Breach, Threat Management, Data Security, Incident Response, Network Security, TDR, Threat Management

Stuxnet: Precursor to kinetic warfare?

Note: Part of this article involves single source information

An exclusive resource has stated that one of the two Iranian nuclear physicists was assassinated by one or more motorcycle-riding hit teams. This resource also stated that along with the nuclear program involvement, Shariari was specifically tasked with removing Stuxnet from Iranian networks:

Prof. Majid Shahriari, who died when his car was attacked in North Tehran on Monday, Nov. 29, headed the team Iran established for combating the Stuxnet virus rampaging through its nuclear and military networks. His wife was injured.

Prof. Shahriari was the Iranian nuclear program's top expert on computer codes and cyberwar.

The scientist's death deals a major blow to Iran's Herculean efforts to purge its nuclear and military control systems of the destructive worm since it went on the offensive six months ago. Only this month, Stuxnet shut down nuclear enrichment at Natanz for six days from Nov. 16-22 and curtailed an important air defense exercise.

My earlier articles warn about cyberwarfare escalating quickly into limited kinetic warfare. To counter this threat, proper physical security measures should be considered alongside cybersecurity. While those of us living outside Tehran may not have much to worry about gun-wielding bikers, becoming a key witness in any cybersecurity matter could make you a target.

Review these steps to protect your own IT teams and your community through public-private partnerships and continue to push for strong physical security training within your company.

Analysis: Wikileaks may have been a contributing factor to Iranian assassinations

In a potentially related matter, this attack may have been escalated by the Wikileaks release:

The attacks occurred at 7:45 a.m. Iranian time, less than 12 hours after the WikiLeaks organization uncovered U.S. diplomatic cables attesting to a proposal by Mossad director Meir Dagan to overthrow the Islamic regime as one of the ways of terminating its nuclear program. He proposed enlisting oppressed Iranian minority groups for the task, like the Baluchis and their liberation movement, Jundallah.

My opinion is that the timing of this attack suggests that several players may have pushed their timetable up in order to take advantage of a well-planned operation.

If this is indeed the case then the Wikileaks U.S. Army source Bradley Manning may have these scientists' blood on his hands – sensitive diplomatic cables are highly protected, yet [allegedly] in a betrayal of trust, PFC Manning downloaded them off the SIPRNET secure network onto a Lady Gaga DVD and uploaded them directly to Wikileaks:

"I would come in with music on a CD-RW labeled with something like 'Lady Gaga,' erase the music, then write a compressed split file," he wrote. "No one suspected a thing and, odds are, they never will."

"[I] listened and lip-synced to Lady Gaga's 'Telephone' while exfiltrating possibly the largest data spillage in American history," he added later. "Weak servers, weak logging, weak physical security, weak counter-intelligence, inattentive signal analysis – a perfect storm." [original source Wired.com]

Every spy from Walker to Aldrich Ames had the same excuse: It was easy to do.

My answer to those [alleged] quotes of Private Manning: It is 'easy' because the military trusts you. And so does your nation. That's why there's an oath. Private Manning gave his word not to betray the organization he joined and to follow their lawful orders, one of which is to not reveal classified or diplomatic information. That trust was betrayed, which makes it 'easy' and the alternate button-downed security is to live in a police state, which betrays the Constitution.

Further investigation will add more than this single source of information down the road, but for now the Stuxnet operation may dictate the methods which critical physical security measures are framed around cybersecurity staffers in both dotcom and dotmil worlds.

Further resources:

  1. Kinetic Warfare vs. Cyberwarfare
  2. BBC News
  3. Al Jazeera
  4. Debka.com – single source of Stuxnet involvement
  5. Securing Our eCity
  6. Stuxnet: Cyberwarfare's game-changer, Part One
  7. Stuxnet: Cyberwarfare's game-changer, Part Two
  8. From sci-fi to Stuxnet: Exploding gas pipelines and the Farewell Dossier

    An In-Depth Guide to Network Security

    Get essential knowledge and practical strategies to fortify your network security.

    Get daily email updates

    SC Media's daily must-read of the most current and pressing daily news

    By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

    You can skip this ad in 5 seconds