Did the US write Stuxnet? Deputy Defense Secretary won't deny it

Filed Under: Data loss, Malware

Last night, US TV station CNBC broadcast a documentary entitled "CodeWars: America’s Cyber Threat", looking at the threat of cyberwarfare, hacker attacks on critical infrastructure and the risk of technology made in China containing spyware.

Deputy Defense Secretary William Lynn was amongst those interviewed, who confirmed that US government networks receive thousands of attempted hacker attacks every day, and confirms that on occasion weapons systems plans and critical information has been lost in the assaults.

The US government isn't alone in being targeted by attackers of course, we have heard a similar message from British politicians this year, for instance.

But, as Wired magazine points out, Lynn was also asked directly whether the US was involved in the development of the infamous Stuxnet worm.

Avoiding the question, Lynn replies:

"The challenges of Stuxnet, as I said, what it shows you is the difficulty of any, any attribution and it's something that we’re still looking at, it's hard to get into any kind of comment on that until we've finished our examination."

Reporter Melissa Lee is tenacious, however, and tries asking again:

"But sir, I’m not asking you if you think another country was involved. I’m asking you if the US was involved. If the Department of Defense was involved."

Lynn's response?

"And this is not something that we’re going to be able to answer at this point."

Unfortunately I haven't been able to find a video clip online of this exchange.

William LynnOf course, a refusal to confirm or deny the US's involvement in the Stuxnet worm isn't an admission. After all, it's possible that Lynn simply doesn't know if the USA was involved - and doesn't want to be caught on film denying something which later turns out to be true.

Or it's possible that he's not authorised to deny the US's involvement for reasons best known to the higher echelons of US politics.

Or maybe even the USA, were involved in Stuxnet but Lynn realises what a monumental sh*t-storm that would create on the international stage so he thought better than to confirm it on a CNBC documentary.

Whatever the truth, it's always fun to see a politician squirm when put on the spot regarding their own country's murky activities on the internet.

Long term readers of Naked Security will remember that a couple of years ago I reported on how BBC's Eddie Mair mischievously tied the then UK Security Minister into knots over the tricky question of whether UK ever attacks other countries in cyberspace:

(Enjoy this video? You can check out more on the SophosLabs YouTube channel and subscribe if you like)

You'll notice that Lord West makes the same point as the US Deputy Defense Secretary, that a key problem is attribution when it comes to internet attacks - proving that someone (or some nation) is behind a cyber attack is very very difficult.

By the way, if you're wondering why there's a picture of ABBA's Anni-Frid Lyngstad alongside Lord West in that video you'll have to read my original article.

, , , , , , , , , , ,

You might like

7 Responses to Did the US write Stuxnet? Deputy Defense Secretary won't deny it

  1. Blunts · 1595 days ago

    VERY nice article. Still leaves speculation but a raised eyebrow sometimes uncovers the truth.

  2. blinded1 · 1595 days ago

    Should we be surprised that US government is not so clean as it pretend to be? At least, theis guy did not lie on this.

  3. Unc · 1595 days ago

    For this article to have any credence, the author would need some experience dealing with severely classified material. Whether the US was involved or not is irrelevant. What I took from the information presented is that the US knows more than will be told or that is what they want us to think. Successful attacks on government sites have not been from governments. They have been from hackers on their own and then passing the info along to governments. If the Russians can mount a DDoS against Estonia, lets say - where did they get the network to do it? They did not make it. The Russian government could ill afford to be caught with their finger in the pot. The US would be stupid to ever admit committing any sort of international crime. Contrary to what the blind guy said, Lynn lied - I like the alteration.

  4. Jan Tångring · 1594 days ago

    US and Israel ”confessed" Stuxnet through NYT january 18:

    "By the accounts of a number of computer scientists, nuclear enrichment experts and former officials, the covert race to create Stuxnet was a joint project between the Americans and the Israelis, with some help, knowing or unknowing, from the Germans and the British. " -- http://tinyurl.com/3w784bl

    "the American expert in nuclear intelligence, who spoke on the condition of anonymity, said the Israelis used machines of the P-1 style to test the effectiveness of Stuxnet. The expert added that Israel worked in collaboration with the United States in targeting Iran, but that Washington was eager for “plausible deniability.” -- http://tinyurl.com/6hvsxsz

    • Don't get me wrong I have used it for a long time now, I just never compared it to any other AVs. Each full scan reunrts either one or no infection at all, but I'm not sure either if CIS-collectively has worked well or it's just not being detected.

  5. Chih-Cherng Chin · 1588 days ago

    Could the experts from TV drama "Lie to me" tell us the truth by reading Lynn's facial expression? :)

  6. elisandra · 1450 days ago

    Pretty obvious even to a tabloid newspaper editor tha the amopunt of technological insight into the control circuits themselves is not something your average megacorporation on the block could pull off, its government funded.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog at https://grahamcluley.com, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Follow him on Twitter at @gcluley