This WikiLeaks report from the Guardian details that in January 2010 one source recommended that covert sabotage had its place in solving the Iranian nuclear dilemma:
In the interim XXXXXXXXXXXX recommended that a policy of covert sabotage (unexplained explosions, accidents, computer hacking etc) would be more effective than a military strike whose effects in the region could be devastating.
This confirms last week's Cybercrime Corner assessment about Tunisia which is applicable to Iran in that the cultural consequences for the loss of face is ultimately more damaging than iron bombs. Embarrassment is also a lot cleaner on the conscience.
Of course all the New York Times articles and ZDNet articles support the earlier assessments made here at the Cybercrime Corner about one previous cyberattack with a similar MO: The Farewell Dossier.
As reported in The Economist, this 1982 act of sabotage resulted in a Soviet gas pipeline exploding sky high.
The cause was a malfunction in the computer-control system that Soviet spies had stolen from a firm in Canada. [The Soviets] did not know that the CIA had tampered with the software so that it would 'go haywire, after a decent interval, to reset pump speeds and valve settings to produce pressures far beyond those acceptable to pipeline joints and welds,' according to the memoirs of Thomas Reed, a former Air Force secretary.
The relevant back story is simple, and comes from the CIA's online archives:
During the Cold War, and especially in the 1970s, Soviet intelligence carried out a substantial and successful clandestine effort to obtain technical and scientific knowledge from the West. This effort was suspected by a few U.S. government officials.
The [CIA] studied the Farewell material, examined export license applications and other intelligence, and contrived to introduce altered products into KGB collection. American industry helped in the preparation of items to be "marketed" to Line X. Contrived computer chips found their way into Soviet military equipment, flawed turbines were installed on a gas pipeline, and defective plans disrupted the output of chemical plants and a tractor factory.
The program had great success, and it was never detected.
I will quote the same closing as a warning to anyone jumping headlong into the roaring cyberwarfare machine of 2011. As previously stated in "From sci-fi to Stuxnet: Exploding gas pipelines and the Farewell Dossier":
You can bet that the Soviets weren't too happy with their exploded pipeline in 1982, and in a country where 22 million people disappeared during the Stalinist purges, I'm sure heads rolled on that SCADA issue. Not all of them, I suspect, were Soviet – unlike agent Farewell/Vetrov who was executed as a spy in 1983.
Nation states under embargo, such as Iran, often have similar human rights opinions as the Stalin administration did, resulting in heads rolling, literally, for suspected espionage. Whether we believe in cyberwarfare or not, doing the right thing, as I've stated previously, has the effect of reducing sleepless nights. In this case, it could also reduce the risk of potential 'leadership through attrition,' a saying long familiar to wartime veterans, in civilian corporations.
As far as this former aircrewman/intel analyst is concerned, if you sleep with dogs you wake up with fleas, and collateral damage in a cyberwar is not limited to the non-kinetic. Partner carefully, and watch your networks.
Those who work on these projects should be perfectly aware that you are attributable kinetically so take the right precautions – anonymize yourself or others will put the dots together. Otherwise you'll be living in a van down by the river or worse, you'll get caught.
Seriously, there are two alleged Stuxnet authors to date who I have not yet published identifying information on. I do this because as I related in my Tehrangeles piece, I have extensive ties to the Iranian SoCal community and some of those folks are marked for death. So think it through and sanitize your trail.
If Iran still wants their pound of flesh for Salman Rushdie's Satanic Verses, can you imagine what they'll do about their nuclear program?
Maybe th3j35t3r should be teaching a course in 'Escape and Evasion for Stuxnet authors' – #anonops hasn't been able to locate him and after a year or more neither have disgruntled jihadis. Note to Jester fans – tell him to write a book and publish it. He could model it after Hide it all and disappear by Fast Eddie Pankau (RIP).
There is a Stuxnet white paper available right now written by ESET's David Harley and the ESET Russia team which answers several questions about Stuxnet's purpose – whether it was really aimed at Iran – and key indicators of malware authorship.
As for cyberwarfare, there are three questions we answered six months before any of this happened: How it would look, how it would work legally, and how we can defend against it.
Recently declassified in 1996, long after I had left the red-lettered SECRET NOFORN notebooks behind, the CIA's open source article richly details the entire Farewell Dossier operation. You may compare this with Stuxnet or say that it is completely unrelated. I'd love to hear your feedback.