Stuxnet virus: US refuses to deny involvement
A senior Pentagon official has refused to answer questions about American involvement in the Stuxnet computer virus attack on Iran’s nuclear programme, fuelling claims it was a joint operation by Israel and the US.
In an interview for a TV documentary about cyber security, Deputy Defense Secretary William Lynn twice failed to address reports that the US was a partner in the internet-borne attack.
The presenter of CodeWars: America’s Cyber Threat, asked him “was the US involved in any way in the development of Stuxnet?”
His initial response was to discuss the general problem of tracing cyber attacks.
“The challenges of Stuxnet, as I said, what it shows you is the difficulty of any, any attribution and it’s something that we’re still looking at, it’s hard to get into any kind of comment on that until we’ve finished our examination,” he said.
“But sir, I’m not asking you if you think another country was involved,” the presenter replied, “I’m asking you if the US was involved: if the Department of Defense was involved.”
Mr Lynn then flatly refused to answer.
“This is not something that we’re going to be able to answer at this point,” he said.
His silence will be taken as the latest clue that clandestine elements of the American military or intelligence services were partners in Stuxnet.
Analysis of the virus, which was first detected in June last year, has found it was designed to infect industrial control systems and make subtle but damaging changes to equipment – specifically the centrifuges at Iran’s Natanz uranium enrichment plant.
Speculation as to its source immediately implicated Israeli, the most outspoken opponent of Tehran’s nuclear ambitions.
But a New York Times report then said that the US government had been involved and had been allowed by Siemens, the German manufacturer of industrial control systems, to carry out test to identify security vulnerabilities in its software.
Further testimony of a collaborative effort was provided by computer forensics experts, who found evidence of two separate teams of developers having worked on Stuxnet’s code.
"It was most likely developed by a Western power, and they most likely provided it to a secondary power which completed the effort,” Tom Parker, a security researcher, told the Telegraph, naming the US and Israeli as the most likely pairing.
One part of the code was well organised and highly expert, requiring the detailed knowledge of Siemens software that the Americans reportedly obtained.
The other part was more crude but would have required human agents to deliver virus to the Natanz systems, pointing to Israeli intelligence, which is known to be very active inside Iran.
Graham Cluley, of the British computer security firm Sophos, said Mr Lynn’s stonewall response would add to suspicions.
“Of course, a refusal to confirm or deny the US's involvement in the Stuxnet worm isn't an admission,” he said.
“After all, it's possible that Lynn simply doesn't know if the USA was involved - and doesn't want to be caught on film denying something which later turns out to be true.”
“Or it's possible that he's not authorised to deny the US's involvement for reasons best known to the higher echelons of US politics.
"Whatever the truth, it's always fun to see a politician squirm when put on the spot regarding their own country's murky activities on the internet.”
Britain's military and intelligence agencies are currently bolstering their own online capabilities via the new £650m cyber security budget.