Stuxnet general pardoned by Obama – but deeper questions remain

President Obama has pardoned former US general James E Cartwright, who faced a prison term for lying to investigators about whether he had discussed the Stuxnet cyberweapon with journalists.

The details of what Cartwright did (or did not) say and to whom remains as clear as mud, but he was interviewed in 2012 by the FBI agents investigating leaks of classified information connected to the Stuxnet programme used to target Iran’s nuclear programme from around 2006 onwards.

Although US and Israeli involvement in Stuxnet was hardly a surprise given the target, the wealth of information that turned up in a newspaper article promoting David E Sanger’s book, Confront and Conceal, was still pretty eye-popping.

Barely two years after the discovery in 2010 of probably the most intricate malware platform ever unleashed, Sanger had enough sources familiar with the “Olympic Games” programme that birthed Stuxnet to document it in almost painful, bureaucratic detail.

As Sanger’s key New York Times article of June 1 2012 described the crisis situation inside the White House in the days after Stuxnet’s untimely discovery:

‘Should we shut this thing down?’ Mr Obama asked, according to members of the president’s national security team who were in the room.

The phrase “who were in the room” is the killer. This was either a work of fiction worthy of Hollywood –  or somebody from a very select group had blabbed.

The account also revealed technical errors that led to Stuxnet’s untimely discovery when it apparently “escaped” from the Iranian Natanz facility, hastening its detection by researchers.

There is no suggestion that Cartwright was the most important or sole source for any of this (a charge Cartwright still denies), but as Obama’s vice-chairman of the Joint Chiefs of Staff and Obama’s reported “favourite” general, the fact he had said anything at all was cause for concern.

When quizzed, he reportedly “lied” about the contacts with journalists. According to the New York Times, when confronted with emails that disproved these denials, Cartwright “passed out and was hospitalized”.

Said Cartwright later: “It was wrong for me to mislead the FBI on November 2 2012, and I accept full responsibility for this.”

With Cartwright now pardoned, apparently because President Obama now accepts his involvement as more minor than first thought, we are still no nearer unravelling the anomaly that still lies at the heart of the Stuxnet incident.

This was a cyberweapons system which, along with other malware subsequently linked to it, went to great lengths to hide its origins and erase its tracks, and yet its enigma was undone by a couple of articles in the media, apparently by the very commanders who sent it.

In the months after it was uncovered by researchers, almost everyone concluded that Stuxnet and friends was sent by the US and Israelis but nobody knew that for a fact. In the emerging world of asymmetric cyberwar, uncertainty seemed to confer a new kind of menace that left America’s enemies temporarily unsettled. Those days are long gone.