Why Russia's Stuxnet comments are so comical

Russia says Stuxnet was entirely the work of the US and Israel. But that country played more of a role in the malware's birth than it would have us believe.

My colleague John E Dunn wrote a story about how Russia has for the first time laid the blame for the Stuxnet worm at the door of the US and Israel, describing it as "the only proven case of actual cyber-warfare." From his article:

In translated comments reported by the AFP agency, foreign ministry security department chief Ilya Rogachyov was blunt about the origins of a piece of malware that has mystified experts since first appearing in June 2010.

"Experts believe that traces of this lead back to the actions of Israel and the United States," he said. "We are seeing attempts of cyberspace being used by some states to act against others [and] of it being used for political-military purposes," he added.

After branding Stuxnet as an act of cyberwarfare, Rogachyov continued. "The only case in which experts believe the actions of states have been proven in this area [...] is the Stuxnet system that was launched in 2010 against the centrifuge control system used to enrich uranium in Iran."

The timing of the comments will be seen as significant in a week when Iran said it had asked Russia to help it build a second nuclear facility to complement the Bushehr plant that has caused so much tension with the West. The US suspects Iran of wanting enrichment technology in order to become a nuclear state.

Those are some big accusations. It's also as hypocritical as it gets for a country many believe was responsible for the crippling cyber attacks against Estonia a few years ago.

To be fair, that was a different situation. Some have called those attacks more of a cyber riot than a Russian-sponsored attack against another country. The attacks were sparked by outrage over a Soviet-era memorial statue being moved.

But let's face it: The Russian government has a history of picking the wrong side. Iran is a prime example.

In recent years, Russia has coddled Iran and helped it develop its nuclear program. They'll tell you it's peaceful, that the goal is to make energy. But that's what North Korea claimed back when Russia was sitting back doing nothing to stop it.

Whenever the US and other countries have taken a stand against Iran, Russia has scowled. Now it's nodding disapprovingly over Stuxnet, accusing the US and Israel of cyber warfare.

Let's suppose Stuxnet was a US-Israeli creation designed to sabotage Iran's nuke program. When Iran's president repeatedly says the Holocaust never happened and that Israel needs to be wiped off the map, what do we expect?

In 1981 the Israelis launched Operation Babylon, a surprise attack in which fighter jets destroyed a nuclear reactor under construction in Iraq. In the 21st century, these things can be done with malware. It's hard not to see Stuxnet as an act of self defense.

Not that we should be happy about it. Stuxnet is a nasty, brilliant piece of work that's going to come back to haunt its creators.

On the plus side, it has awakened the world to the fact that industrial control and other infrastructure is ripe for a takedown, and that may be what forces countries like the US to start doing something about it.

On the negative side, the bad guys will quickly learn from Stuxnet and a lot of bad will come of that.

When that happens, Russia will not be in a position to point the finger and blame us for starting it, because their coddling of these regimes has been part of the cause and effect.

--Bill Brenner

one-stop view of latest business threats. We created it for you! Bookmark it! Use it!

CSO's Daily Dashboard gives you a

Sign up today.

Get your morning news fix with the daily Salted Hash e-newsletter!

Copyright © 2011 IDG Communications, Inc.

Subscribe today! Get the best in cybersecurity, delivered to your inbox.