Posts Tagged ‘Iran’


>

Israeli Test on Worm Called Crucial in Iran Nuclear Delay

This article is by William J. Broad, John Markoff and David E. Sanger.
The Dimona complex in the Negev desert is famous as the heavily guarded heart of Israel’s never-acknowledged nuclear arms program, where neat rows of factories make atomic fuel for the arsenal.
Over the past two years, according to intelligence and military experts familiar with its operations, Dimona has taken on a new, equally secret role — as a critical testing ground in a joint American and Israeli effort to undermine Iran’s efforts to make a bomb of its own.
Behind Dimona’s barbed wire, the experts say, Israel has spun nuclear centrifuges virtually identical to Iran’s at Natanz, where Iranian scientists are struggling to enrich uranium. They say Dimona tested the effectiveness of the Stuxnet computer worm, a destructive program that appears to have wiped out roughly a fifth of Iran’s nuclear centrifuges and helped delay, though not destroy, Tehran’s ability to make its first nuclear arms.
“To check out the worm, you have to know the machines,” said an American expert on nuclear intelligence. “The reason the worm has been effective is that the Israelis tried it out.”
Though American and Israeli officials refuse to talk publicly about what goes on at Dimona, the operations there, as well as related efforts in the United States, are among the newest and strongest clues suggesting that the virus was designed as an American-Israeli project to sabotage the Iranian program.

In recent days, the retiring chief of Israel’s Mossad intelligence agency, Meir Dagan, and Secretary of State Hillary Rodham Clinton separately announced that they believed Iran’s efforts had been set back by several years. Mrs. Clinton cited American-led sanctions, which have hurt Iran’s ability to buy components and do business around the world.
The gruff Mr. Dagan, whose organization has been accused by Iran of being behind the deaths of several Iranian scientists, told the Israeli Knesset in recent days that Iran had run into technological difficulties that could delay a bomb until 2015. That represented a sharp reversal from Israel’s long-held argument that Iran was on the cusp of success.
The biggest single factor in putting time on the nuclear clock appears to be Stuxnet, the most sophisticated cyberweapon ever deployed.
In interviews over the past three months in the United States and Europe, experts who have picked apart the computer worm describe it as far more complex — and ingenious — than anything they had imagined when it began circulating around the world, unexplained, in mid-2009.
Many mysteries remain, chief among them, exactly who constructed a computer worm that appears to have several authors on several continents. But the digital trail is littered with intriguing bits of evidence.
In early 2008 the German company Siemens cooperated with one of the United States’ premier national laboratories, in Idaho, to identify the vulnerabilities of computer controllers that the company sells to operate industrial machinery around the world — and that American intelligence agencies have identified as key equipment in Iran’s enrichment facilities.
Siemens says that program was part of routine efforts to secure its products against cyberattacks. Nonetheless, it gave the Idaho National Laboratory — which is part of the Energy Department, responsible for America’s nuclear arms — the chance to identify well-hidden holes in the Siemens systems that were exploited the next year by Stuxnet.
The worm itself now appears to have included two major components. One was designed to send Iran’s nuclear centrifuges spinning wildly out of control. Another seems right out of the movies: The computer program also secretly recorded what normal operations at the nuclear plant looked like, then played those readings back to plant operators, like a pre-recorded security tape in a bank heist, so that it would appear that everything was operating normally while the centrifuges were actually tearing themselves apart.
The attacks were not fully successful: Some parts of Iran’s operations ground to a halt, while others survived, according to the reports of international nuclear inspectors. Nor is it clear the attacks are over: Some experts who have examined the code believe it contains the seeds for yet more versions and assaults.
“It’s like a playbook,” said Ralph Langner, an independent computer security expert in Hamburg, Germany, who was among the first to decode Stuxnet. “Anyone who looks at it carefully can build something like it.” Mr. Langner is among the experts who expressed fear that the attack had legitimized a new form of industrial warfare, one to which the United States is also highly vulnerable.
Officially, neither American nor Israeli officials will even utter the name of the malicious computer program, much less describe any role in designing it.
But Israeli officials grin widely when asked about its effects. Mr. Obama’s chief strategist for combating weapons of mass destruction, Gary Samore, sidestepped a Stuxnet question at a recent conference about Iran, but added with a smile: “I’m glad to hear they are having troubles with their centrifuge machines, and the U.S. and its allies are doing everything we can to make it more complicated.”
In recent days, American officials who spoke on the condition of anonymity have said in interviews that they believe Iran’s setbacks have been underreported. That may explain why Mrs. Clinton provided her public assessment while traveling in the Middle East last week.
By the accounts of a number of computer scientists, nuclear enrichment experts and former officials, the covert race to create Stuxnet was a joint project between the Americans and the Israelis, with some help, knowing or unknowing, from the Germans and the British.
The project’s political origins can be found in the last months of the Bush administration. In January 2009, The New York Times reported that Mr. Bush authorized a covert program to undermine the electrical and computer systems around Natanz, Iran’s major enrichment center. President Obama, first briefed on the program even before taking office, sped it up, according to officials familiar with the administration’s Iran strategy. So did the Israelis, other officials said. Israel has long been seeking a way to cripple Iran’s capability without triggering the opprobrium, or the war, that might follow an overt military strike of the kind they conducted against nuclear facilities in Iraq in 1981 and Syria in 2007.
Two years ago, when Israel still thought its only solution was a military one and approached Mr. Bush for the bunker-busting bombs and other equipment it believed it would need for an air attack, its officials told the White House that such a strike would set back Iran’s programs by roughly three years. Its request was turned down.
Now, Mr. Dagan’s statement suggests that Israel believes it has gained at least that much time, without mounting an attack. So does the Obama administration.
For years, Washington’s approach to Tehran’s program has been one of attempting “to put time on the clock,” a senior administration official said, even while refusing to discuss Stuxnet. “And now, we have a bit more.”
Finding Weaknesses
Paranoia helped, as it turns out.
Years before the worm hit Iran, Washington had become deeply worried about the vulnerability of the millions of computers that run everything in the United States from bank transactions to the power grid.
Computers known as controllers run all kinds of industrial machinery. By early 2008, the Department of Homeland Security had teamed up with the Idaho National Laboratory to study a widely used Siemens controller known as P.C.S.-7, for Process Control System 7. Its complex software, called Step 7, can run whole symphonies of industrial instruments, sensors and machines.
The vulnerability of the controller to cyberattack was an open secret. In July 2008, the Idaho lab and Siemens teamed up on a PowerPoint presentation on the controller’s vulnerabilities that was made to a conference in Chicago at Navy Pier, a top tourist attraction.
“Goal is for attacker to gain control,” the July paper said in describing the many kinds of maneuvers that could exploit system holes. The paper was 62 pages long, including pictures of the controllers as they were examined and tested in Idaho.
In a statement on Friday, the Idaho National Laboratory confirmed that it formed a partnership with Siemens but said it was one of many with manufacturers to identify cybervulnerabilities. It argued that the report did not detail specific flaws that attackers could exploit. But it also said it could not comment on the laboratory’s classified missions, leaving unanswered the question of whether it passed what it learned about the Siemens systems to other parts of the nation’s intelligence apparatus.
The presentation at the Chicago conference, which recently disappeared from a Siemens Web site, never discussed specific places where the machines were used.
But Washington knew. The controllers were critical to operations at Natanz, a sprawling enrichment site in the desert. “If you look for the weak links in the system,” said one former American official, “this one jumps out.”
Controllers, and the electrical regulators they run, became a focus of sanctions efforts. The trove of State Department cables made public by WikiLeaks describes urgent efforts in April 2009 to stop a shipment of Siemens controllers, contained in 111 boxes at the port of Dubai, in the United Arab Emirates. They were headed for Iran, one cable said, and were meant to control “uranium enrichment cascades” — the term for groups of spinning centrifuges.
Subsequent cables showed that the United Arab Emirates blocked the transfer of the Siemens computers across the Strait of Hormuz to Bandar Abbas, a major Iranian port.
Only months later, in June, Stuxnet began to pop up around the globe. The Symantec Corporation, a maker of computer security software and services based in Silicon Valley, snared it in a global malware collection system. The worm hit primarily inside Iran, Symantec reported, but also in time appeared in India, Indonesia and other countries.
But unlike most malware, it seemed to be doing little harm. It did not slow computer networks or wreak general havoc.
That deepened the mystery.
A ‘Dual Warhead’
No one was more intrigued than Mr. Langner, a former psychologist who runs a small computer security company in a suburb of Hamburg. Eager to design protective software for his clients, he had his five employees focus on picking apart the code and running it on the series of Siemens controllers neatly stacked in racks, their lights blinking.
He quickly discovered that the worm only kicked into gear when it detected the presence of a specific configuration of controllers, running a set of processes that appear to exist only in a centrifuge plant. “The attackers took great care to make sure that only their designated targets were hit,” he said. “It was a marksman’s job.”
For example, one small section of the code appears designed to send commands to 984 machines linked together.
Curiously, when international inspectors visited Natanz in late 2009, they found that the Iranians had taken out of service a total of exactly 984 machines that had been running the previous summer.
But as Mr. Langner kept peeling back the layers, he found more — what he calls the “dual warhead.” One part of the program is designed to lie dormant for long periods, then speed up the machines so that the spinning rotors in the centrifuges wobble and then destroy themselves. Another part, called a “man in the middle” in the computer world, sends out those false sensor signals to make the system believe everything is running smoothly. That prevents a safety system from kicking in, which would shut down the plant before it could self-destruct.
“Code analysis makes it clear that Stuxnet is not about sending a message or proving a concept,” Mr. Langner later wrote. “It is about destroying its targets with utmost determination in military style.”
This was not the work of hackers, he quickly concluded. It had to be the work of someone who knew his way around the specific quirks of the Siemens controllers and had an intimate understanding of exactly how the Iranians had designed their enrichment operations.
In fact, the Americans and the Israelis had a pretty good idea.
Testing the Worm
Perhaps the most secretive part of the Stuxnet story centers on how the theory of cyberdestruction was tested on enrichment machines to make sure the malicious software did its intended job.
The account starts in the Netherlands. In the 1970s, the Dutch designed a tall, thin machine for enriching uranium. As is well known, A. Q. Khan, a Pakistani metallurgist working for the Dutch, stole the design and in 1976 fled to Pakistan.
The resulting machine, known as the P-1, for Pakistan’s first-generation centrifuge, helped the country get the bomb. And when Dr. Khan later founded an atomic black market, he illegally sold P-1’s to Iran, Libya, and North Korea.
The P-1 is more than six feet tall. Inside, a rotor of aluminum spins uranium gas to blinding speeds, slowly concentrating the rare part of the uranium that can fuel reactors and bombs.
How and when Israel obtained this kind of first-generation centrifuge remains unclear, whether from Europe, or the Khan network, or by other means. But nuclear experts agree that Dimona came to hold row upon row of spinning centrifuges.
“They’ve long been an important part of the complex,” said Avner Cohen, author of “The Worst-Kept Secret” (2010), a book about the Israeli bomb program, and a senior fellow at the Monterey Institute of International Studies. He added that Israeli intelligence had asked retired senior Dimona personnel to help on the Iranian issue, and that some apparently came from the enrichment program.
“I have no specific knowledge,” Dr. Cohen said of Israel and the Stuxnet worm. “But I see a strong Israeli signature and think that the centrifuge knowledge was critical.”
Another clue involves the United States. It obtained a cache of P-1’s after Libya gave up its nuclear program in late 2003, and the machines were sent to the Oak Ridge National Laboratory in Tennessee, another arm of the Energy Department.
By early 2004, a variety of federal and private nuclear experts assembled by the Central Intelligence Agency were calling for the United States to build a secret plant where scientists could set up the P-1’s and study their vulnerabilities. “The notion of a test bed was really pushed,” a participant at the C.I.A. meeting recalled.
The resulting plant, nuclear experts said last week, may also have played a role in Stuxnet testing.
But the United States and its allies ran into the same problem the Iranians have grappled with: the P-1 is a balky, badly designed machine. When the Tennessee laboratory shipped some of its P-1’s to England, in hopes of working with the British on a program of general P-1 testing, they stumbled, according to nuclear experts.
“They failed hopelessly,” one recalled, saying that the machines proved too crude and temperamental to spin properly.
Dr. Cohen said his sources told him that Israel succeeded — with great difficulty — in mastering the centrifuge technology. And the American expert in nuclear intelligence, who spoke on the condition of anonymity, said the Israelis used machines of the P-1 style to test the effectiveness of Stuxnet.
The expert added that Israel worked in collaboration with the United States in targeting Iran, but that Washington was eager for “plausible deniability.”
In November, the Iranian president, Mahmoud Ahmadinejad, broke the country’s silence about the worm’s impact on its enrichment program, saying a cyberattack had caused “minor problems with some of our centrifuges.” Fortunately, he added, “our experts discovered it.”
The most detailed portrait of the damage comes from the Institute for Science and International Security, a private group in Washington. Last month, it issued a lengthy Stuxnet report that said Iran’s P-1 machines at Natanz suffered a series of failures in mid- to late 2009 that culminated in technicians taking 984 machines out of action.
The report called the failures “a major problem” and identified Stuxnet as the likely culprit.
Stuxnet is not the only blow to Iran. Sanctions have hurt its effort to build more advanced (and less temperamental) centrifuges. And last January, and again in November, two scientists who were believed to be central to the nuclear program were killed in Tehran.
The man widely believed to be responsible for much of Iran’s program, Mohsen Fakrizadeh, a college professor, has been hidden away by the Iranians, who know he is high on the target list.
Publicly, Israeli officials make no explicit ties between Stuxnet and Iran’s problems. But in recent weeks, they have given revised and surprisingly upbeat assessments of Tehran’s nuclear status.
“A number of technological challenges and difficulties” have beset Iran’s program, Moshe Yaalon, Israel’s minister of strategic affairs, told Israeli public radio late last month.
The troubles, he added, “have postponed the timetable.”

This article has been revised to reflect the following correction:
Correction: January 17, 2011
An earlier version of this story misspelled, at one point, the name of the German company whose computer controller systems were exploited by the Stuxnet computer worm. It is Siemens, not Seimens.

Stuxnet Worm Used Against Iran Was Tested in Israel – NYTimes.com

var addthis_config = { ui_cobrand: “The MasterTech Blog”}

_______________________________________

Check it out on The MasterTech Blog

From The New York Times:
Iran Is Said to Give Top Karzai Aide Cash by the Bagful
A secret stream of Iranian cash intended to promote Iran’s interests in the Afghan presidential palace is seen as an effort to divide the U.S. and Afghanistan.
http://nyti.ms/9yGRGy

Sent from my iPad


Pakistan and the U.S. Exit From Afghanistan

By George Friedman

Bob Woodward has released another book, this one on the debate over Afghanistan strategy in the Obama administration. As all his books do, the book has riveted Washington. It reveals that intense debate occurred over what course to take, that the president sought alternative strategies and that compromises were reached. But while knowing the details of these things is interesting, what would have been shocking is if they hadn’t taken place.
It is interesting to reflect on the institutional inevitability of these disagreements. The military is involved in a war. It is institutionally and emotionally committed to victory in the theater of combat. It will demand all available resources for executing the war under way. For a soldier who has bled in that war, questioning the importance of the war is obscene. A war must be fought relentlessly and with all available means.
But while the military’s top generals and senior civilian leadership are responsible for providing the president with sound, clearheaded advice on all military matters including the highest levels of grand strategy, they are ultimately responsible for the pursuit of military objectives to which the commander-in-chief directs them. Generals must think about how to win the war they are fighting. Presidents must think about whether the war is worth fighting. The president is responsible for America’s global posture. He must consider what an unlimited commitment to a particular conflict might mean in other regions of the world where forces would be unavailable.
A president must take a more dispassionate view than his generals. He must calculate not only whether victory is possible but also the value of the victory relative to the cost. Given the nature of the war in Afghanistan, U.S. President Barack Obama and Gen. David Petraeus — first the U.S. Central Command chief and now the top commander in Afghanistan — had to view it differently. This is unavoidable. This is natural. And only one of the two is ultimately in charge.

The Nature of Guerrilla Warfare
In thinking about Afghanistan, it is essential that we begin by thinking about the nature of guerrilla warfare against an occupying force. The guerrilla lives in the country. He isn’t going anywhere else, as he has nowhere to go. By contrast, the foreigner has a place to which he can return. This is the core weakness of the occupier and the strength of the guerrilla. The former can leave and in all likelihood, his nation will survive. The guerrilla can’t. And having alternatives undermines the foreigner’s will to fight regardless of the importance of the war to him.
The strategy of the guerrilla is to make the option to withdraw more attractive. In order to do this, his strategic goal is simply to survive and fight on whatever level he can. His patience is built into who he is and what he is fighting for. The occupier’s patience is calculated against the cost of the occupation and its opportunity costs, thus, while troops are committed in this country, what is happening elsewhere?
Tactically, the guerrilla survives by being elusive. He disperses in small groups. He operates in hostile terrain. He denies the enemy intelligence on his location and capabilities. He forms political alliances with civilians who provide him supplies and intelligence on the occupation forces and misleads the occupiers about his own location. The guerrilla uses this intelligence network to decline combat on the enemy’s terms and to strike the enemy when he is least prepared. The guerrilla’s goal is not to seize and hold ground but to survive, evade and strike, imposing casualties on the occupier. Above all, the guerrilla must never form a center of gravity that, if struck, would lead to his defeat. He thus actively avoids anything that could be construed as a decisive contact.
The occupation force is normally a more conventional army. Its strength is superior firepower, resources and organization. If it knows where the guerrilla is and can strike before the guerrilla can disperse, the occupying force will defeat the guerrilla. The occupier’s problems are that his intelligence is normally inferior to that of the guerrillas; the guerrillas rarely mass in ways that permit decisive combat and normally can disperse faster than the occupier can pinpoint and deploy forces against them; and the guerrillas’ superior tactical capabilities allow them to impose a constant low rate of casualties on the occupier. Indeed, the massive amount of resources the occupier requires and the inflexibility of a military institution not solely committed to the particular theater of operations can actually work against the occupier by creating logistical vulnerabilities susceptible to guerrilla attacks and difficulty adapting at a rate sufficient to keep pace with the guerrilla. The occupation force will always win engagements, but that is never the measure of victory. If the guerrillas operate by doctrine, defeats in unplanned engagements will not undermine their basic goal of survival. While the occupier is not winning decisively, even while suffering only some casualties, he is losing. While the guerrilla is not losing decisively, even if suffering significant casualties, he is winning. Since the guerrilla is not going anywhere, he can afford far higher casualties than the occupier, who ultimately has the alternative of withdrawal.
The asymmetry of this warfare favors the guerrilla. This is particularly true when the strategic value of the war to the occupier is ambiguous, where the occupier does not possess sufficient force and patience to systematically overwhelm the guerrillas, and where either political or military constraints prevent operations against sanctuaries. This is a truth as relevant to David’s insurgency against the Philistines as it is to the U.S. experience in Vietnam or the Russian occupation of Afghanistan.
There has long been a myth about the unwillingness of Americans to absorb casualties for very long in guerrilla wars. In reality, the United States fought in Vietnam for at least seven years (depending on when you count the start and stop) and has now fought in Afghanistan for nine years. The idea that Americans can’t endure the long war has no empirical basis. What the United States has difficulty with — along with imperial and colonial powers before it — is a war in which the ability to impose one’s will on the enemy through force of arms is lacking and when it is not clear that the failure of previous years to win the war will be solved in the years ahead.
Far more relevant than casualties to whether Americans continue a war is the question of the conflict’s strategic importance, for which the president is ultimately responsible. This divides into several parts. This first is whether the United States has the ability with available force to achieve its political goals through prosecuting the war (since all war is fought for some political goal, from regime change to policy shift) and whether the force the United States is willing to dedicate suffices to achieve these goals. To address this question in Afghanistan, we have to focus on the political goal.
The Evolution of the U.S. Political Goal in Afghanistan
Washington’s primary goal at the initiation of the conflict was to destroy or disrupt al Qaeda in Afghanistan to protect the U.S. homeland from follow-on attacks to 9/11. But if Afghanistan were completely pacified, the threat of Islamist-fueled transnational terrorism would remain at issue because it is no longer just an issue of a single organization — al Qaeda — but a series of fragmented groups conducting operations in Pakistan, IraqYemenNorth AfricaSomalia and elsewhere.
Today, al Qaeda is simply one manifestation of the threat of this transnational jihadist phenomenon. It is important to stop and consider al Qaeda — and the transnational jihadist phenomenon in general — in terms of guerrillas, and to think of the phenomenon as a guerrilla force in its own right operating by the very same rules on a global basis. Thus, where the Taliban apply guerrilla principles to Afghanistan, today’s transnational jihadist applies them to the Islamic world and beyond. The transnational jihadists are not leaving and are not giving up. Like the Taliban in Afghanistan, they will decline combat against larger American forces and strike vulnerable targets when they can.
There are certainly more players and more complexity to the global phenomenon than in a localized insurgency. Many governments across North Africa, the Middle East and South Asia have no interest in seeing these movements set up shop and stir up unrest in their territory. And al Qaeda’s devolution has seen frustrations as well as successes as it spreads. But the underlying principles of guerrilla warfare remain at issue. Whenever the Americans concentrate force in one area, al Qaeda disengages, disperses and regroups elsewhere and, perhaps more important, the ideology that underpins the phenomenon continues to exist. The threat will undoubtedly continue to evolve and face challenges, but in the end, it will continue to exist along the lines of the guerrilla acting against the United States.
There is another important way in which the global guerrilla analogy is apt. STRATFOR has long held that Islamist-fueled transnational terrorism does not represent a strategic, existential threat to the United States. While acts of transnational terrorism target civilians, they are not attacks — have not been and are not evolving into attacks — that endanger the territorial integrity of the United States or the way of life of the American people. They are dangerous and must be defended against, but transnational terrorism is and remains a tactical problem that for nearly a decade has been treated as if it were the pre-eminent strategic threat to the United States.
Nietzsche wrote that, “The most fundamental form of human stupidity is forgetting what we were trying to do in the first place.” The stated U.S. goal in Afghanistan was the destruction of al Qaeda. While al Qaeda as it existed in 2001 has certainly been disrupted and degraded, al Qaeda’s evolution and migration means that disrupting and degrading it — to say nothing of destroying it — can no longer be achieved by waging a war in Afghanistan. The guerrilla does not rely on a single piece of real estate (in this case Afghanistan) but rather on his ability to move seamlessly across terrain to evade decisive combat in any specific location. Islamist-fueled transnational terrorism is not centered on Afghanistan and does not need Afghanistan, so no matter how successful that war might be, it would make little difference in the larger fight against transnational jihadism.
Thus far, the United States has chosen to carry on fighting the war in Afghanistan. As al Qaeda has fled Afghanistan, the overall political goal for the United States in the country has evolved to include the creation of a democratic and uncorrupt Afghanistan. It is not clear that anyone knows how to do this, particularly given that most Afghans consider the ruling government of President Hamid Karzai — with which the United States is allied — as the heart of the corruption problem, and beyond Kabul most Afghans do not regard their way of making political and social arrangements to be corrupt.
Simply withdrawing from Afghanistan carries its own strategic and political costs, however. The strategic problem is that simply terminating the war after nine years would destabilize the Islamic world. The United States has managed to block al Qaeda’s goal of triggering a series of uprisings against existing regimes and replacing them with jihadist regimes. It did this by displaying a willingness to intervene where necessary. Of course, the idea that U.S. intervention destabilized the region raises the question of what regional stability would look like had it not intervened. The danger of withdrawal is that the network of relationships the United States created and imposed at the regime level could unravel if it withdrew. America would be seen as having lost the war, the prestige of radical Islamists and thereby the foundation of the ideology that underpins their movement would surge, and this could destabilize regimes and undermine American interests.
The political problem is domestic. Obama’s approval rating now stands at 42 percent. This is not unprecedented, but it means he is politically weak. One of the charges against him, fair or not, is that he is inherently anti-war by background and so not fully committed to the war effort. Where a Republican would face charges of being a warmonger, which would make withdrawal easier, Obama faces charges of being too soft. Since a president must maintain political support to be effective, withdrawal becomes even harder. Therefore, strategic analysis aside, the president is not going to order a complete withdrawal of all combat forces any time soon — the national (and international) political alignment won’t support such a step. At the same time, remaining in Afghanistan is unlikely to achieve any goal and leaves potential rivals like China andRussia freer rein.
The American Solution
The American solution, one that we suspect is already under way, is the Pakistanization of the war. By this, we do not mean extending the war into Pakistan but rather extending Pakistan into Afghanistan. The Taliban phenomenon has extended into Pakistan in ways that seriously complicate Pakistani efforts to regain their bearing in Afghanistan. It has created a major security problem for Islamabad, which, coupled with the severe deterioration of the country’s economy and now the floods, has weakened the Pakistanis’ ability to manage Afghanistan. In other words, the moment that the Pakistanis have been waiting for — American agreement and support for the Pakistanization of the war — has come at a time when the Pakistanis are not in an ideal position to capitalize on it.
In the past, the United States has endeavored to keep the Taliban in Afghanistan and the regime in Pakistan separate. (The Taliban movements in Afghanistan and Pakistan are not one and the same.) Washington has not succeeded in this regard, with the Pakistanis continuing to hedge their bets and maintain a relationship across the border. Still, U.S. opposition has been the single greatest impediment to Pakistan’s consolidation of the Taliban in Afghanistan, and abandoning this opposition leaves important avenues open for Islamabad.
The Pakistani relationship to the Taliban, which was a liability for the United States in the past, now becomes an advantage for Washington because it creates a trusted channel for meaningful communication with the Taliban. Logic suggests this channel is quite active now.
The Vietnam War ended with the Paris peace talks. Those formal talks were not where the real bargaining took place but rather where the results were ultimately confirmed. If talks are under way, a similar venue for the formal manifestation of the talks is needed — and Islamabad is as good a place as any.
Pakistan is an American ally which the United States needs, both to balance growing Chinese influence in and partnership with Pakistan, and to contain India. Pakistan needs the United States for the same reason. Meanwhile, the Taliban want to run Afghanistan. The United States has no strong national interest in how Afghanistan is run so long as it does not support and espouse transnational jihadism. But it needs its withdrawal to take place in a manner that strengthens its influence rather than weakens it, and Pakistan can provide the cover for turning a retreat into a negotiated settlement.
Pakistan has every reason to play this role. It needs the United States over the long term to balance against India. It must have a stable or relatively stable Afghanistan to secure its western frontier. It needs an end to U.S. forays into Pakistan that are destabilizing the regime. And playing this role would enhance Pakistan’s status in the Islamic world, something the United States could benefit from, too. We suspect that all sides are moving toward this end.
The United States isn’t going to defeat the Taliban. The original goal of the war is irrelevant, and the current goal is rather difficult to take seriously. Even a victory, whatever that would look like, would make little difference in the fight against transnational jihad, but a defeat could harm U.S. interests. Therefore, the United States needs a withdrawal that is not a defeat. Such a strategic shift is not without profound political complexity and difficulties. But the disparity between — and increasingly, the incompatibility of — the struggle with transnational terrorism and the war effort geographically rooted in Afghanistan is only becoming more apparent — even to the American public.


In a Computer Worm, a Possible Biblical Clue

September 29, 2010
Deep inside the computer worm that some specialists suspect is aimed at slowing Iran’s race for a nuclear weapon lies what could be a fleeting reference to the Book of Esther, the Old Testament tale in which the Jews pre-empt a Persian plot to destroy them.
That use of the word “Myrtus” — which can be read as an allusion to Esther — to name a file inside the code is one of several murky clues that have emerged as computer experts try to trace the origin and purpose of the rogue Stuxnet program, which seeks out a specific kind of command module for industrial equipment.
Not surprisingly, the Israelis are not saying whether Stuxnet has any connection to the secretive cyberwar unit it has built inside Israel’s intelligence service. Nor is the Obama administration, which while talking about cyberdefenses has also rapidly ramped up a broad covert program, inherited from the Bush administration, to undermine Iran’s nuclear program. In interviews in several countries, experts in both cyberwar and nuclear enrichment technology say the Stuxnet mystery may never be solved.
There are many competing explanations for myrtus, which could simply signify myrtle, a plant important to many cultures in the region. But some security experts see the reference as a signature allusion to Esther, a clear warning in a mounting technological and psychological battle as Israel and its allies try to breach Tehran’s most heavily guarded project. Others doubt the Israelis were involved and say the word could have been inserted as deliberate misinformation, to implicate Israel.
“The Iranians are already paranoid about the fact that some of their scientists have defected and several of their secret nuclear sites have been revealed,” one former intelligence official who still works on Iran issues said recently. “Whatever the origin and purpose of Stuxnet, it ramps up the psychological pressure.”
So a calling card in the code could be part of a mind game, or sloppiness or whimsy from the coders.
The malicious code has appeared in many countries, notably China, India, Indonesia and Iran. But there are tantalizing hints that Iran’s nuclear program was the primary target. Officials in both the United States and Israel have made no secret of the fact that undermining the computer systems that control Iran’s huge enrichment plant at Natanz is a high priority. (The Iranians know it, too: They have never let international inspectors into the control room of the plant, the inspectors report, presumably to keep secret what kind of equipment they are using.)
The fact that Stuxnet appears designed to attack a certain type of Siemens industrial control computer, used widely to manage oil pipelines, electrical power grids and many kinds of nuclear plants, may be telling. Just last year officials in Dubai seized a large shipment of those controllers — known as the Simatic S-7 — after Western intelligence agencies warned that the shipment was bound for Iran and would likely be used in its nuclear program.
“What we were told by many sources,” said Olli Heinonen, who retired last month as the head of inspections at the International Atomic Energy Agency in Vienna, “was that the Iranian nuclear program was acquiring this kind of equipment.”
Also, starting in the summer of 2009, the Iranians began having tremendous difficulty running their centrifuges, the tall, silvery machines that spin at supersonic speed to enrich uranium — and which can explode spectacularly if they become unstable. In New York last week, Iran’s president, Mahmoud Ahmadinejad, shrugged off suggestions that the country was having trouble keeping its enrichment plants going.
Yet something — perhaps the worm or some other form of sabotage, bad parts or a dearth of skilled technicians — is indeed slowing Iran’s advance.
The reports on Iran show a fairly steady drop in the number of centrifuges used to enrich uranium at the main Natanz plant. After reaching a peak of 4,920 machines in May 2009, the numbers declined to 3,772 centrifuges this past August, the most recent reporting period. That is a decline of 23 percent. (At the same time, production of low-enriched uranium has remained fairly constant, indicating the Iranians have learned how to make better use of fewer working machines.)
Computer experts say the first versions of the worm appeared as early as 2009 and that the sophisticated version contained an internal time stamp from January of this year.
These events add up to a mass of suspicions, not proof. Moreover, the difficulty experts have had in figuring out the origin of Stuxnet points to both the appeal and the danger of computer attacks in a new age of cyberwar.
For intelligence agencies they are an almost irresistible weapon, free of fingerprints. Israel has poured huge resources into Unit 8200, its secretive cyberwar operation, and the United States has built its capacity inside the National Security Agency and inside the military, which just opened a Cyber Command.
But the near impossibility of figuring out where they came from makes deterrence a huge problem — and explains why many have warned against the use of cyberweapons. No country, President Obama was warned even before he took office, is more vulnerable to cyberattack than the United States.
For now, it is hard to determine if the worm has infected centrifuge controllers at Natanz. While the S-7 industrial controller is used widely in Iran, and many other countries, even Siemens says it does not know where it is being used. Alexander Machowetz, a spokesman in Germany for Siemens, said the company did no business with Iran’s nuclear program. “It could be that there is equipment,” he said in a telephone interview. “But we never delivered it to Natanz.”
But Siemens industrial controllers are unregulated commodities that are sold and resold all over the world — the controllers intercepted in Dubai traveled through China, according to officials familiar with the seizure.
Ralph Langner, a German computer security consultant who was the first independent expert to assert that the malware had been “weaponized” and designed to attack the Iranian centrifuge array, argues that the Stuxnet worm could have been brought into the Iranian nuclear complex by Russian contractors.
“It would be an absolute no-brainer to leave an infected USB stick near one of these guys,” he said, “and there would be more than a 50 percent chance of having him pick it up and infect his computer.”
There are many reasons to suspect Israel’s involvement in Stuxnet. Intelligence is the single largest section of its military and the unit devoted to signal, electronic and computer network intelligence, known as Unit 8200, is the largest group within intelligence.
Yossi Melman, who covers intelligence for the newspaper Haaretz and is at work on a book about Israeli intelligence over the past decade, said in a telephone interview that he suspected that Israel was involved.
He noted that Meir Dagan, head of Mossad, had his term extended last year partly because he was said to be involved in important projects. He added that in the past year Israeli estimates of when Iran will have a nuclear weapon had been extended to 2014.
“They seem to know something, that they have more time than originally thought,” he said.
Then there is the allusion to myrtus — which may be telling, or may be a red herring.
Several of the teams of computer security researchers who have been dissecting the software found a text string that suggests that the attackers named their project Myrtus. The guava fruit is part of the Myrtus family, and one of the code modules is identified as Guava.
It was Mr. Langner who first noted that Myrtus is an allusion to the Hebrew word for Esther. The Book of Esther tells the story of a Persian plot against the Jews, who attacked their enemies pre-emptively.
“If you read the Bible you can make a guess,” said Mr. Langner, in a telephone interview from Germany on Wednesday.
Carol Newsom, an Old Testament scholar at Emory University, confirmed the linguistic connection between the plant family and the Old Testament figure, noting that Queen Esther’s original name in Hebrew was Hadassah, which is similar to the Hebrew word for myrtle. Perhaps, she said, “someone was making a learned cross-linguistic wordplay.”
But other Israeli experts said they doubted Israel’s involvement. Shai Blitzblau, the technical director and head of the computer warfare laboratory at Maglan, an Israeli company specializing in information security, said he was “convinced that Israel had nothing to do with Stuxnet.”
“We did a complete simulation of it and we sliced the code to its deepest level,” he said. “We have studied its protocols and functionality. Our two main suspects for this are high-level industrial espionage against Siemens and a kind of academic experiment.”
Mr. Blitzblau noted that the worm hit India, Indonesia and Russia before it hit Iran, though the worm has been found disproportionately in Iranian computers. He also noted that the Stuxnet worm has no code that reports back the results of the infection it creates. Presumably, a good intelligence agency would like to trace its work.

Ethan Bronner contributed reporting from Israel, and William J. Broad from New York.

 In a Computer Worm, a Possible Biblical Clue – NYTimes.com

Share this | var addthis_config = { ui_cobrand: “The MasterBlog”}

________________________
The MasterBlog


Tehran confirms its industrial computers under Stuxnet virus attack
DEBKAfile Exclusive Report September 25, 2010, 6:07 PM (GMT+02:00)

Iran is first nation to admit to being victim of cyber-terror


Mahmoud Alyaee, secretary-general of Iran’s industrial computer servers, including its nuclear facilities control systems, confirmed Saturday, Sept. 25, that30,000 computers belonging to classified industrial units had been infected and disabled bythemalicious Stuxnet virus.
This followed debkafile‘s exclusive report Thursday, Sept. 23, from its Washington and defense sources that a clandestine cyber war is being fought against Iran by the United States with elite cyber war units established by Israel. Stuxnet is believed to be the most destructive virus ever devised for attacking major industrial complexes, reactors and infrastructure. The experts say it is beyond the capabilities of private or individual hackers and could have been produced by a high-tech state like America or Israel, or its military cyber specialists.
The Iranian official said Stuxnet had been designed to strike the industrial control systems in Iran manufactured by the German Siemens and transfer classified data abroad.

The head of the Pentagon’s cyber war department, Vice Adm. Bernard McCullough said Thursday, Sept. 22, that Stuxnet had capabilities never seen before. In a briefing to the Armed Forces Committee of US Congress, he testified that it was regarded as the most advanced and sophisticated piece of Malware to date.
According to Alyaee, the virus began attacking Iranian industrial systems two months ago. He had no doubt that Iran was the victim of a cyber attack which its anti-terror computer experts had so far failed to fight. Stuxnet is powerful enough to change an entire environment, he said without elaborating. Not only has it taken control of automatic industrial systems, but has raided them for classified information and transferred the date abroad.

This was the first time an Iranian official has explained how the United States and Israel intelligence agencies have been able to keep pace step by step of progress made in Iran’s nuclear program. Until now, Tehran attributed the leaks to Western spies using Iranian double agents.
Last Thursday, debkafile first reported from its Washington sources that US president Barack Obama had resolved to deal with the nuclear impasse with Iran by going after the Islamic republic on two tracks: UN and unilateral sanctions for biting deep into the financial resources Iran has earmarked for its nuclear program, and a secret cyber war with Israel to cripple its nuclear facilities.
In New York, the US offer to go back to the negotiating table was made against this background.
Leaks by American security sources to US media referred to the recruitment by Israel military and security agencies of cyber raiders with the technical knowhow and mental toughness for operating in difficult and hazardous circumstances, such as assignments for stealing or destroying enemy technology, according to one report.
debkafile‘s sources disclose that Israel has had special elite units carrying out such assignments for some time. Three years ago, for instance, cyber raiders played a role in the destruction of the plutonium reactor North Korea was building at A-Zur in northern Syria.
Some computer security specialists reported speculated that the virus was devised specifically to target part of the Iranian nuclear infrastructure, either the Bushehr nuclear plant activated last month – which has not been confirmed – or the centrifuge facility in Natanz.
debkafile‘s sources add: Since August, American and UN nuclear watchdog sources have been reporting a slowdown in Iran’s enrichment processing due to technical problems which have knocked out a large number of centrifuges and which its nuclear technicians have been unable to repair. It is estimated that at Natanz alone, 3,000 centrifuges have been idled.

DEBKAfile, Political Analysis, Espionage, Terrorism, Security
Also see Stratfor’s analysis here

Share this|var addthis_config = { ui_cobrand: “The MasterBlog”}

________________________
The MasterBlog


>A computer worm proliferating in Iran targets automated activity in large industrial facilities. Speculation that the worm represents an effort by a national intelligence agency to attack Iranian nuclear facilities is widespread in the media. The characteristics of the complex worm do in fact suggest a national intelligence agency was involved. If so, the full story is likely to remain shrouded in mystery.

Analysis

A computer virus known as a worm that has been spreading on computers primarily in Iran, India and Indonesia could be a cyberattack on Iranian nuclear facilities, according to widespread media speculation.

_______________________________________


The Stuxnet Computer Worm and the Iranian Nuclear Program

Summary

A computer worm proliferating in Iran targets automated activity in large industrial facilities. Speculation that the worm represents an effort by a national intelligence agency to attack Iranian nuclear facilities is widespread in the media. The characteristics of the complex worm do in fact suggest a national intelligence agency was involved. If so, the full story is likely to remain shrouded in mystery.

Analysis

A computer virus known as a worm that has been spreading on computers primarily in Iran, India and Indonesia could be a cyberattack on Iranian nuclear facilities, according to widespread media speculation.
Creating such a program, which targets a specific Siemens software system controlling automated activity in large industrial facilities, would have required a large team with experience and actionable intelligence. If a national intelligence agency in fact targeted Iranian nuclear facilities, this would be the first deployment of a cyberweapon reported on in the media. It would also mean that the full details of the operation are not likely ever to be known.
The so-called Stuxnet worm first attracted significant attention when Microsoft announced concerns over the situation in a Sept. 13 security bulletin, though various experts in the information technology community had been analyzing it for at least a few months. The worm is very advanced, required specific intelligence on its target, exploits multiple system vulnerabilities and uses two stolen security certificates, suggesting a typical hacker did not create it.
On a technical level, Stuxnet uses four different vulnerabilities to gain access to Windows systems and USB flash drives, identified independently by antivirus software makers Symantec and Kaspersky Lab. Discovering and exploiting all four vulnerabilities, which in this case are errors in code that allow access to the system or program for unintended purposes, would have required a major effort. Three of them were “zero-day” vulnerabilities, meaning they were unknown before now. A Polish security publication, Hakin9, had discovered the fourth, but Microsoft had failed to fix it. Typically, hackers who discover zero-day vulnerabilities exploit them immediately to avoid pre-emption by software companies, which fix them as soon as they learn of them. In another advanced technique, the worm uses two stolen security certificates from Realtek Semiconductor Corp. to access parts of the Windows operating system.
Stuxnet seems to target a specific Siemens software system, the Simatic WinCC SCADA, operating a unique hardware configuration, according to industrial systems security expert Ralph Langner and Symantec, which both dissected the worm. SCADA stands for “supervisory control and data acquisition systems,” which oversee a number of programmable logic controllers (PLCs), which are used to control individual industrial processes. Stuxnet thus targets individual computers that carry out automated activity in large industrial facilities, but only will activate when it finds the right one. Siemens reported that 14 facilities using its software had already been infected, but nothing had happened. When Stuxnet finds the right configuration of industrial processes run by this software, it supposedly will execute certain files that would disrupt or destroy the system and its equipment. Unlike most sophisticated worms or viruses created by criminal or hacker groups, this worm thus does not involve winning wealth or fame for the creator, but rather aims to disrupt one particular facility, shutting down vital systems that run continuously for a few seconds at a time.
VirusBlokAda, a Minsk-based company, announced the discovery of Stuxnet June 17, 2010, on customers’ computers in Iran. Data from Symantec indicates that most of the targeted and infected computers are in Iran, Indonesia and India. Nearly 60 percent of the infected computers were in Iran. Later research found that at least one version of Stuxnet had been around since June 2009. The proliferation of the worm in Iran indicates that country was the target, but where it started and how it has spread to different countries remains unclear.
Few countries have the kind of technology and industrial base and security agencies geared toward computer security and operations required to devise such a worm, which displays a creativity that few intelligence agencies have demonstrated. This list includes, in no particular order, the United States, India, the United Kingdom, Israel, Russia, Germany, France, China and South Korea.
Media speculation has focused on the United States and Israel, both of which are seeking to disrupt the Iranian nuclear program. Though a conventional war against Iran would be difficult, clandestine attempts at disruption can function as temporarily solutions. Evidence exists of other sabotage attempts in the covert war between the United States and Israel on one side and Iran on the other over Iranian efforts to build a deliverable nuclear weapon.
U.S. President Barack Obama has launched a major diplomatic initiative to involve other countries in stopping Iran’s nuclear activities, so another country might have decided to contribute this creative solution. Whoever developed the worm had very specific intelligence on their target. Targeting a classified Iranian industrial facility would require reliable intelligence assets, likely of a human nature, able to provide the specific parameters for the target. A number of defectors could have provided this information, as could have the plants’ designers or operators. Assuming Siemens systems were actually used, the plans or data needed could have been in Germany, or elsewhere.
Evidence pinpointing who created the worm is not likely to emerge. All that is known for certain is that it targets a particular industrial system using Siemens’ programming. Whether the worm has found its target also remains unclear. It may have done so months ago, meaning now we are just seeing the remnants spread. Assuming the target was a secret facility — which would make this the first cyberweapon reported in the media — the attack might well never be publicized. The Iranians have yet to comment on the worm. They may still be investigating to see where it has spread, working to prevent further damage and trying to identify the culprit. If a government did launch the worm, like any good intelligence operation, no one is likely to take credit for the attack. But no matter who was responsible for the worm, Stuxnet is a display of serious innovation by its designer.

Read more: The Stuxnet Computer Worm and the Iranian Nuclear Program | STRATFOR 

Also see:

Iran ‘attacked’ by computer worm
Iran’s nuclear agency trying to combat a virus capable of taking over systems that control power plants, media says.
Last Modified: 25 Sep 2010 15:08 GMT
Foreign media has speculated that the worm is aimed at disrupting the Bushehr nuclear plant [EPA]

Iran’s nuclear agency is trying to combat a complex computer worm that has affected industrial sites throughout the country and is capable of taking over the control systems of power plants, Iranian media reports have said.
Experts from the Atomic Energy Organisation of Iran met this week to discuss how to remove the malicious computer code, or worm, the semi-official Isna news agency reported on Friday.
No damage or disruption of nuclear facilities has yet been reported, however.
The computer worm, dubbed Stuxnet, can take over systems that control the inner workings of industrial plants.
Experts in Germany discovered the worm in July, and it has since shown up in a number of attacks – primarily in Iran, Indonesia, India and the US.
‘Disrupting Bushehr’
Isna said the malware had spread throughout Iran, but did not name specific sites affected.
Foreign media reports have speculated the worm was aimed at disrupting Iran’s first nuclear power plant, which is to go online in October in the southern port city of Bushehr.

The Russian-built plant will be internationally supervised, but world powers remain concerned that Iran wants to use its civil nuclear power programme as a cover for making weapons.
Iran denies such an aim and says its nuclear work is solely for peaceful purposes.
The destructive Stuxnet worm has surprised experts because it is the first one specifically created to take over industrial control systems, rather than just steal or manipulate data.
Speaking to Al Jazeera, Rik Ferguson, a senior security adviser at the computer security company Trend Micro, described the worm as “very sophisticated”.
“It is designed both for information theft, looking for design documents and sending that information back to the controllers, and for disruptive purposes,” he said.
“It can issue new commands or change commands used in manufacturing.
“It’s difficult to say with any certainty who is behind it. There are multiple theories, and in all honesty, any of of them could be correct.”
Western experts have said the worm’s sophistication – and the fact that about 60 per cent of computers infected looked to be in Iran – pointed to a government-backed attack.
Washington is also tracking the worm, and the Department of Homeland Security is building specialised teams that can respond quickly to cyber emergencies at industrial facilities across the US.

Share this | var addthis_config = { ui_cobrand: “The MasterBlog”}

________________________
The MasterBlog





%d bloggers like this: