Feds investigate who leaked classified Stuxnet cyberattack details to NYT

It’s not every day you “officially” learn that America and Israel not only created Stuxnet, but also ordered cyberattacks against Iran, so now it’s being considered a “national security leak.” It moved from conspiracy theory to a cybersecurity bombshell when the New York Times reported that the Bush administration authorized the cyber weapon program codenamed Olympic Games and President Obama continued increased cyberattacks on Iran nuclear facilities. The NSA and CIA also allegedly had a hand in disrupting Iran’s nuclear program. Now the FBI is investigating who leaked the Stuxnet “cyber-sabotage” story to the New York Times. Additionally, Senator Dianne Feinstein, chairwoman of Intelligence Committee, wants Capitol Hill hearings into the leak.

Feinstein released this statement to the press: “I am deeply disturbed by the continuing leaks of classified information to the media, most recently regarding alleged cyber efforts targeting Iran’s nuclear program. Today I sent a classified letter to the president outlining my deep concerns about the release of this information. I made it clear that disclosures of this type endanger American lives and undermine America’s national security.”

The Hill quoted Feinstein as saying “the leak about the attack on Iran’s nuclear program could ‘to some extent’ provide justification for copycat attacks against the United States.” Feinstein stated, “This is like an avalanche. It is very detrimental and, candidly, I found it very concerning. There’s no question that this kind of thing hurts our country.”

That can of covert cyber-worms just keeps spilling trouble. Two people familiar with the probe told the Wall Street Journal that the “FBI has opened an investigation into who disclosed information about a classified U.S. cyberattack program aimed at Iran’s nuclear facilities.”

According to the CBS News’ “Face the Nation” transcript, when David Sanger was asked about the New York Times article, the Confront and Conceal book, and Olympic Games, Sanger said “the four-year-long campaign continues through to this day.” Sanger continued:

You know, in the case of Olympic Games, I spent a year working the story from the bottom up, and then went to the administration and told them what I had. Then they had to make some decisions about how much they wanted to talk about it. All that you read about this being deliberate leaks out of the White House wasn’t my experience. Maybe it is in — in other cases. I’m sure the political side of the White House probably likes reading about the President acting with drones and cyber and so forth. National security side has got very mixed emotions about it because these are classified programs.

“Is President Obama changing the face of foreign policy?” CBS News reported the “drone and cyber wars is a new phase in American foreign policy” to which Sanger said, “The country’s tired of these big wars of occupation, of sending 100,000 troops into a country, staying around for four or five years at a cost of a trillion dollars or more, and yet we still have these threats. So the way he has operated has been to try to choose a high-tech area where the Unites States has advantage.”

Not everyone believes America has the advantage. “The downside for owning up to cyberattacks is that other governments can now feel free to do the same. And the United States has the most to lose from attacks like these,” wrote F-Secure’s Mikko Hypponen. “No other country has so much of its economy linked to the online world.” He added that the “game is on” and “by launching Stuxnet, American officials opened Pandora’s box. They will most likely end up regretting this decision.”

Meanwhile, there’s also continued fallout in regard to Microsoft’s part in the recent cyber espionage Flame malware. With about 900 million Windows computers, it’s a big deal when spoofed Microsoft security certificates helped leverage Flame for cyberwar. Even though the for Flame, some folks said helping Flame spread was a “Huge security FAIL.” F-Secure said “Having a Microsoft code signing certificate is the Holy Grail of malware writers” even if it is also a “nightmare scenario.” Techrights went so far as to suggest “all the latest Stuxnet coverage hardly ever mentions Microsoft or Windows. It’s criminally poor journalism.”