Threat Management, Threat Management

From sci-fi to Stuxnet: Exploding gas pipelines and the Farewell Dossier

Stuxnet: Another Farewell Dossier?

When I was in the Navy, there were speculations about technology transfer and a gas pipeline incident, recently listed here on the SyFy Network's blog as number six of the top seven cyberwarfare events. Of course, we didn't have a 'need to know'; therefore, the speculations we naval aircrewmen and intelligence specialists shared with each other weren't proven until later. Recently declassified in 1996, long after I had left the red-lettered SECRET NOFORN notebooks behind, the CIA's open source article richly details the entire Farewell Dossier operation. You may compare this with Stuxnet or say that it is completely unrelated. I'd love to hear your feedback.

Interest in Technology Transfer
During the Cold War, and especially in the 1970s, Soviet intelligence carried out a substantial and successful clandestine effort to obtain technical and scientific knowledge from the West. This effort was suspected by a few US Government officials but not documented until 1981, when French intelligence obtained the services of Col. Vladimir I. Vetrov.

A Deception Operation

As was later reported in Aviation Week and Space Technology, the CIA and the Defense Department, in partnership with the FBI, set up a program to do just what [William Casey and Gus Weiss] had discussed: modified products were devised and "made available" to Line X collection channels. The CIA project leader and his associates studied the Farewell material, examined export license applications and other intelligence, and contrived to introduce altered products into KGB collection. American industry helped in the preparation of items to be "marketed" to Line X. Contrived computer chips found their way into Soviet military equipment, flawed turbines were installed on a gas pipeline, and defective plans disrupted the output of chemical plants and a tractor factory. The Pentagon introduced misleading information pertinent to stealth aircraft, space defense, and tactical aircraft.(4) The Soviet Space Shuttle was a rejected NASA design.(5) When Casey told President Reagan of the undertaking, the latter was enthusiastic.

In time, the project proved to be a model of interagency cooperation, with the FBI handling domestic requirements and the CIA responsible for overseas operations. The program had great success, and it was never detected.

This could also be a cautionary tale about risks when a country on the 'do not supply' list obtains software they aren't supposed to have, a very similar tale to what Iran has with the Siemens SCADA system software, which they really shouldn't have (to the best of my immediate knowledge) under the current trade sanctions from the United Nations. 

[SyFy's Sixth Worst Cyberattack] The Original Logic Bomb

Target: Siberian gas pipeline in Soviet Russia

Attacker: U.S. Central Intelligence Agency

[In 1982] the agency caused a Soviet gas pipeline in Siberia to explode in what was described by an air force secretary as "the most monumental non-nuclear explosion and fire ever seen from space," without using a missile or bomb, but a string of computer code.

While SyFy covered this in brief, the ultimate result was the end of the cold war, at least by one insider's perspective:

As for Farewell [Vetrov's] contribution led to the collapse of a crucial collection program at just the time the Soviet military needed it, and it resulted in a forceful and effective NATO effort to protect its technology. Along with the US defense buildup and an already floundering Soviet economy, the USSR could no longer compete, a conclusion reached by the Politburo in 1987.

When historians sort out the reasons for the end of the Cold War, perhaps Farewell will receive a footnote. It would be deserved.

CIO Cautionary Tale: Don't violate sanctions

When I worked at Gateway computers in the late 1990s, they had a top-down, bottom-up approach to deal with technology migration: If any employee, including phone technicians, suspected a customer of being a party to violating international or United States technology sanctions, they were to report it. One theoretical example of what would be done (in the 70s and 80s) when these attempts by a nation state were discovered is detailed here:

A few alert colleagues were dispersed among the executive departments. In one episode, the Department of Commerce discovered a Line X effort to obtain an embargoed computer through a dummy corporation set up for this one transaction; officials intercepted the shipping container and substituted sandbags. (A note was enclosed, but it would not be politically correct to quote it.)

To specifically state the interest of this article to CIOs and IT managers: If your company's leadership knowingly becomes a supply chain to any suspicious organizations which may be middlemen for a sanctioned foreign power, the risks you run are logarithmic. Should an incident involving compromised SCADA control software later become black bag in nature, you run the risk of becoming suspect of complicit actions by the foreign power's counter-intelligence force.

When that happens, all bets are off. You can bet that the Soviets weren't too happy with their exploded pipeline in 1982, and in a country where 22 million people disappeared during the Stalinist purges, I'm sure heads rolled on that SCADA issue. Not all of them, I suspect, were Soviet – unlike agent Farewell/Vetrov who was executed as a spy in 1983.

Nation states under embargo, such as Iran, often have similar human rights opinions as the Stalin administration did, resulting in heads rolling, literally, for suspected espionage. Whether we believe in cyberwarfare or not, doing the right thing, as I've stated previously, has the effect of reducing sleepless nights. In this case, it could also reduce the risk of potential 'leadership through attrition,' a saying long familiar to wartime veterans, in civilian corporations.

As far as this former aircrewman/intel analyst is concerned, if you sleep with dogs you wake up with fleas, and collateral damage in a cyberwar is not limited to the non-kinetic. Partner carefully, and watch your networks.

More on the Farewell Dossier: SCADA as counter-Intelligence

CIA resource: The Farewell Dossier | Duping the Soviets:

Wikipedia Resource: The Farewell Dossier: "Intelligence shortcomings, as we see, have a thousand fathers; secret intelligence triumphs are orphans. Here is the unremarked story of "the Farewell dossier": how a CIA campaign of computer sabotage resulting in a huge explosion in Siberia -- all engineered by a mild-mannered economist named Gus Weiss -- helped us win the Cold War."

More on Cyberwarfare

There is a Stuxnet white paper available right now written by ESET's David Harley and the ESET Russia team which answers several questions about Stuxnet's purpose, whether it was really aimed at Iran, and key indicators of malware authorship.

As for cyberwarfare, there are three questions we answered six months before any of this happened: How it would look, how it would work legally, and how we can defend against it.

How would cyberwarfare look?

  1. Leading Stuxnet theory points toward sabotage and SCADA inside players
  2. Cyberwarfare and Music: It's All Tempo
  3. 21st Century Hunter-Killer UAV Enters Restricted DC Airspace – Skynet Alive?
  4. Bricking your cell phone: Mayhem on a Massive Scale
  5. What HILFs mean to Critical Infrastructure: Stuxnet and Beyond
  6. Malware Injection Campaign: A Retaliation?
  7. Cybercrime and Cyberwarfare: Warnings Unheeded?
  8. Cyberwar Exposed
  9. Previously classified: malware's role in Pentagon attack

What would the Rules of Engagement set by the president define?

  1. Cyberwarfare and Music: It's All Tempo
  2. From Megatons to Megapings: Cyberwarfare
  3. Kinetic Warfare vs. Cyberwarfare

How can countries and commercial interests both defend against this threat?

  1. From Megatons to Megapings: Cyberwarfare
  2. Operation Cyber ShockWave
  3. HR 4061: What Three Bucks buys you
  4. What you can learn from Stuxnet
  5. Learn Seven Ways To Keep HILFS From Crashing Your Party
  6. What HILFs mean to Critical Infrastructure: Stuxnet and Beyond
  7. Securing our eCity: Grassroots block-by-block cyber threat awareness

You may compare this with Stuxnet or say that it is completely unrelated. I'd love to hear your feedback.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.