Stuxnet, Farewell Dossier, Cyberwar and WikiLeaks Wrapup

One thing I like about WikiLeaks is that I get access to pure dotgov intel analysis which hasn't been digested through a journalist. One thing I hate about WikiLeaks is that Assange, presumably under a very juicy exclusive release agreement [read: cash, bucks, finbacks, green, $$$, dead presidents] gives the stories to a few major papers media outlets ahead of publicly releasing them. Fortunately the trend has been to publish the raw data along with something written with a journalistic flair.

WikiLeaks: Stuxnet-like sabotage recommended in January 2010

This WikiLeaks report from the Guardian details that in January 2010 one source recommended that covert sabotage had its place in solving the Iranian nuclear dilemma:

In the interim XXXXXXXXXXXX recommended that a policy of covert sabotage (unexplained explosions, accidents, computer hacking etc) would be more effective than a military strike whose effects in the region could be devastating.

This confirms last week's Cybercrime Corner assessment about Tunisia which is applicable to Iran in that the cultural consequences for the loss of face is ultimately more damaging than iron bombs. Embarrassment is also a lot cleaner on the conscience.

Of course all the New York Times articles and ZDNet articles support the earlier assessments made here at the Cybercrime Corner about one previous cyberattack with a similar MO: The Farewell Dossier.

As reported in The Economist, this 1982 act of sabotage resulted in a Soviet gas pipeline exploding sky high.

The cause was a malfunction in the computer-control system that Soviet spies had stolen from a firm in Canada. [The Soviets] did not know that the CIA had tampered with the software so that it would 'go haywire, after a decent interval, to reset pump speeds and valve settings to produce pressures far beyond those acceptable to pipeline joints and welds,' according to the memoirs of Thomas Reed, a former Air Force secretary.

The relevant back story is simple, and comes from the CIA's online archives:

During the Cold War, and especially in the 1970s, Soviet intelligence carried out a substantial and successful clandestine effort to obtain technical and scientific knowledge from the West. This effort was suspected by a few U.S. government officials.

The [CIA] studied the Farewell material, examined export license applications and other intelligence, and contrived to introduce altered products into KGB collection. American industry helped in the preparation of items to be "marketed" to Line X. Contrived computer chips found their way into Soviet military equipment, flawed turbines were installed on a gas pipeline, and defective plans disrupted the output of chemical plants and a tractor factory.

The program had great success, and it was never detected.

Cyberwarfare cautionary tale

I will quote the same closing as a warning to anyone jumping headlong into the roaring cyberwarfare machine of 2011. As previously stated in "From sci-fi to Stuxnet: Exploding gas pipelines and the Farewell Dossier":

You can bet that the Soviets weren't too happy with their exploded pipeline in 1982, and in a country where 22 million people disappeared during the Stalinist purges, I'm sure heads rolled on that SCADA issue. Not all of them, I suspect, were Soviet – unlike agent Farewell/Vetrov who was executed as a spy in 1983.

Nation states under embargo, such as Iran, often have similar human rights opinions as the Stalin administration did, resulting in heads rolling, literally, for suspected espionage. Whether we believe in cyberwarfare or not, doing the right thing, as I've stated previously, has the effect of reducing sleepless nights. In this case, it could also reduce the risk of potential 'leadership through attrition,' a saying long familiar to wartime veterans, in civilian corporations.

As far as this former aircrewman/intel analyst is concerned, if you sleep with dogs you wake up with fleas, and collateral damage in a cyberwar is not limited to the non-kinetic. Partner carefully, and watch your networks.

Caveat bellator golem: Warning to cyberwarriors

Those who work on these projects should be perfectly aware that you are attributable kinetically so take the right precautions – anonymize yourself or others will put the dots together. Otherwise you'll be living in a van down by the river or worse, you'll get caught.

Seriously, there are two alleged Stuxnet authors to date who I have not yet published identifying information on. I do this because as I related in my Tehrangeles piece, I have extensive ties to the Iranian SoCal community and some of those folks are marked for death. So think it through and sanitize your trail.

If Iran still wants their pound of flesh for Salman Rushdie's Satanic Verses, can you imagine what they'll do about their nuclear program?

Maybe th3j35t3r should be teaching a course in 'Escape and Evasion for Stuxnet authors' – #anonops hasn't been able to locate him and after a year or more neither have disgruntled jihadis. Note to Jester fans – tell him to write a book and publish it. He could model it after Hide it all and disappear by Fast Eddie Pankau (RIP).

More on Cyberwarfare – 2011

There is a Stuxnet white paper available right now written by ESET's David Harley and the ESET Russia team which answers several questions about Stuxnet's purpose – whether it was really aimed at Iran – and key indicators of malware authorship.

As for cyberwarfare, there are three questions we answered six months before any of this happened: How it would look, how it would work legally, and how we can defend against it.

How would cyberwarfare look?

1. Who will be to blame for the loss of a cyberwar?
2. Hired guns: Cyberwar PsyOps, Part 2 (Tunisia)
3. Hired guns: Cyberwar PsyOps, Part 1 (Precursory crackdowns in Arab countries)
4. Cyberwarfare Roshambo: th3j35t3r Profiled
5. From sci-fi to Stuxnet: Exploding gas pipelines and the Farewell Dossier
6. Leading Stuxnet theory points toward sabotage and SCADA inside players
7. Cyberwarfare and Music: It is All Tempo
8. 21st Century Hunter-Killer UAV Enters Restricted DC Airspace – Skynet Alive?
9. Bricking your cell phone: Mayhem on a Massive Scale
10. What HILFs mean to Critical Infrastructure: Stuxnet and Beyond
11. Malware Injection Campaign: A Retaliation?
12. Cybercrime and Cyberwarfare: Warnings Unheeded?
13. Cyberwar Exposed
14. Previously classified: malware's role in Pentagon attack

What would the Rules of Engagement set by the president define?

1. Hired guns: Cyberwarfare and cyber-mercs
2. Hired Guns: What's in the name CyberPMC or CyberPSC?
3. Cyberwarfare and Music: It is All Tempo
4. From Megatons to Megapings: Cyberwarfare
5. Kinetic Warfare vs. Cyberwarfare

How can countries and commercial interests both defend against this threat?

1. From Megatons to Megapings: Cyberwarfare
2. Operation Cyber ShockWave
3. HR 4061: What Three Bucks buys you
4. What you can learn from Stuxnet
5. Learn Seven Ways To Keep HILFS From Crashing Your Party
6. What HILFs mean to Critical Infrastructure: Stuxnet and Beyond
7. Securing our eCity: Grassroots block-by-block cyberthreat awareness

Recently declassified in 1996, long after I had left the red-lettered SECRET NOFORN notebooks behind, the CIA's open source article richly details the entire Farewell Dossier operation. You may compare this with Stuxnet or say that it is completely unrelated. I'd love to hear your feedback.