only in Iran but also in India (where India's satellite program may have been severely impacted), Pakistan, Indonesia, Germany, Canada, China, Malaysia, South Korea, Russia, Kazakhstan, United Kingdom, Finland, Saudi Arabia, United Arab Emirates, Qatar, Brazil, Australia, Brunei, Netherlands, Taiwan, Myanmar, Bangladesh, Thailand, Belarus, Denmark, Bahrain, Oman, Kuwait, and the United States. Stuxnet was found on 63 computers in Japan. New Zealand, Japan, and Hong Kong issued alerts about Stuxnet's impact on their SCADA systems. Britain's integrated national rail transport network was reported to be particularly vulnerable to Stuxnet. Turkey reacted to Stuxnet by mandating a ″National Virtual Environment Security Policy.″
By the end of September of last year, over 100,000 computers worldwide had been infected by Stuxnet. So much for The New York Times' specious report that the worm did little damage. Industrial control system security specialists from the chemical, oil, and gas industries expressed concern that the U.S. government was less-than-forthcoming about the effects of Stuxnet on their industries. The computer security firm Symantec appears to have been laundering information to private industry from the government.
China, which feared Stuxnet could infect its SCADA systems, issued a national security report about the worm, especially its impact on oil drilling systems. WMR has learned from its Beijing sources that China is growing tired of Israelis, in general, and international banks like Goldman Sachs having strong ties to Israel, in particular, over what it sees as an attempt by Israel and certain international banks to undermine China's new strong industrial and financial position in the world. Representatives of the People's Bank of China, China's central bank, are wary of their contacts with Israelis and bankers and WMR has learned that Japanese central bankers shared the concerns of their Chinese counterparts when it comes to Israel and firms like Goldman Sachs. Chinese authorities were particularly incensed over initial disinformation reports, distributed by the Pentagon-linked media, that China created Stuxnet.
U.S. government involvement in the creation and first strike deployment of a destructive cyber-weapon like Stuxnet and its "bounce back" to "protected" U.S. systems and networks, including SCADA systems, is a violation of the Computer Fraud and Abuse Act (CFAA), 18 U.S.C.§ 1030. The CFAA imposes criminal and civil penalties for anyone who disrupts a "protected computer." A protected computer is defines as one:
"exclusively for the use of a financial institution or the United States Government, or, in the case of a computer not exclusively for such use, used by or for a financial institution or the United States Government and the conduct constituting the offense affects that use by or for the financial institution or the Government;" or
"which is used in interstate or foreign commerce or communication."
Criminal activity under the law applies to anyone who ″knowingly transmits a program, code or instruction, and as a result, intentionally causes damage, without authorization, to a protected computer.″ Thus, anyone in the U.S. government or acting as a government contractor, or a foreign national acting on behalf of a foreign government like Israel, who participated in the creation and deployment of the Stuxnet worm could be fined and sentenced to prison. In 2002, New Jersey programmer David L. Smith, the creator of the Melissa worm in 1999, which brought down computer systems across North America in 1999, was sentenced to 20 months in federal prison and a $5000 fine. The chief federal prosecutor of Smith was Chris Christie, now the governor of New Jersey. Under federal law Smith faced a maximum of five years in prison and a $250,000 fine but Christie argued for a lighter sentence because Smith cooperated with prosecutors.
The National Information Infrastructure Protection Act of 1996 further codified the CFAA to address new technologies and criminal activity.
On February 29, 2000, the Deputy Attorney General testified before the House Judiciary Committee subcommittee on crime about the danger posed by malicious computer programs. He said, ″We are seeing more 'pure' computer crimes, that is, crimes where the computer is used as a weapon to attack other computers, as we saw in the distributed denial of service attacks I just spoke about, and in the spread of malicious code, like viruses. Our vulnerability to this type of crime is astonishingly high – it was only this past December that a defendant admitted, when he plead guilty in federal and state court to creating and releasing the Melissa virus, that he caused over 80 million dollars in damage . . . These crimes not only affect our financial well-being and our privacy; they also threaten our nation's critical infrastructure. Our banking system, the stock market, the electricity and water supply, telecommunications networks, and critical government services, such as emergency and national defense services, all rely on computer networks. For a real-world terrorist to blow up a dam, he would need tons of explosives, a delivery system, and a surreptitious means of evading armed security guards. For a cyber terrorist, the same devastating result could be achieved by hacking into the control network and commanding the computer to open the floodgates.″
That Deputy Attorney General was Eric Holder, now President Obama's Attorney General. Holder has, either through ignorance or involvement, permitted the U.S. and Israeli governments to release a destructive malicious computer program, the very type Holder warned against in 2000.
John P. Wheeler III, the former assistant of the Secretary of the Air Force during the Bush administration, was one of the Pentagon's top experts on cyber-warfare. On December 31, Wheeler's body was found in a Wilmington, Delaware landfill. Wheeler worked for the MITRE Corporation, which has intelligence agency and Pentagon cyber-warfare contracts. Wheeler publicly stated his opposition of locating the new US Cyber Command with NSA at Fort Meade, Maryland. With more information being revealed about the offensive information warfare first strike by the United States and Israel, and the role of NSA in that first strike, the age-old question in Washington, DC still pertains: ″What did Wheeler know and when did he know it?″
loading...
19 Responses to “Stuxnet: A violation of US computer security law”
Leave a Reply
Join Us
| Subscribe to Opinion Maker |
| Email: |
Author Spotlight
Wayne Madsen
World Spinner
22. Jan, 2011
Stuxnet: A violation of US computer security law | Opinion Maker…
Here at World Spinner we are debating the same thing……
Tweets that mention Stuxnet: A violation of US computer security law | Opinion Maker -- Topsy.com
22. Jan, 2011
[...] This post was mentioned on Twitter by Addie Gibson, Eva Miranda. Eva Miranda said: Stuxnet: A violation of US computer security law | Opinion Maker: By Wayne Madsen: By the end of September of la… http://bit.ly/i3Qd7y [...]
mystic
23. Jan, 2011
"Stuxnet: A violation of US computer security law "
Please address the suspicion that if this is indeed a violation of US security law, could it not be considered an act of war by Israel and the US against Iran (and all the other countries Stuxnet affected)? By the same token, didn't Israel commit an act of war against Turkey and the US in the flotilla massacre? And if so, why is this not being addressed in the UN?
irani
23. Jan, 2011
What a load of bs. reminds me of WikiLeaks.
The establishment press is peeing its pants trying to print stories which attribute an act of war to US and Israel through the device of a "compute virus"
Various "experts" are all out assuring us that the (unseen) centrafuge destroying code was "much better" than the (public knowledge) "command control" code which was deemed equivalent to using a "cheap radio control from a toy" to direct the "space shuttle" level attack code.
LOL.
So there was no virus attack. That much has been established (thank you NYTimes!) Which means the West has a fairly important set of moles in IRI security establishment and their destructive track is being covered up.
This is just a bunch of lies to confuse the Iranian intelligence services.
John Loftus
23. Jan, 2011
Nonsense, the act specifically exempts computer intrusions by agencies of the US government. No criminal liability whatsoever under US law. Sorry Wayne.
Sanity and Self-Sufficiency « Do What's Right
24. Jan, 2011
[...] would I expect anyone going to jail for the crime of setting loose the Stuxnet worm on the Net. Not the real crooks, anyway. The government thugs already have laws on the books forbidding them doing such things, but [...]
atomic power, Subcommittee, Environm... | all about nuclear power stations
24. Jan, 2011
[...] Related Atomic Power Station Products Additionally you can check out: https://opinion-maker.org/2011/01/stuxnet-a-violation-of-us-computer-security-law/ [...]
Digital Gravy
24. Jan, 2011
What we have here, is failure to communicate. The failure stems from the fact that almost every world government passes laws "they" expect their citizens to obey. Meanwhile they who wrote those laws, break them with impunity and apparently with immunity. The citizens who are not stupid watch this go down and decide "if they can do it so can I".
Dukukus made a comment once "a fish rots from the head first". Now his comment makes even more sense now.
Fresno family law lawyers
24. Jan, 2011
5. Your information was really helpful to me. You know everyone has to take Fresno family law lawyers counsel once in a while. When we need to make critical life decisions, but the hard thing is to find a trusted advisor who will explain your options and save you from problems and with your best interests in mind. Because In an emotionally charged situation, you will not be able to make the right choices for yourself and your loved ones. Fresno family law lawyers
Type your comment here…
Woman who raised stolen NY baby held on NC charge (AP) | BeyonceSpecial
24. Jan, 2011
[...] Stuxnet: A violation of US computer security law | Opinion Maker [...]
Mr. Joe
26. Jan, 2011
Omfg.. Blah blah blah. wine wine wine…
How about All of north america developes a massive computer virus to ass rape the rest of the world… will the UN bitch then?
Fresno family law lawyers
18. Feb, 2011
Are you having marriage problems? Are you thinking of what to do? I was in the same position a few days ago. Then I took help from this site. And I found that this site not only provided me just Fresno Divorce Lawyers counsel, but also these sites authorities became a friend who is interested and concerned for my future. I am saying this from my experiencehttp://www.centralvalleylaw.com">; Fresno family law lawyers
Stuxnet: A violation of US computer security law | Opinion Maker « Bonehaid's
20. Mar, 2011
[...] Stuxnet: A violation of US computer security law | Opinion Maker. [...]
Howard T Lewis III
20. Mar, 2011
Kudos by the truck load for Mr. Madsen & co. I see a need for one bad-ass zookeeper for these aberrations of humanity. I think waiting for formal authority on this matter, as with the other major breaches in national security, will rival the Chinese immortal's quest to catch a fish from an empty bucket in the Gobi Desert. Except the only sound you will hear is the constant mewling emanating from D.C. which changes to loud self-righteous indignation when diturbed quickly followed by a SWAT.
Howard T. Lewis III
20. Mar, 2011
A truckload of kudos for Mr. Madsen @ Co..
A stuffed shirt holding the door closed is not a good thing with these matters. This is the only thing I can think of to say of corporate network news and false news websites concerning these matters. Everything else comes out as muttered obscenities. Our ship of State has been overun by pirates and our Congress has no class and they have no balls.
The Progressive Mind » Stuxnet: A violation of US computer security law | Opinion Maker
21. Mar, 2011
[...] Stuxnet: A violation of US computer security law | Opinion Maker. March 20th, 2011 | Category: Uncategorized | Leave a comment | [...]
US GIVES JAPANESE GOVERNMENT AN "OMINOUS PRIVATE WARNING" | T-Room
24. Mar, 2011
[...] and a list of countries already affected in a recent article dated January 22, 2011 titled “Stuxnet: A violation of US computer security law“ – Stuxnet was specifically designed to attack supervisory control and data acquisition [...]
Grady Helm
21. Feb, 2012
Hello Webmaster, I noticed that https://opinion-maker.org/2011/01/stuxnet-a-violation-of-us-computer-security-law/ is ranking pretty low on Google and has a low Google PageRank. Now the Google PageRank is how Google is able to see how relevant your webpage is compared to all the other webpages online, if you cannot rank high at the top of Google, then you will NOT get the traffic you need. Now usually trying to get to the top of Google costs hundreds if not thousands of dollars and very highly optimized targeted marketing campaigns that takes a team of experts months to achieve. However, we can show you how to get to the top of Google with no out of pocket expenses (free traffic), no stupid ninja tricks, no silly mind control techniques, and this will be all white hat with no blackhat software or tactics that could possibly land you on bad terms with Google and put you in the dreaded “Google Sandbox”. We’ll show you how to easily capture all the targeted traffic you need, for free, multiple ways to land fast (not months) first-page rankings in Google and other major search engines (Bing, Yahoo, Ask, etc), even show you strategies on how to earn daily commissions just try Ranking Top of Google, please check out our 5 minute video.
Taren Rasley
19. Mar, 2012
Pretty nice post. I just stumbled upon your weblog and wanted to say that I have really enjoyed surfing around your blog posts. In any case I will be subscribing to your feed and I hope you write again very soon!