State-Sponsored Cyber Terror

Title: U.S. Military's Elite Hacker Crew
Date: April 18, 2005
Source: Wired 

Abstract: The U.S. military has assembled the world's most formidable hacker posse: a super-secret, multimillion-dollar weapons program that may be ready to launch bloodless cyberwar against enemy networks -- from electric grids to telephone nets.

The group's existence was revealed during a U.S. Senate Armed Services Committee hearing last month. Military leaders from U.S. Strategic Command, or Stratcom, disclosed the existence of a unit called the Joint Functional Component Command for Network Warfare, or JFCCNW.

In simple terms and sans any military jargon, the unit could best be described as the world's most formidable hacker posse. Ever.

The JFCCNW is charged with defending all Department of Defense networks. The unit is also responsible for the highly classified,  evolving mission of Computer Network Attack, or as some military personnel refer to it, CNA.

But aside from that, little else is known. One expert on cyber warfare said considering the unit is a "joint command," it is most likely made up of personnel from the CIA, National Security Agency, FBI, the four military branches, a smattering of civilians and even military representatives from allied nations.

"They are a difficult nut to crack," said Dan Verton, a former U.S. Marine intelligence officer. "They're very reluctant to talk about operations." Verton is author of the book Black Ice, which investigates the threats cyber terrorism and vandalism could have on military and financial networks.

Verton said the Defense Department talks often about the millions it spends on defending its networks, which were targeted last year nearly 75,000 times with intrusion attempts. But the department has never admitted to launching a cyber attack -- frying a network or sabotaging radar -- against an enemy, he said.

Verton said the unit's capabilities are highly classified, but he believes they can destroy networks and penetrate enemy computers to steal or manipulate data. He said they may also be able to set loose a worm to take down command-and-control systems so the enemy is unable to communicate and direct ground forces, or fire surface-to-air missiles, for example.

Some of the U.S. military's most significant unified commands, such as Stratcom, are undergoing a considerable reorganization. Stratcom, based at the massive Offutt Air Force base in eastern Nebraska and responsible for much of the nation's nuclear arsenal, has been ordered by the Defense Department to take over the JFCCNW.

To better understand the secret program, several questions about the unit were submitted to Stratcom.

Capt. Damien Pickart, a Stratcom spokesman, issued a short statement in response: "The DOD is capable of mounting offensive CNA. For security and classification reasons, we cannot discuss any specifics. However, given the increasing dependence on computer networks, any offensive or defensive computer capability is highly desirable."

Nevertheless, Verton says military personnel have told him numerous "black programs" involving CNA capabilities are ongoing, while new polices and rules of engagement are now on the books.

The ground was prepared in the summer of 2002, when President Bush signed National Security Presidential Directive 16, which ordered the government to prepare national-level guidance on U.S. policies for launching cyber attacks against enemies.

"I've got to tell you we spend more time on the computer network attack business than we do on computer network defense because so many people at very high levels are interested," said former CNA commander, Air Force Maj. Gen. John Bradley, during a speech at a 2002 Association of Old Crows conference. The group is the leading think tank on information and electronic warfare (Wired, 2005)

Title: Israeli Cyber Unit Responsible For Iran Computer Worm 
Date: September 30, 2010
Source: The Telegraph

Abstract: An elite Israeli military unit responsible for cyberwarfare has been accused of creating a virus that has crippled Iran's computer systems and stopped work at its newest nuclear power station.

Computer experts have discovered a biblical reference embedded in the code of the computer worm that has pointed to Israel as the origin of the cyber attack.

The code contains the word "myrtus", which is the Latin biological term for the myrtle tree. The Hebrew word for myrtle, Hadassah, was the birth name of Esther, the Jewish queen of Persia.

In the Bible, The Book of Esther tells how the queen pre-empted an attack on the country's Jewish population and then persuaded her husband to launch an attack before being attacked themselves.

Israel has threatened to launch a pre-emptive attack on Iran's facilities to ensure that the Islamic state does not gain the ability to threaten its existence.

Ralf Langner, a German researcher, claims that Unit 8200, the signals intelligence arm of the Israeli defence forces, perpetrated the computer virus attack by infiltrating the software into the Bushehr nuclear power station.

Mr Langer said: "If you read the Bible you can make a guess."

Computer experts have spent months tracing the origin of the Stuxnet worm, a sophisticated piece of malicious software, or malware, that has infected industrial operating systems made by the German firm Siemens across the globe.

Programmers following Stuxnet believe it was most likely introduced to Iran on a memory stick, possibly by one of the Russian firms helping to build Bushehr. The same firm has projects in Asia, including India and Indonesia which were also attacked. Iran is thought to have suffered 60 per cent of the attacks.

Mr Langner said: "It would be an absolute no-brainer to leave an infected USB stick near one of these guys and there would be more than a 50 per cent chance of him pick it up and infect his computer."

Cyber security experts said that Israel was the most likely perpetrator of the attack and had been targeting Iran but that it had not acknowledged a role to its allies.

"Nobody is willing to accept responsibility for this particular piece of malicious software which is a curious, complex and powerful weapon," said one Whitehall expert.

The Iranian authorities acknowledged the worm had struck Bushehr and a statement conceded that the plant would come into operation in January, two months later than planned.

Elizabeth Katina, a researcher at the Royal United Services Institute, said the possibility of a copycat attack on British or American electricity networks or water supplies had been elevated by the release of Stuxnet.

"Critical national infrastructure is at greater risk because this shows groups on the outside of governments how to do it," she said. "It's more likely now that the northeast of England power grid can be shut down until someone decides to start it up again" (The Telegraph, 2011)

Title: With Stuxnet, Did The U.S. And Israel Create A New Cyberwar Era?
Date: January 16, 2011
Source: Wired

AbstractRemember the years-long controversy about whether the U.S. or the Israel would bomb Iran’s nuclear program? It appears they just did — virtually. And if they did, they also may have expanded our sense of how nations wage war in cyberspace.

For all the hype, “cyberwar” has been a bush-league affair so far. Websites get defaced or taken offline, or an adversary’s software gets logic-bombed into a malfunctioning mess. Analysts warn that future assaults could fry an electrical grid (if it’s networked too well) or cause a military to lose contact with a piece of its remotely-controlled hardware. But that’s about the extent of the damage. Only the Stuxnet worm may point to a huge innovation for cyberwar: the mass disablement of an enemy’s most important strategic programs.

Stuxnet’s origin is unknown. Attributing credit for Stuxnet is rightly the subject of geopolitical intrigue. As our sister blog Threat Level has exhaustively reported, the worm eats away at a very specific kind of industrial control system: a configuration of the Siemens-manufactured Supervisory Control and Data Acquisition (SCADA) system that commands the centrifuges enriching uranium for Iran’s nuclear program, the key step for an Iranian bomb. But the Stuxnet whodunit may be solved: it appears to be a  joint U.S.-Israeli collaboration — and a cyberwarfare milestone.

The New York Times doesn’t have definitive proof, but it has fascinating circumstantial evidence, and Threat Level’s Kim Zetter will publish more on Tuesday. In 2008, Siemens informed a major Energy Department laboratory of the weaknesses in its SCADA systems. Around that time, the heart of Israel’s nuclear-weapons complex, Dimona, began experimenting on an industrial-sabotage protocol based on a model of the Iranian enrichment program. The Obama administration embraced an initiative begun by the Bush administration to “bore into [Iranian] computers” and disable the nuclear effort. Motive, meet opportunity. By late 2009, Stuxnet was popping up globally, including in Iran.

Iran denies that Stuxnet did any major damage to its nuclear program. But last week, the outgoing chief of Israel’s Mossad spy agency publicly asserted that Iran wouldn’t be capable of making a bomb before 2015, adding four years to a fearsome nuclear schedule. It’s possible that’s just ass-covering spin: for years, both Israel and the U.S. have repeatedly pushed back their estimates of when Iran would go nuclear. But both countries also have long track records of covertly sabotaging Iranian nuke efforts, whether it’s getting scientists to defect or… other means.  (Some scientists are getting killed in the streets by unknown assailants.) Stuxnet would be a new achievement for a long-running mission.

And what an achievement. The early stages of cyberwar have looked like a component effort in a broader campaign, as when Georgia’s government websites mysteriously went offline during its 2008 shooting war with Russia. The Navy’s information chief recently suggested that jamming capabilities will be increasingly important to Chinese military doctrine. The difference between that and Stuxnet is the difference between keying someone’s car and blowing up her city.

With Stuxnet, there’s no broader conventional assault, but an adversary’s most important military asset gets compromised.  The mission of an aerial bombardment of Iran would be to set Iran’s nuclear program back; to at least some degree, Stuxnet has done precisely that. Only Stuxnet didn’t kill anyone, and it didn’t set off the destabilizing effect in the region that a bombing campaign was likely to reap.

In other words, Stuxnet may represent the so-called “high end” of cyberwarfare: a stealthy, stand-alone capability to knock an opponent’s Queen off the board before more traditional military hostilities can kick in. It wouldn’t be taking out a particular ship’s radar system or even a command-and-control satellite. All of that could still happen. But this would be the first instance of cyberwarfare aimed at a truly strategic target.

That’s not to say we’re there yet, since we don’t really know how many years of a non-nuclear Iran Stuxnet provided. But it is to say that we may be getting there. North Korea’s uranium enrichment efforts have similar industrial control mechanisms, and if Stuxnet couldn’t take them down, a son-of-Stuxnet might. And just consider what kinds of other major cyberwar programs are out there — the ones really hidden in secrecy, not like the winks-and-nods that U.S. and Israeli officials have given to their possible authorship of Stuxnet.

All this has major implications for U.S. military doctrine. There isn’t any for cyberwarfare, for instance. The new U.S. Cyber Command describes its primary mission as protecting military networks from incoming assault, and says very little about what its offensive mission might be. Writing malicious code and transmitting it into enemy networks, up to and including nuclear controls, even in advance of conventional hostilities, could be CYBERCOM’s next big step. It would represent an update to the old Air Force dream of strategic bombing (.pdf), in which bombing an enemy’s critical infrastructure compels him to give up the fight.

That also points to the downside. Just as strategic bombing doesn’t have a good track record of success, Stuxnet hasn’t taken down the Iranian nuclear program. Doctrine-writers may be tempted to view cyberwar as an alternative to a shooting war, but the evidence to date doesn’t suggest anything of the sort. Stuxnet just indicates that high-level cyberwarfare really is possible; it doesn’t indicate that it’s sufficient for achieving national objectives.

The Times has an irresistible quote from Ralph Langner, a German expert who decoded Stuxnet. Langner wrote that “Stuxnet is not about sending a message or proving a concept. It is about destroying its targets with utmost determination in military style.” Maybe so. But that certainly does send a message. And if it doesn’t exactly prove a concept, it points a way forward to just how powerful cyberwarfare can become (Wired, 2011)

Title: Israel Government Unveils Counter-Cyberterrorism Unit
Date: April 3, 2011
Source: Xinhua

AbstractIsraeli officials have said they are set to implement a new strategy aimed at foiling the growing wave of cyberterrorism and cybertheft attacks perpetrated against its government ministries, military agencies, and major banking and commercial entities.

Israel averages about 350 on-line hacking attacks per second every day, according to Assaf Keren, the former project director for Israel's e-Gov portal. The portal offers a wealth of services for the public at large, and is, among other major sites like the Bank of Israel, considered a prime hacker magnet by Israel's political foes and criminal elements.

Hackers took down the site for two days in early 2008. While bank officials said the hackers "inserted propaganda material in Arabic," but they were unable to access financial data and information, which is stored on a separate system.

While the Mossad, Israel Security Agency (Shin Bet), military and other entities have their own departments dealing with on-line warfare, and last week Israeli Prime Minister Benjamin Netanyahu averred that Israel was preparing a top-level response to such attacks.

Leading the digital charge is Major General Isaac Ben-Israel, who headed up the Defense Ministry's Administration for the Development of Weapons and Technological Infrastructure, local daily Ha'aretz daily reported on Sunday.

Late last year, Ben-Israel and senior Israeli and international security experts gathered at an Israeli think tank to share know- how  about battling cyber-crime, cyber-terrorism and cyber-warfare. Talks at the International Institute for Counter-Terrorism (ICT) at the  Herzliya-based Interdisciplinary Center (IDC) focused on efforts to slay, or at least rein in the multi-headed digital hydra.

Many of the experts at the program said again and again that substantially raising basic governmental, public and private awareness of the need to defend against on-line threats, from simple measures like not opening unknown email attachments, all the way up to tightly guarding national infrastructure, was crucial (Xinhua, 2011)

Title: Iran: Israel Ranks First In Cyber Terror
Date: August 11, 2011
Source: Press TV

Abstract: Iran's Minister of Communications and Information Technology Reza Taqipour says Israel ranks first in planning cyber terrorism against other nations in the globe. 

Taqipour told reporters on Wednesday that the Israeli regime ranks at the top of governments that sponsor various forms of state terrorism, including cyber terror, Mehr news agency reported. 

He said that the Tel Aviv regime was the symbol of state terrorism, adding that the regime takes the lead in spreading malwares across cyber space. 

He added, however, that Iran has taken appropriate counter measures, including the establishment of a cyber command, to control and foil cyber attacks targeting the country. 

The minister's comments came in response to reports that Israeli military is plotting to wage a major cyber war against Iran by setting up a military cyber command. 

The new cyber command, which has been designated as central to 'defense capability' of the Israeli regime, would directly report to Israeli Prime Minister Benjamin Netanyahu. 

The new command center, supported by the military, has already conducted a series of "soft" espionage missions, including hacking into Iran's version of Facebook and other social networking sites, the report says. 

A source with close knowledge of the cyber war preparations said that Israel has two principal targets in Iran's cyberspace, which are stopping Tehran's nuclear program and its civil infrastructure. 

Iran says it fully monitors cyberspace in order to counter soft warfare against the country (Press TV, 2011).  

Title: Stuxnet Clone 'Duqu': The Hydrogen Bomb Of Cyberwarfare?
Date: October 19, 2011
Source: Fox News

Abstract: If the Stuxnet virus was the atom bomb of cyberwarfare, then the discovery this week of the "Duqu" virus is the hydrogen bomb, security experts are warning. 

It is the second major weaponized virus to turn computers into lethal weapons with devastating destructive power.

The new program, discovered by Symantec on Tuesday with the help of an unnamed research lab, uses much of the same code as the 2010 Stuxnet virus did. But instead of destroying the systems it infects, Duqu secretly penetrates them and, according to some experts, creates “back door” vulnerabilities that can be exploited to destroy the networks at any time its creators may choose.

The original Stuxnet malware was the culmination of a vast technical and espionage effort that had only one target in mind: the Iranian nuclear program. And is widely believed to be the work of the United States and Israel. Experts who looked at the program were amazed at its ability to penetrate Iran’s secure, highly protected security system and destroy it without being detected.

Its success set back the Iranian nuclear program for years.

Experts were also amazed at the depth of information that had been collected on the Iranian program, information that allowed its secure nuclear system to be penetrated so easily and without detection. Among those elements, according to Ralph Langer who was one of the first to dissect the Stuxnet virus, were stolen certificates of authorization, highly protected codes that power Siemens industrial computers, and the internal workings of Iran’s computer systems. Much of it, they surmised, had to be done using human rather than computer intelligence agents.

With Duqu that is no longer the case.

According to Michael Sconzo, a senior security officer at worldwide computer security company RSA, the new virus embeds itself in computer systems for 36 days and “analyzes and profiles” the system's workings before sending its findings out to a a secure server and self destructing.

“It's an intelligence operation,” he told “We still aren’t sure of all the things it looks for yet but it is a likely precursor to an attack. It is a Trojan horse.”

But he said its intention is to to allow its users to understand the inner workings of the targeted computer system to create malware that can attack the system.

Among the things currently known is that it records is every keystroke used on a system, allowing it to learn and pass on passwords to various systems inside the network, thus making future penetration much easier.

He speculated that the 36-day window might allow the program to collect password patterns because many companies require password changes every thirty days.

As with Stuxnet, there are still a number of open questions that security firms around the word are still trying to answer, Sconzo said.

Among them: Which companies have been hit; how extensive is the collection of data from their computers; and, because of the short period of penetration, how imminent is an attack.

And the most important question still remains open: Who's behind the attacks? 

Several experts have suggested that the perpetrators must be the same group that created Stuxnet. That's far from certain, Sconzo said

“The Stuxnet code has been out there for some time,” he told “Anyone with a decent knowledge of computers could reverse engineer it.”

While that raises the possibility of Iranian retaliation for Stuxnet, which has been a cause of concern for some time, or even terrorists, he said there was too much not yet known to draw any conclusions about authorship.

“Just who is doing it may be the most important question we need to answer,” he said, because its discovery raises a great deal of “fear, uncertainty and doubt.”

“There is nothing out there available to stop it,” he said (Fox News, 2011).

Title: U.S. & Israel Launch New Phase Of Cyber Warfare
Date: October 20, 2011
Source: Infowars 

Abstract: The re-emergence of the Stuxnet virus in a virtually identical form to its previous incarnation heralds a “new round of cyber war,” and given the fact that the last version was created by the U.S. and Israel, it’s obvious where the finger of blame should be pointing once again.

“Analysts at US firms McAfee and Symantec agreed that a sophisticated virus dubbed “Duqu” has been unleashed on an apparent mission to gather intelligence for future attacks on industrial control systems,” reports AFP.

“This seems to be the reconnaissance phase of something much larger,” McAfee senior research analyst Adam Wosotowsky told AFP about the virus, named for the “DQ” prefix on files it creates.

The new incarnation of the virus is primarily aimed at the Middle East and is designed to “mount a future attack on an industrial control facility” by capturing password data and infiltrating networks undetected.

“McAfee and Symantec said that, based on snippets of the virus they were given to study, portions of the encrypted Duqu code matched identically scrambled portions of Stuxnet,” states the report.

After last year’s Stuxnet worm attack targeted Iranian nuclear plants, the New York Times reported, months after we had first identified “Israel and the United States….as the prime suspects behind the Stuxnet worm attack,” that the virus was indeed created by the U.S. and Israel.

“The covert race to create Stuxnet was a joint project between the Americans and the Israelis, with some help, knowing or unknowing, from the Germans and the British,” reported the NY Times on January 15.

Even after it was all but admitted that the United States and Israel created Stuxnet to target Iran’s nuclear facilities, the establishment media’s coverage of the new incarnation of the worm is completely absent that fact.

Perhaps we can expect to be labeled “conspiracy theorists” once again for stating the blindingly obvious – that while US cybersecurity officials concentrate power and funding in the name of defending against cyber attacks, they are the ones launching them. The US and Israel is once again behind the attack and it will primarily be aimed at disrupting Iran’s nuclear enrichment program.

As we documented, before the New York Times reported that the U.S. and Israel were behind the attack last year, numerous talking heads claimed there was no evidence to suggest this, blaming Russia or China instead, and demonizing those who pointed the finger at the obvious culprits for circulating “ridiculous” theories.

It really scales the heights of hypocrisy to hear the arguments of US cybersecurity officials about the need to hand them the power to control the Internet in the name of protecting against cyber warfare, when the U.S. government itself is behind almost every act of cyber warfare.

Earlier this week it also emerged that the Obama administration considered opening its assault on Libya by launching a cyber attack to “disable the Qaddafi government’s air-defense system”.

Given the fact that strong rumors of an attack on Iran have been circulating for several weeks, this round of cyber warfare could be the opening salvo for something far bigger (Infowars, 2011)

Title: Pentagon: Offensive Cyber Attacks Fair Game
Date: November 15, 2011
Washington Post 

Abstract: The Pentagon has laid out its most explicit cyberwarfare policy to date, stating that if directed by the president, it will launch “offensive cyber operations” in response to hostile acts.

Those hostile acts may include “significant cyber attacks directed against the U.S. economy, government or military,” Defense Department officials stated in a long-overdue report to Congress released late Monday.

But the report is still silent on a number of important issues, such as rules of engagement outside designated battle zones — a sign of how challenging the policy debate is in the newest and most complex realm of warfare.

The statements are consistent with preexisting policy, but have never before been stated quite so explicitly, even in the Pentagon’s recently released cyberspace strategy.

That strategy focused on the importance of deterring attacks by building defenses that would “deny” adversaries the benefits of success. In the latest report, the Pentagon states that adversaries threatening a crippling cyber attack against the United States “would be taking a grave risk.”

Indeed, officials noted that when defense-based deterrence fails to stop a hostile act, the Pentagon “maintains, and is further developing, the ability to respond militarily in cyberspace and in other domains.”

James E. Cartwright Jr., the recently retired vice chairman of the Joint Chiefs of Staff, who has criticized U.S. cyberstrategy as being too focused on defensive issues, said the report “is a good start at documenting how the U.S. will both defend our interests in this vital domain and deter those who would threaten those interests.”

Cartwright had publicly stated over the summer that a strategy dominated by defense would fail, telling reporters then: “If it’s okay to attack me and I’m not going to do anything other than improve my defenses every time you attack me, it’s very difficult to come up with a deterrent strategy.”

The latest report, issued in response to a congressional requirement to answer key cyberwarfare policy questions by March 1, 2011, reiterated that the United States will “exhaust all options prior to using force whenever we can” in response to a hostile act in cyberspace.

In May, the White House’s international cyberstrategy declared that the United States reserves the right to use all necessary means — diplomatic, informational, military and economic — to defend the nation against hostile acts in cyberspace.

The new report, though, reflects the tensions inherent in cyber policy. Taken with past budget documents, it suggests a need for automated, pre-approved responses to some hostile acts in cyberspace.

But the report makes clear that offensive actions will be carried out only as directed by the president.

And it states that specific rules of engagement for the defense of computer networks have been approved for “areas of hostilities” or battle zones. There is just one area of hostility today — Afghanistan.

“The question is, how, and to what extent, are they thinking about automated responses?” said Herbert Lin, a cyber expert at the National Academy of Sciences.

Such responses, he said, “are fraught with danger. Without people in the loop, you’re much more likely to do unintended stuff” (Washington Post, 2011)

Title: Israel To Wage E-Warfare Against Iran
Date: November 19, 2011
Press TV

Abstract: A report says Israel intends to use electronic warfare to shut down Iranian civilian infrastructure in the event of a strike against the Islamic Republic's nuclear facilities.

The Daily Beast reported on Thursday that a possible Israeli attack would go as far as targeting Iran's Internet and cell phone networks, its electrical grid as well as emergency frequencies for the country's police and fire departments.

The news website quoted "current and former US intelligence officials" and that the electronic warfare would be carried out by remote-controlled Israeli Air Force drones, which can fly for 20 hours non-stop before they come back to points of take-off. There are even some unmanned Israeli aerial vehicles that can fly overhead for 45 hours non-stop.

The Daily Beast said that Israel has developed weapons that could imitate a maintenance cell phone signal that commands a cell network to go inactive, "effectively stopping transmissions."

It also claimed that two years ago US security officials allegedly located several power grids inside Iran that were connected to the Internet, and were susceptible to cyber attacks such as the Stutnex virus.

The US, Israel, and some of their allies accuse Tehran of pursuing military objectives in its nuclear program.

Iran has refuted the allegations, saying that as a signatory to the nuclear Non-Proliferation Treaty and a member of the IAEA, it has the right to develop and acquire nuclear technology for peaceful purposes.

In addition, the IAEA has conducted numerous inspections of Iranian nuclear facilities but has never found any evidence indicating that Iran's civilian nuclear program has been diverted towards nuclear weapons production
(Press TV, 2011)

Title: Feds Seize 130+ Domain Names In Mass Crackdown
Date: November 25, 2011
Torrent Freak

Abstract: US authorities have initiated the largest round of domain name seizures yet as part of their continued crackdown on counterfeit and piracy-related websites. With just a few days to go until “Cyber Monday” more than 100 domain names have been taken over by the feds to protect the commercial interests of US companies. The seizures are disputable, as the SOPA bill which aims to specifically legitimize such actions is still pending in Congress.

The Department of Justice (DOJ) and Immigration and Customs Enforcement (ICE) have resumed “Operation In Our Sites”, the domain name seizing initiative designed to crack down on online piracy and counterfeiting.

The new round comes exactly a year after 82 domains, including Torrent-Finder, were taken over in 2010. At the time ICE labeled the actions “Cyber Monday crackdown,” referring to the Monday following Thanksgiving where consumers are persuaded to shop online.

TorrentFreak has identified more than 130 domains taken over by the government during the last 24 hours, which makes this the largest seizure round to date. The authorities have yet to comment via official channels, but we assume that they will use the same justification for the domain seizures as they did last year.

“Intellectual property crimes are not victimless,” said Attorney General Eric Holder at the time.

“The theft of ideas and the sale of counterfeit goods threaten economic opportunities and financial stability, suppress innovation and destroy jobs. The Justice Department, with the help of our law enforcement partners, is changing the perception that these crimes are risk-free with enforcement actions like the one announced today,” Holder added.

Compared to previous seizure rounds, there are also some notable differences to report. This time the action appears to be limited to sites that directly charge visitors for their services. Most of the domains are linked to the selling of counterfeit clothing (e.g., and at least one ( sold pirated auto software.

Last year several sites were taken down because they allowed their users to access free music and movie downloads, and these were followed by several streaming services a few months later. No similar sites have been reported in the current round.

After the November 2010 seizures were covered widely in the press, many torrent site owners began to work on backup plans in case they too become a target. A few dozen sites have switched over to alternative domains, and other torrent site operators have purchased additional backup domains just in case.

The need for a backup plan was only intensified when US lawmakers introduced legislation to make domain seizures common practice, such as the pending Protect IP and SOPA bills.

The fact that the authorities have once again launched a large crackdown on “rogue” websites begs the question why this legislation is needed in the first place. Apparently, the current system already allows for the seizure of domain names, without due process and all the other constitutional issues.

Perhaps the authorities will be able to answer this question when they officially announce the latest “Cyber Monday crackdown.” Meanwhile, a full list of the 131 seized domain names we have identified thus far is embedded below (Torrent Freak, 2011)

Title: NDAA Gives Pentagon Green Light To Wage Internet War
Date: December 15, 2011

In addition to kidnapping Americans and tossing them into Camp Gitmo without recourse or trial, the draconian NDAA bill
passed in the House yesterday contains language that will allow the Pentagon to wage cyberwar on domestic enemies of the state.

following language is in the final “reconciled” bill that will now travel to the Senate and ultimately Obama’s desk where it will be signed into law despite earlier assertions that he would veto the legislation:

Congress affirms that the Department of Defense has the capability, and upon direction by the President may conduct offensive operations in cyberspace to defend our Nation, Allies and interests, subject to–

     1. the policy principles and legal regimes that the Department follows for kinetic capabilities, including the law of armed conflict; and

     2. the War Powers Resolution (50 U.S.C. 1541 et seq.).

In July, the Pentagon released its cybersecurity plan. It declared the internet a domain of war but did not specify how the military would use it for offensive strikes. The report claimed that hostile parties “are working to exploit DOD unclassified and classified networks, and some foreign intelligence organizations have already acquired the capacity to disrupt elements of DOD’s information infrastructure.” In addition, according to the Pentagon, “non-state actors increasingly threaten to penetrate and disrupt DOD networks and systems.”

“If you shut down our power grid, maybe we will put a missile down one of your smokestacks,” an official said prior to the release of the official document. “The US is vulnerable to sabotage in defense, power, telecommunications, banking. An attack on any one of those essential infrastructures could be as damaging as any kinetic attack on US soil,” Sami Saydjari, a former Pentagon cyber expert who now runs a consultancy called Cyber Defense Agency, told The Guardian in May.

The Pentagon and its contractors are overstating the case, writes Ryan Singel of Wired. “Despite mainstream news accounts, there’s been no documented hacking attacks on U.S. infrastructure designed to cripple it. A recent report from a post-9/11 intelligence fusion center that a water pump in Illinois had been destroyed by Russian hackers turned out to be baseless — and was simply a contractor logging in from his vacation at the behest of the water company,” Singel notes.

Singel also notes that the Pentagon is characterizing spying as an offensive act. Spying “isn’t an act of war — just ask the NSA and CIA, who spend billions of dollars a year spying on other countries by intercepting communications and persuading foreign citizens to give the U.S. valuable intelligence. It’s certainly an aggressive state action, and a diplomatic issue. But if spying was an act of war, every CIA agent hiding under diplomatic cover would count as cause for a country to attack the U.S.,” he writes.

The Pentagon has considered the internet enemy territory since it produced its Information Operations Roadmap in 2003. The document was released to the public after a Freedom of Information Request by the National Security Archive at George Washington University in 2006. The document declares the Pentagon will “fight the net” as it would a weapons system.

The document does not describes how the Pentagon will destroy the internet, but gradually degrade it.

“The internet is useful not only as a business tool but also is excellent for monitoring and tracking users, acclimatizing people to a virtual world, and developing detailed psychological profiles of every user, among many other Pentagon positives,” writes Brent Jessop. “But, one problem with the current internet is the potential for the dissemination of ideas and information not consistent with US government themes and messages, commonly known as free speech.”

The Pentagon war on manufactured and exaggerated cyber threats was expanded to include the private sector in 2010. “In a break with previous policy, the military now is prepared to provide cyber expertise to other government agencies and to certain private companies to counter attacks on their computer networks, the Pentagon’s cyber policy chief, Robert Butler, said Oct. 20,” Defense News reported. “An agreement signed this month with the Department of Homeland Security and an earlier initiative to protect companies in the defense industrial base make it likely that the military will be a key part of any response to a cyber attack.”

Under the new rules, the New York Times noted at the time, “the president would approve the use of the military’s expertise in computer-network warfare, and the Department of Homeland Security would direct the work.”

A caveat, however, was added to calm fears about further trashing of the Constitution. “Officials involved in drafting the rules said the goal was to ensure a rapid response to a cyberthreat while balancing concerns that civil liberties might be at risk should the military take over such domestic operations.”

After the NDAA is signed into law by Obama, he will have the authority to wage war against “domestic terrorists,” defined by the Department of Homeland Security as “rightwing extremists” and other anti-government types. As noted above, it will be the DHS that will “direct the work” against enemies of the state. It will work with the Pentagon to militarily neutralize the threat posed by activists and the alternative media.

In November, the DHS practiced its work by coordinating a nationwide police crackdown on the OWS movement. In the not too distant future, it may be using the Pentagon – now that Posse Comitatus is a dead letter – in its ongoing efforts to wage war on political opposition to the establishment (Infowars, 2011)

Title: Pentagon Gets The Go-Ahead For Offensive Cyberwars
Date: December 22, 2011
Russia Today

Abstract: Within the 680 pages of the Congress-approved National Defense Authorization Act for Fiscal Year 2012 are a lot of provisions that the American public might be peeved over if they could comb through all the contents.

In addition of establishing the ability for the president to detain and torture his own citizens indefinitely is also a tiny clump of text which will provide for the commander-in-chief to, once and for all, legally attack the enemies of America over the Internet.

Under the controversial defense spending act that is awaiting approval from US President Barack Obama, lawmakers can give the Executive Branch the go-ahead to wage a war over the Web against any nation deemed a threat to America. Specifically, Section 954, “Military Activities in CyberSpace,” states, “Congress affirms that the Department of Defense has the capability, and upon direction by the president may conduct offensive operations in cyberspace to defend our nation, allies and interests.”

The White House originally said that it would veto NDAA FY 2012 if it made it off Capitol Hill, but only days before it left Congress, Press Secretary Jay Carney told the media that the president’s advisers will no longer recommend such action. Thus, the inking of Obama’s name to the document will not just give him the power to pursue computer attacks, but also the ability to detain American indefinitely, employ tactics of torture on prisoners and send his own citizens to foreign institutions for prosecution.

The US has been criticized since the early days of the Information Age over alleged cyber crimes against foreign powers. While there has been no legislation keeping Congress from conducting a battle as such, the passing of NDAA FY2012 will insure that any future fights over of the Web will be spared opposition of those crying foul.

Now, says SANS Institute Director Alan Paller, the Pentagon has “explicit permission to do what needs to be done.” To the Federal Times, however, Paller adds that this also afire “what has been done” by America in the past.

While tensions tighten between the US and Iran over the foreign state’s possible nuclear program, some insiders have already suggested that a cyberwar has begun between the nations. America has already been blamed by many for the Stuxnet computer virus that infiltrated Tehran’s networks last year, and in recent weeks the attack on the Pentagon’s drone aircraft program that has left two multi-million dollars crafts out of America’s control has been considered the effects of a cyber attack from Iran. Regardless of if this battle between the countries originated overseas or not, President Obama can now legally blast through Iran’s blurbs of binary to conduct a cyberwar once allowed by Congress.

As with wars waged with bombs and bullets, the commander-in-chief will still need approval from the House and Senate before going to battle, as outlined in the War Powers Resolution Act of 1972. Only this year, however, President Obama directly violated the legislation and deployed American forces into Libya to aid in a NATO coalition to take down then-leader Muammar Gaddafi. In June, House Speaker John Boehner went after Obama by sending a letter stating, “the House is left to conclude that you have made one of two determinations: either you have concluded the War Powers Resolution does not apply to the mission in Libya, or you have determined the War Powers Resolution is contrary to the Constitution. “

“The House, and the American people whom we represent, deserve to know the determination you have made,” added Speaker Boehner. Those hostilities, which Obama insisted did not constitute a war, went on for months and yielded around 145 missile strikes.

Even then, it was revealed that the president was considering launching a cyberwar with Libya to overthrow Gaddafi. An Obama administration official speaking under condition of anonymity to The New York Times in October said that the US has cyber abilities within its arsenal, but said they are “like the Ferrari that you keep in the garage and only take out for the big race and not just for a run around town, unless nothing else can get you there.” The official also said that the administration contemplated a computer attack on Osama bin Laden before the raid and execution that took down the ex-al-Qaeda leader in May of this year.

Defense Secretary Leon Panetta told a Capitol Hill hearing in July that “The next Pearl Harbor we confront could very well be a cyber attack that cripples our power systems, our grid, our security systems, our financial systems [and] our governmental systems.” This time, America is legitimatized the use of taking the offensive, so the next terrorist attack could be compliments of Uncle Sam.

“It is going to take both defensive measures as well as aggressive measures to deal with it,” added Panetta at the time (Russia Today, 2011)

Title: Joint Functional Component Command – Network Warfare
Date: 2012
Source: Wikipedia 

AbstractThe Joint Functional Component Command – Network Warfare (JFCC-NW) at Fort Meade, Maryland was a subordinate  component command of United States Strategic Command (USSTRATCOM) active from 2005 to 2010. It was is responsible for coordinating offensive computer network operations for the United States Department of Defense (DoD). JFCC-NW was created in 2005. It is to be merged into United States Cyber Command in October 2010.

The Commander, JFCC-NW (currently LTG Keith B. Alexander) is dual-hatted as the Director, National Security Agency. This coordinated approach to information operations involves two other important supporting commands. The Director, Defense Information Systems Agency also heads the Joint Task Force-Global Network Operations. This organization is responsible for operating and defending U.S. worldwide information networks, a function closely aligned with the efforts of JFCC-NW 

JFCC-NW facilitates/facilitated cooperative engagement with other national entities in computer network defense and offensive information warfare as part of the global information operations mission.

The command was responsible for the highly classified, evolving mission of Computer Network Attack (CNA). The command's capabilities are highly classified, but it is believed that they may destroy networks and penetrate enemy computers to steal or manipulate data, and take down command-and-control systems, for example. Some of these capabilities are known as Special Technical Operations (STO) (Wikipedia, 2012)

Title: Cyber War Threat: US To Fight Enemy It Created Itself
Date: February 25, 2012

YouTube Video


Title: Bust Reveals Government Runs Hacking Groups
Date: March 6, 2012

Abstract: The establishment media has characterized the leader of 
LulzSec ratting out his hacktivist comrades as betrayal, but the incident reveals something far more sinister – government is responsible for creating and unleashing computer hacker groups.

Hector Xavier Monsegur, said to be the leader of LulzSec, worked for the FBI, according to news reports. He was reportedly arrested in Puerto Rico last June, pleaded guilty to hacking charges, and then began working with the FBI – or so the cover story would have it.

Monsequr, aka Sabu, decided what targets to attack and who would participate in the attacks, more than likely at the direction of this FBI handlers. It is believed he participated in the Anonymous effort to hack HBGary, the security firm that works closely with the CIA, NSA, FBI, and the Pentagon.

Sabu’s Lulz Security, commonly abbreviated as LulzSec, claimed responsibility for taking the CIA website offline. It also attacked Fox News, PBS, Sony, and a number of gamer sites. LulzSec claims to have hacked local InfraGard chapter sites, the organization affiliated with the FBI, and released the emails and passwords of a number of users of

LulzSec and Anonymous attacks have provided the government with an excuse to push their cyber security agenda and propaganda campaign, including the proposal for a “kill switch” that would have allowed Obama to shut down the internet (due to public outrage, the proposal was dropped from a House bill in February).

Government and corporate groups cited LulzSec and Anonymous lawlessness last June to push the so-called Protect IP Act (known as PIPA). The introduction of a House version of the bill, dubbed SOPA (Stop Online Privacy Act), was met with public outrage and widespread activism that forced Congress to reconsider the legislation.

In October, Mother Jones revealed that the FBI is notorious for creating supposed terrorist groups from scratch and then framing patsies in order to claim the government is protecting the United States from terrorists and also breathe life into an otherwise moribund war on mostly nonexistent terrorism.

Sabu’s role as an FBI provocateur working inside LulzSec reveals the government is attempting to do the same in order to push its so-called cybersecurity agenda. The establishment is eager to pass a raft of legislation to closely regulate the internet, strip the medium of its anonymity, and close it down as an activism and alternative media tool (Infowars, 2012).

Title: Hackers Arrested As High-Profile Figurehead 'Turns Informant'
Date: March 7, 2012

Abstract: Five men believed to be leading members of so-called “hacktivism” groups have been charged with computer hacking after the leader of one of the highestprofile organisations, LulzSec, turned police informant, it has emerged.

“Sabu”, the public figurehead of LulzSec andstrongly linked with Anonymous – the groups allegedly responsible for attacks on Paypal and Rupert Murdoch’s newspapers, among others – began working for the FBI after being arrested in connection with a series of hacks, US press reports revealed.

The news comes as a major blow for the hacktivist movement, which has seen some of its most vocal supporters arrested. Yesterday, an FBI official was quoted as saying it was a 'devastating' blow and added: “We’re chopping off the head of LulzSec.” Reports that Sabu has been working for the FBI since August last year first surfaced on Fox News yesterday. Later in the day, the FBI confirmed that the five were arrested and charged over various alleged computer hacks.

According to court papers filed in federal court in New York, Hector Xavier Monsegur, 28, revealed by FBI officials to be “Sabu”, pleaded guilty to 12 counts of computer hacking, including attacks on the websites of PayPal, MasterCard and Visa on 15 August last year.

British men Ryan Ackroyd, the highranking LulzSec member “Kayla” and Jake Davis, who uses the online name “Topiary”, were among those arrested, the FBI said (Independent, 2012).

DHS Hires Hackers To Crack Video Game Consoles
Date: April 9, 2012

Abstract: The US Department of Homeland Security might soon take the “joy” out of “joystick.” The country’s top counterterrorism unit has awarded a California company $177,235 to hack video game consoles under the guise of cracking down on criminal activity.

San Francisco-based Obscure Technologies is the recent recipient of a government contract for $177,235.50. For a small computer forensics firm with less than half-a-dozen employees, it’s a significant sum being awarded by Uncle Sam. The only catch, however, is that the small-time Silicon Valley company will be in charge of prying into the video game consoles used by millions of Americans during their personal pastime that was thought to be otherwise free of federal interference. According to the Department of Homeland Security, uncovering online communications conducted over video game networks could be key in thwarting terrorism.

As per the official contract awarded earlier this month to Obscure Technologies, the DHS is hoping the small time computer experts will be able to come up with “hardware and software tools that can be used for extracting data from video game systems.” If those powers can be made possible, the government wants to be able to get into the heavily encrypted computer data inside machines like Microsoft’s X-Box 360 and Nintendo’s Wii in order to build cases against could be criminals.

In explaining their case, the government argues that both pedophiles and terrorists alike are using communication modes available only through video game systems to both lure in children and plot possible attacks, respectively. Currently video game platform largely rely on heavy-duty encryption to keep any sort of person-to-person correspondence made through their systems hard to uncover, but the DHS believes that once Obscure can crack that code they will be able to provide a procedure that law enforcement can use in furthering investigations.

Under the assumption that correspondence conducted over video game consoles is nothing but fun and games, authorities have been unwilling to invest time and money in efforts thus far to try and find a way to hack into those conversations. On the contrary, however, some say that the dialogues done while fighting fictional warlords and putting plumbers through pixilated pipes often do divulge into an underworld almost as dangerous as the one on the screen.

“I've spoken with privacy people at Microsoft, and they're aware that it's something that can be personal and sensitive. If you don't use Xbox, you might think it's just a frivolous video game. But a lot of real communication happens between people in this form,” Parker Higgins, a spokesman for the online privacy group the Electronic Freedom Foundation (EFF) tells the Foreign Policy website.

Higgins adds, however, that the stigma of silliness often associated with gaming needs to be overlooked. In actuality, he attests, some gamers use console-to-console communiqué for conversations that might not necessarily want (or expect) the feds to eavesdrop on. Just because it's a form associated with games doesn't mean it deserves less privacy protection,”adds Higgins.

"You wouldn't intentionally store sensitive data on a console . . .But I can think of things like connection logs and conversation logs that are incidentally stored data. And it's even more alarming because users might not know that the data is created,” continues Higgins.

"These consoles are being used as general purpose computers, and they're used for all kinds of communications. The Xbox has a very active online community where people communicate. It stands to reason that you could get sensitive and private information stored on the console."

As opposition grows to government-sponsored attempts to put itself between persons connecting elsewhere on the Web, however, who can listen in on game console conversations has indeed become a debate largely ignored by both politicians and gamers alike. As Obscure Technologies tries to crack the codes of Microsoft, Nintendo and others, gamers might not be aware that their own avenue for correspondence could be included on the next cybersecurity bill voted on by Congress that, while drafted to discuss conventional Internet communication, would indeed involve the back-and-forths inside the gaming community.

In awarding the massive contract to Obscure, the government has already identified the privacy concerns from both serious gamers and novices that could be brought up as they conduct their research. That’s why the Department of Homeland Security has decided that Americans will be sparred sleuthing while the computer company’s forensic experts try to hack hard drives and systems of consoles. In attempting to crack those codes, Obscure is only being allowed to operate and investigate used consoles sold outside of the United States. So while the DHS takes the “joy” out of “joystick,” they will without a doubt still be sticking it to someone. In the meantime, they just won’t be gamers in the States (RT, 2012)

Title: Pentagon Sets Up Fast Track For Buying Cyber War Tools
Date: April 12, 2012

Abstract: The Pentagon is establishing a fast-track acquisition process that would enable it to develop new cyber warfare capabilities within days or months if urgently needed, the Defense Department said in a report to Congress.

The process, which would be overseen by a new senior-level Cyber Investment Management Board, aims to streamline the sluggish traditional defense acquisition process to meet the rapid pace of events in cyberspace, the 16-page report said.

Congress, in defense legislation enacted last year, directed the Pentagon to develop a strategy that would enable it to speedily acquire cyber warfare tools, applications and other capabilities. The Pentagon sent a report to Congress late last month outlining the strategy.

The report, a copy of which was obtained by Reuters on Thursday, said the Pentagon's acquisition process for cyber warfare capabilities will be divided into two paths - one rapid and one deliberate - that would be used depending on urgency.

"The framework allows for alternative acquisition processes to be tailored to the complexity, cost, urgency of need and fielding timeline associated with developing the cyber warfare capability being developed," the report said.

"Programs with higher risk and longer fielding times, and therefore greater cost and complexity, will be managed with greater oversight and more centralized approvals," it said.

Under the process, cyber needs could be identified and put forward by many different organizations within the department.

U.S. Cyber Command, the combatant command set up nearly two years ago to defend military networks and carry out offensive cyber operations if ordered, would validate the needs. Teams at Cyber Command would decide which acquisition track to follow.

The rapid approach would generally be used "in response to urgent, mission-critical needs in support of current operations or emerging threats," the report said.

It would take advantage of previously developed and acquired capabilities, or nearly mature capabilities under development by industry, it said.

To meet short operational timelines, some traditional acquisition requirements could be postponed or eliminated, like planning documents or certain testing activity, the report said.

The deliberate process would include "more time for acquisition planning, consideration and analysis of options," but it would still be speedier than the timeline for most military weapons purchase, the report said.

The Pentagon will establish storage spaces for holding cyber warfare tools and applications, sites that could be used as platforms for collaboration. Cyber Command would be required to maintain a registry of cyber warfare tools.

The Cyber Investment Management Board is being established to oversee the process and coordinate investments in cyber warfare capabilities across the Defense Department, the report said.

The new board is needed in part because the cost of most cyber warfare tools is less than the threshold that would require oversight by other Pentagon processes, like the Major Defense Acquisition Program.

The Cyber Investment Management Board would be jointly chaired by Frank Kendall, acting undersecretary of Defense for Acquisition, Technology and Logistics; James Miller, acting undersecretary of Defense for Policy; and Admiral James Winnefeld, vice chairman of the Joint Chiefs of Staff.

The report said some aspects of the new process are already in place, but many of them, including establishment of the oversight board, would be rolled out over the next six months (Reuters, 2012).

Title: Google Warns Users Of State-Sponsored Hacking
Date: June 6, 2012

Abstract: Google has started warning users when it thinks they may be targets of government-sponsored hackers, the Internet giant announced.

Users whose accounts are compromised get a message at the top of their browser saying: "Warning: We believe state-sponsored attackers may be attempting to compromise your account or computer."

Users in China have already begun getting the message, said one former journalist who used to work in Beijing.

"I got this warning three times," said Mei, who asked to be identified only by her first name for security reasons.

Concerned that the warning itself was an attempt to hack her account, she posted a question in a closed Google group, asking if anyone else got the message.

"So far about 10 of us have received the same message, some in Chinese, some in English," she said. The group has about 200 members, she said.

"Some people are not even that surprised because they have suspicious followers on Twitter or Google," she said.

But Mei said she was startled to find out she was apparently a target because she is not a journalist anymore.

"I left this industry about three years ago, in 2009, and left Beijing. I was really surprised that I was still a target," she said.

Google did not accuse China of being behind the hacking, but the company has been at odds with Beijing in the past over Chinese attempts to control Internet use.

Google declined to say how it could tell that governments were behind the hacking attempts.

"We can't go into the details without giving away information that would be helpful to these bad actors," Eric Grosse, Google security engineering vice president, said Tuesday in a post on the company's website.

"But our detailed analysis -- as well as victim reports -- strongly suggest the involvement of states or groups that are state-sponsored," he said.

Getting the warning does not mean a user's account has been hacked, the company said, but that Google believes the account has been a target of phishing, malware or other hacking tools.

Google advises users who get the message to strengthen passwords and update software. It also encourages users to be careful about where they enter their passwords (CNN, 2012)

Title: US Accused Of Creating Three More Computer Super-Viruses
Date: September 17, 2012

Abstract: Two independent teams of researchers studying the Flame computer virus believe that the maker of the malware — all but certain to be the United States — has architected three additional programs to conduct clandestine cyberwar or espionage.

Both Symantec Corp of the United States and Kaspersky Lab of Russia acknowledged on Monday that their research of Flame has led them to believe that whoever had a role in creating that virus has also put their efforts behind three other similar programs.

A team of engineers at Kaspersky released new information on Monday collected during forensic analysis of Flame command-and-Control servers that were examined with the assistance of Symantec, ITU-IMPACT and CERT-Bund/BSI. Researchers had first disclosed in May that Flame, a sophisticated espionage virus, targeted computer systems in Iran and was likely the product of a nation-state, specifically the US. With this week’s update, however, it appears as if the United States’ endeavors in cyberwar may have stretched past even what researchers had imagined.

“Based on the code from the servers, it can be said that they were working with at least three other programs similar to Flame. The code names of those programs are IP, SP and SPE,” Kaspersky Lab chief security expert Aleks Gostev told RT. 

Although the United States government has not gone on the record to take credit for either Flame or Stuxnet, a similar computer worm that targeted Iranian nuclear facilities first discovered in 2010, experts have long maintained that the US is involved in both viruses, perhaps even enlisting Israeli scientists for assistance.

Speaking at a TED Talk in 2011, researcher Ralph Langner said, "My opinion is that the Mossad is involved but that the leading force is not Israel. The leading force behind Stuxnet is the cyber superpower – there is only one; and that's the United States."

In January of this year, Mike McConnell, the former director of national intelligence at the National Security Agency under George W Bush, told Reuters that the US had indeed attacked foreign computer systems at one time or another, and confirmed that America has “the ability to attack, degrade or destroy” the e-grids of adversaries. When the New York Times followed up with a report of their own only five months later, members of US President Barack Obama’s national security team admitted on condition of anonymity that the White House continued cyber-assaults on Iran’s nuclear program through Stuxnet, which Mr. Obama himself endorsed.

Once compared with coding from Flame, security experts saw an immediate correlation.

“Stuxnet of 2009 had a large piece of code similar to that of Flame, so apparently creators of Stuxnet and Flame were working in close collaboration,” Gostev from Kaspersky Lab said. 

With America all but confirmed as the culprit behind both viruses, this week it’s revealed that the United States may have crafted another three coded programs to target Iran and its allies. Speaking to Reuters, researchers involved in the latest analysis say they are still trying to figure out the basic facts about the three new viruses, but believe that the same entity responsible for Stuxnet and Flame are at it again.

"We know that it is definitely out there. We just can't figure out a way to actually get our hands on it. We are trying,"Symantec researcher Vikram Thakur tells Reuters.

Also in their report, Kaspersy say that the heavy encryption and nature of the newest programs “fits the profile of military and/or intelligence operations" (RT, 2012).

Title: DHS Issued False ‘Water Pump Hack’ Report; Called It A ‘Success’
Date: October, 2012

Abstract: When an Illinois fusion center distributed a report last year stating that hackers from Russia had broken into a water district’s SCADA system and sabotaged a water pump, the Department of Homeland Security stepped in publicly to denounce the report as false, blaming the regional fusion center for spreading unsubstantiated claims and sowing panic in the industrial control system community.

But while DHS was busy pointing a finger at the fusion center, its own Office of Intelligence and Analysis had been irresponsibly spreading the same false information privately in a report to Congress and the intelligence community, according to a Senate subcommittee investigation released late Tuesday. The DHS report was issued five days after the fusion center report was issued.

Even after the FBI and other investigators concluded a few days later that there was no merit to the hacking claims and that the reports were false, the DHS intelligence unit did not issue a correction to its report or notify Congress or the intelligence community that the information it spread was incorrect.

Officials behind the false claims told Senate investigators that such reports weren’t meant to be “finished intelligence” and that despite their report’s inaccuracies and sloppy wording they considered it to be a “success.”

“[It did] exactly what it’s supposed to do – generate interest,” DHS officials told Senate investigators.

The revelation is buried in a lengthy report released by the Senate’s bipartisan Permanent Subcommittee on Investigations, which examines the many failings of state fusion centers, which were set up in the wake of the 9/11 terrorist attacks in an effort to improve intelligence collection and dissemination for state, local and federal law enforcement and counter-terrorism agencies.

The water pump hack report spawned dozens of sensational news stories when it was leaked to reporters in November 2011. The fusion center report, which was titled “Public Water District Cyber Intrusion,” was distributed by the Illinois Statewide Terrorism and Intelligence Center on Nov. 10 and given to state and federal law enforcement agencies, utilities and other groups.

The report, which was meant to be confidential, claimed that attackers from Russia had hacked into the network of a software vendor that made the SCADA system used by a water district in Illinois and stolen usernames and passwords that the vendor maintained for its customers. The hackers then supposedly used the credentials to gain remote access to the utility’s network and cause a water pump to burn out. The report was leaked to the media by an industrial control systems expert who had gained access to it.

The report was significant at the time because it represented the first known attack of this kind involving hackers breaking into an industrial control system in the U.S. and sabotaging equipment. As the Senate investigators point out in their report, earlier that year Defense Department officials had stated that the U.S. would treat such attacks on critical infrastructure systems as an act of war if they caused widespread casualties.

But none of the information was true, and the authors of the fusion center report could have easily discovered this had they bothered to investigate the matter even a little.

Someone did access the water district’s SCADA system from Russia, but it was a water district contractor who was asked to access the system by water district employees, as Wired first reported. They had called him to seek his opinion on something while he was on vacation in Russia, and he had logged into the system remotely to check on some data for them.

When the pump broke five months later and someone examined the network logs to determine the cause, they found an IP address from Russia listed in the logs next to the username and password of the contractor. No one ever bothered to call the contractor to see if he had logged in from Russia; they just assumed someone in Russia had stolen his credentials.

The assertion by the fusion center that the pump was sabotaged by intruders from Russia was all the more perplexing since the contractor had logged in from Russia five months before the pump broke, the Senate investigators point out.

Nonetheless, five days after the fusion center issued its report on Nov. 10, officials from DHS’s Office of Intelligence & Analysis issued their own report, inexplicably repeating the same claims that the fusion center had made.

“Like the fusion center report, DHS stated the allegations as fact, not as theory, claim or hunch,” the Senate report says, noting that DHS guidelines forbid the department from reporting on information if it’s just a theory, claim or hunch.

The author of the DHS report, a senior reports officer in the Intelligence and Analysis branch, claimed in his report that the information was based on “first and secondhand knowledge of information” that was “deemed reliable.” The report never indicated that the information was based on conjecture.

A slide that the I&A office prepared for an intelligence briefing stated emphatically that the Illinois water district’s SCADA system had “experienced a network intrusion from a Russian IP address” and said that the perpetrator hijacked an “authorized user account” and that “system controls were manipulated resulting in a pump burnout.” The information was included in a daily intelligence briefing that went to Congress and the intelligence community.

A week after the DHS intelligence report was released, investigators from DHS’s Industrial Control Systems-Cyber Emergency Response Team (ICS-CERT) arrived in Illinois to investigate the apparent intrusion. They quickly determined, after speaking with the contractor whose name had shown up in the logs, that the fusion center and the DHS intelligence reports were wrong and that the failed pump was not the result of a hack attack at all.

“Almost no part of the initial reports of the incident had been accurate – not the fusion center report, or DHS’s own intelligence report, or its intelligence briefing,” write the Senate investigators in their report. “The only fact that they got right was that a water pump in a small illinois water district had burned out.”

On Nov. 22, the DHS released a statement saying that there was no evidence to back the fusion center claims that the utility had suffered a cyber intrusion, that credentials were stolen or that any malicious activity was behind the failed water pump.

On Nov. 30, after Wired published a story identifying the contractor who had logged into the system from Russia and revealed the true facts behind the “cyber intrusion”, DHS pointed the finger at the fusion center for releasing information that had not been verified.

A spokeswoman for the Illinois State Police, which is responsible for the fusion center, pointed the finger at local representatives of DHS, FBI and other agencies who she said were responsible for compiling information that gets released by the fusion center.

And then DHS pointed another finger back at the fusion center, saying if the report had been DHS-approved, six different offices would have had to sign off on it.

“Because this was an Illinois [fusion center] product, it did not undergo such a review,” a DHS official told Wired at the time.

But according to the Senate report, DHS had indeed released its own separate report that restated the same false claims that the fusion center report had stated.

When Senate investigators asked officials from the I&A office about their report, the officials acknowledged that they had not included caveats in the report to indicate that the information was uncorroborated and based on hypotheses, but they defended their hurried reporting by saying there was “a premium for getting [intelligence reports] out.”

And despite the fact that their office is called the Office of Intelligence & Analysis, they told investigators that “analytical judgements are saved” – that is, analysis is not included in such reports (Wired, 2012).

Title: Google And Iran Both Warn Of State-Sponsored Computer Attacks
Date: October 4, 2012

Abstract: Google is warning thousands of Gmail customers this week that state-sponsored attackers may be trying to compromise their computers, an admonition that comes as authorities in Iran claim that their systems are coincidently being targeted as well.

Although neither Google nor Iran has explicitly singled-out a specific culprit or country as being behind the assaults, the Silicon Valley search engine says attacks on their servers are thought to be “state-sponsored.”

Mike Wiacek, the manager of the company’s information security team, tells The New York Times that suspicious activity is believed to be coming from “a slew of different countries” in the Middle East.

Google first informed customers in June that they suspected malicious activity was targeted a large chunk of their users, dispatching warnings at the time the suspected victims reading, “We believe state-sponsored attackers may be attempting to compromise your account or computer.”

Mr. Wiacek now tells The Times that new intelligence gathered in the three months since has prompted Google to begin warning “tens of thousands of new users” this weekthat they may be targets. A new group of users were cautioned this week, to which several known journalists and foreign policy experts announced over Twitter that they had been recipients of the latest string of warnings.

“Aaaaand I just got Google’s ‘you may be a victim of a state-sponsored attack’ notice. #WhatTookYouSoLong?” Noah Schactman, the editor of Wired’s “Danger Room” blog, wrote over Twitter.

The latest warnings from Google come only days after groups claiming Middle Eastern affiliation credited themselves with temporarily knocking offline the websites of several major US financial institutions, including JPMorgan Chase, Bank of America, Citigroup and Wells Fargo. Responding to those distributed-denial-of-service attacks, CrowdStrike Security President George Kurtz told the Times, “We absolutely have seen more activity from the Middle East, and in particular Iran has been increasingly active as they build up their cyber capabilities.”

“There is also a strong activist movement underfoot, which should be concerning to many large companies. The threat is real, and what we are seeing now is only the tip of the iceberg,” Mr. Kurtz said.

Meanwhile, authorities in Iran say that their systems are being targeted as well. And although assaults waged at the Iranian computer infrastructure are nothing new, the coinciding attacks suggest a cyber-war could indeed be heating up between American entities and the United States’ foreign adversaries.

Mehdi Akhavan Behabadi, secretary of the High Council of Cyberspace, tells the Iranian Labour News Agency that his country is cracking down on access to content on the Web as investigators try to determine the culprit behind an onslaught of attacks this week that are affecting several sectors of the Iranian e-grid.

“Yesterday we had a heavy attack against the country's infrastructure and communications companies which has forced us to limit the Internet," Behabadi tells Reuters in an article published Wednesday. "Presently we have constant cyber-attacks in the country. Yesterday an attack with a traffic of several gigabytes hit the Internet infrastructure, which caused an unwanted slowness in the country's Internet.”

Iranian official suspect the assault on their systems are state-sponsored as well, but are looking west for a possible guilty party: previously, engineers and computer experts have linked at least two types of viruses acting maliciously on Iran’s computer to the United States: the Stuxnet worm and the Flame virus. This time around, Behabadi once again suggests that the assault is more than just a maneuver from a few well-coordinated computer hackers.

"All of these attacks have been organized. And they have in mind the country's nuclear, oil, and information networks,”he adds to Reuters.

Although the US had not admitted responsibility in either Flame or Stuxnet, the malware has long been assumed to have been developed in cooperation with American engineers. Experts at Russia’s Kaspersy Labs reported last month that they identified three new, similar viruses that they believe are related to the others sent to infect Iran, saying the malware’s coding “fits the profile of military and/or intelligence operations."

Previously, Kaspersky Lab chief security expert Aleks Gostev claimed, “Stuxnet of 2009 had a large piece of code similar to that of Flame, so apparently creators of Stuxnet and Flame were working in close collaboration.” Now both Kaspersky scientists and researcher with the United States’ Symantec Corp. believe that whoever is responsible for those viruses are prepared to unleash upwards of three others. Whether or not the current attack being waged against Iran is related to those viruses has yet to be confirmed.

Earlier this week, the White House announced that hackers attempted to infiltrate an unclassified computer network used by US President Barack Obama. The Washington Free Beacon reported that the Chinese were assumed responsible for “Beijing’s most brazen cyber-attacks against the United States and highlights a failure of the Obama administration to press China on its persistent cyber-attacks,” although the White House did not name any suspects. The alleged “cyber attack,” Washington later confirmed, was an attempted spear-phishing assault — a primitive method of trying to coerce victims into disclosing person information over email (RT, 2012).

Title: Israeli Cyber Attacks Targeted Offshore Oil, Gas Platforms – Iran IT Head
Date: October 8, 2012
Source: RT

Abstract: Iran’s offshore oil and gas platforms were the targets of the cyber attacks aimed at crippling the country. All threats were repelled and Israel was behind them, according to head of IT at the Iranian Offshore Oil Company, Mohammad Reza Golshani.

Golshani told Reuters that the attack happened over the past couple of weeks, was routed through China, and affected only the communications systems of the network.

It is almost two weeks since the managing director of the National Iranian Offshore Oil Company Mahmoud Zirakchianzadeh announced his company’s negotiations over deals worth US$14 billion.

Iran is currently under pressure from the international sanctions, mainly in oil exports, imposed by the UN Security council, the US, and the EU.

On Saturday, the EU threatened to ban Iran’s natural gas export to put pressure on the country’s nuclear program. Iran’s now exporting to Turkey and has swap deals with Armenia and Azerbaijan.

The possible ban was described by a spokesman of the oil ministry Alireza Nikzad-Rahbar as a "propaganda campaign" because “right now no EU member imports Iranian gas supply.”

The UN Security Council imposed four rounds of sanctions in efforts to pressure Tehran to give up its nuclear program, which the West fears is aimed at creating a nuclear weapon. Iran insists its nuclear ambitions are peaceful. The sanctions targeted Iran’s oil exports and cut off access to international banking networks.

Tehran is being pressured not only with sanctions: the country has been variously attacked by Flame, Stuxnet and Gauss, three viruses that gathered information on sensitive Iranian equipment and slowed down its nuclear centrifuges. They were tacitly confirmed to have been launched by the US and Israel, as a way of slowing down the country’s atomic program, which the West says is aimed at eventually producing nuclear weapons. A claim Iran emphatically denies.

Iran has reported several computer attacks in recent months and a Revolutionary Guard commander said last month the country would defend itself in case of a "cyber war".

Tehran is seeking to developing a national Internet system, which it says would improve cyber security. But many Iranians say the plan is the latest way to control their access to the Web, which is already highly censored (RT, 2012).

Title: Is 'MiniFlame' Spyware Latest Work Of U.S. Intelligence?
October 15, 2012
Fox News

Alex. Barbara. Charles. Drake. Elvis. Eve. Fiona. Sam. Sonia. Tiffany.

What do all these names, some of which belong to popular singers, have in common? They're commands used by a new state-sponsored computer-espionage tool discovered by Russian anti-virus firm Kaspersky Lab.

The espionage tool, dubbed "John" by its creators but "miniFlame" or "SPE" by Kaspersky researchers, appears to have come from the same malware factory that created Stuxnet, Duqu, Flame and Gauss.

"If Flame and Gauss were massive spy operations, infecting thousands of users, miniFlame/SPE is a high-precision, surgical attack tool," wrote an unnamed Kaspersky researcher in an official blog posting Monday.

Your Tax Dollars at Work
Kaspersky's report, while exhaustive, discreetly avoids the elephant in the room: All the above-named pieces of malware, plus miniFlame, are probably the work of American intelligence agencies. All of them primarily target computer systems in the Middle East, and miniFlame is no exception.

'Variants were reported in other countries, such as Iran, Kuwait and Qatar.'

- Kaspersky Lab statement

"We believe that the choice of countries depends on the SPE variant," the Kaspersky blog posting said. "For example, the modification known as '4.50' is mostly found in Lebanon and Palestine. The other variants were reported in other countries, such as Iran, Kuwait and Qatar."

The largest number of infected machines was found in Lebanon. Significant numbers appeared to be in France and the U.S., but Kaspersky discounted many of those as the result of proxy connections bouncing off servers in those countries while masking the users' true locations.

"MiniFlame is in fact based on the Flame platform but is implemented as an independent module," said the Kaspersky blog. "It can operate either independently, without the main modules of Flame in the system, or as a component controlled by Flame."

A Bunsen Burner and a Cigarette Lighter
Flame is a very large, very sophisticated piece of spyware that Kaspersky and other research facilities discovered in May, though it is believed to date back to 2007. (MiniFlame may be a bit younger, with known versions created over a one-year period ending in September 2011.)

Flame infects a targeted computer by posing as a Windows security update — itself a remarkable feat — and then turns the computer into a massive spying device.

It secretly turns on the microphone and webcam to record audio and video, takes countless screenshots, maps out the local network (and infects other machines on it), captures email and instant messages, logs Web-browsing history and copies files. Then it sends all the recorded data to a command-and-control server before erasing itself.

MiniFlame does most of the same things, but with more precision, going after only certain files instead of harvesting everything. It also can send collected data to an attached USB drive if the infected machine is not connected to the Internet, in hopes the USB drive will eventually be plugged into a machine that is. (The Stuxnet worm used a similar "sneakernet" method of distribution.)

Last month, an analysis by Kaspersky and the American anti-virus firm Symantec of two of Flame's command-and-control servers, which had been seized by European police, revealed that the servers were coded to receive input from four existing pieces of malware: Flame and three others that hadn't yet been found. Kaspersky thinks that miniFlame is, in fact, one of those three.

Burning Money
Most interestingly, Kaspersky found in today's report that MiniFlame can be used with Gauss, a bank-account information-stealer that was found targeting Lebanese banks earlier this summer. Until the discovery of miniFlame, there wasn't anything solidly linking Gauss to the other pieces of state-sponsored malware.

Kaspersky earlier established that some Flame modules were used in an early version of Stuxnet , which crippled an Iranian nuclear-fuel processing facility in 2010. In June, government sources told the Washington Post that Flame was a reconnaissance tool used to "prepare the battlefield" for Stuxnet. Duqu is a seldom-seen information-stealer that shares much of its code with Stuxnet.

All of these pieces of malware may be part of "Olympic Games," a U.S. cyberintelligence operation directed against the Iranian nuclear program that the New York Times says was begun by President George W. Bush and accelerated by President Barack Obama.

Iran, currently battling crippling international sanctions imposed upon it for not giving up what appears to be a nuclear-weapons program, has a lot of money tied up in Lebanese banks and can be assumed to be using those banks to evade sanctions.

For American intelligence operatives, miniFlame would serve a double duty in both tracking the Iranian nuclear program and the money used to fund it (Fox News, 2012).

Title: Inside 'Plan X:' The Pentagon’s Plan For Cyberweapon Central
Date: December 1, 2012
Fox News

Abstract: The Pentagon plans to bring warfare into the 22nd century, creating a new system to "map" the digital battlefield of cyberspace, defining a playbook for deploying cyberweapons and designating a management facility in Arlington, Va. to bring it all together.


New publication from the Pentagon's research arm details a foundation for cyberwarfare.

Heart of program is a digital map of the cyberlandscape

Experts see not cyberwar but smaller skirmishes against industrial facilities, businesses

It’s called Plan X, and it makes one thing very clear: Cyberwar is the future.

On Nov. 20, Pentagon research arm DARPA -- short for the Defense Advanced Research Projects Agency -- released a document called “Foundational Cyberwarfare (Plan X),” a 52-page outline of how to fight a cyberwar. Its heart is a new map of cyberspace, a real-time rendering of the world of computers and how they connect -- switches, bridges, nodes and so on. It then seeks “support platforms” that can deploy cyberweapons, measure damage, strengthen defenses and communicate.

“The Department of Defense (DoD) has developed superior capabilities over decades in the physical domains of land, sea, air, and space,” the document explains. “When called upon, the U.S. military must have equally superior capabilities to rapidly plan, execute, and assess the full spectrum of military operations in cyberspace.”

These range from espionage against private industry to attacks like the Stuxnet worm that hit Iran’s nuclear efforts in 2010. And it’s the new world of warfighting, said Andrew Serwin, a member of the advisory board of the Naval Post Graduate School's Center for Asymmetric Warfare and an expert on cyberwarfare.

“You’re at a time where large physical war is winding down, and that physical domain is giving way to the cyberdomain,” Serwin told

He believes the document is evidence of a shift in focus for the Department of Defense. The agency is unlikely to fight a major “cyberwar” -- if such a thing could ever really take place -- instead eyeing the security holes posed by corporations and infrastructure.

In other words, while a hostile nation is unlikely to drop an A-bomb on Arkansas, they might hire someone to attack the computers governing the water supply.

''If Google doesn’t have the resources to withstand a cyberattack, probably very few companies in the United States do.

- Roy Hadley, a partner at law firm Barnes & Thornburg

“When does a cyberattack become cyberwar?” Serwin asked. “Is there really a distinction if you kill a bunch of people via a cyberattack, something you do to their water supply, versus if you drop a bomb on them? The threat vectors are no longer something the public sector can control.”

Roy Hadley, a partner at law firm Barnes & Thornburg where he heads the cybersecurity practice, pointed as evidence to the 2010 dust-up between Google and China. It’s widely believed that Chinese hackers compromised the Web giant’s servers, leading Google to seek government support.

“If Google doesn’t have the resources to withstand a cyberattack, probably very few companies in the United States will have that capability,” he told

DARPA’s Plan X could be seen as support in this critical area. The document is a public request for proposals on a variety of topics, from mapping networks to deploying weapons; DARPA sources, stressing that it will not fund new cyberweapons, say it has a five-year, $110 million timeline.

“The Plan X program seeks to integrate the cyber battlespace concepts of the network map, operational unit and capability set in the planning, execution, and measurement phases of military cyber operations,” DARPA sources told

The heart of Plan X is a new graphical view of cyberspace not unlike a large-scale computer game -- "World of Warcraft" for the Army -- showing ongoing operations and real-time networking data.

“The cyber battlespace graphing engine is the core of the Plan X system. The graphing engine’s primary task is to receive, store, model, retrieve and send cyber battlespace information to other Plan X system components,” the document reads.

Before its cyberarmy is fully equipped, the Pentagon hopes to develop a “playbook” like that a football coach employs or the flight plan for an airplane.

"Planners may develop specific and unique ‘plays’ to assist in planning future missions. This concept is similar to a football playbook that contains specific plays developed for specific scenarios,” Plan X reads.

Once the Pentagon has built this map, It plans facilitates to coordinate the defense, an on-site "collaborative research space" in Arlington, Va., for staff with secret security clearance.

"Representatives from the Armed Forces will work directly with DARPA and the research teams at the Collaborative Research Space," DARPA program manager Dan Roelker told

These facilities, the playbook, the new maps and cyberdefenses may help support the weak points in the country: the private sector, Serwin told

“The reality is, it’s a lot easier to attack the private sector than it is to attack the DoD network or the CIA network,” he said (Fox News, 2012).

Title: Pentagon To Boost Cybersecurity Force
Date: January 27, 2013
Washington Post

Abstract: The Pentagon has approved a major expansion of its cybersecurity force over the next several years, increasing its size more than fivefold to bolster the nation’s ability to defend critical computer systems and conduct offensive computer operations against foreign adversaries, according to U.S. officials.

The move, requested by the head of the Defense Department’s Cyber Command, is part of an effort to turn an organization that has focused largely on defensive measures into the equivalent of an Internet-era fighting force. The command, made up of about 900 personnel, will expand to include 4,900 troops and civilians.

Details of the plan have not been finalized, but the decision to expand the Cyber Command was made by senior Pentagon officials late last year in recognition of a growing threat in cyberspace, said officials, who spoke on the condition of anonymity because the expansion has not been formally announced. The gravity of that threat, they said, has been highlighted by a string of sabotage attacks, including one in which a virus was used to wipe dat a from more than 30,000 computers at a Saudi Arabian state oil company last summer.

The plan calls for the creation of three types of forces under the Cyber Command: “national mission forces” to protect computer systems that undergird electrical grids, power plants and other infrastructure deemed critical to national and economic security; “combat mission forces” to help commanders abroad plan and execute attacks or other offensive operations; and “cyber protection forces” to fortify the Defense Department’s networks.

Targeting ‘Malicious Actors’
Although the command was established three years ago for some of these purposes, it has largely been consumed by the need to develop policy and legal frameworks and ensure that the military networks are defended. Current and former defense officials said the plan will allow the command to better fulfill its mission.

“Given the malicious actors that are out there and the development of the technology, in my mind, there’s little doubt that some adversary is going to attempt a significant cyberattack on the United States at some point,” said William J. Lynn III, a former deputy defense secretary who helped fashion the Pentagon’s cybersecurity strategy. “The only question is whether we’re going to take the necessary steps like this one to deflect the impact of the attack in advance or . . . read about the steps we should have taken in some post-attack commission report.”

Although generally agreed to by the military’s service chiefs, the plan has raised concerns about how the Army, Navy, Marines and Air Force will find so many qualified cybersecurity personnel and train them. It also raises deeper issues — which are likely to intensify as the Cyber Command grows over the years — about how closely the command should be aligned with the National Security Agency, the giant electronic-spying agency that provides much of its intelligence support.

The head of the Cyber Command, Gen. Keith B. Alexander, is also the director of the NSA, which employs some of the nation’s most advanced cyber-operations specialists.

The new force structure was alluded to last fall in a major speech by Defense Secretary Leon E. Panetta, who said, “Our mission is to defend the nation,” and noted that the department was “putting in place the policies and organizations we need to execute the mission.”

In an interview, a senior defense official said that the “national mission” teams would focus their efforts overseas and that any actions they took would be directed outside U.S. networks — unless the teams were asked to provide assistance to another agency with domestic authority, such as the FBI.

“There’s no intent to have the military crawl inside industry or private networks and provide that type of security,” the official said.

He stressed that the military would act only in cases in which there was a threat of an attack that could “really hurt,” adding: “We’re not talking about doing something to make sure that Mrs. Smith’s bank account didn’t get hijacked by somebody.”

The plan to expand the Cyber Command comes at a time when the military’s services are being ordered to cut spending, a reflection of how important senior military officials consider the need to improve the nation’s cybersecurity footing. Some military officials have grudgingly accepted the need to contribute personnel to an expanded cybersecurity force. There are also differences over how much control the combatant commands will have over cyber teams.

The “combat mission” teams may help commanders in operations such as a cyber component to disable an enemy’s command-and-control system before a conventional attack. Each region will have teams that focus on particular threats — say, from China or Iran.

“You get the resource guys sucking a lot of air through their teeth because they know their service chiefs have backed it,” one Navy official said. “So they have to find the resources to pay for the people.”

Alignment with NSA
Some military and defense officials question whether the Cyber Command can reach its full potential as a military command as long as it is so dependent on the NSA and is led by the NSA’s director. The close relationship between the two has had its advantages, officials say: The agency can peer into foreign networks and provide the command with intelligence, including in cases in which an adversary is suspected of planning a computer attack or developing a potent virus.

“That gives you an advantage of being able to plan for and be prepared to react,” the defense official said.

But the NSA is so intertwined with the Cyber Command — the two operations centers are located side by side, and, until recently, some Cyber Command personnel had e-mail addresses — that some current and former officials wonder whether the military command can create an independent, strategic doctrine. The concern is that the intelligence agency’s priorities will dominate, with an emphasis on the development of tools that are useful for surveillance but not necessarily for disrupting adversaries.

There’s a “cogent argument” to be made that for the Cyber Command to become a true military command, “you sever that” relationship, one military official said.

But, in fact, said one former intelligence official, the NSA uses military personnel to do much of its work and pays for a good portion of the services’ cyber operators. “That’s been the plan all along,” the former official said. “Take the talent resident in NSA, turn it into [cyber] attack talent.”

With the decision to expand the Cyber Command, Alexander, who has been asked to stay on until summer 2014, is seeing some of his vision fulfilled. He has sought independent budget authority for the Cyber Command to hire and control forces, similar to the way Special Operations Command can. He has not won that authority, though officials agreed to give him the additional forces. He also has the support of senior Pentagon officials to elevate the Cyber Command to full command status, out from under the aegis of Strategic Command. But that move, which requires consulting with Congress, is not happening just yet, officials say (Washington Post, 2013).

Title: US Draws Up Battle Plan To Stave Off Digital Attack Cyberstrikes
Date: February 4, 2013

Abstract: The US could launch pre-emptive cyber strikes against countries it suspects of threatening its interests with a digital attack, under a new set of secret guidelines to safeguard the nation’s computer systems.

The rules – the country’s first on how it defends or retaliates against digital attacks – are expected to be approved in coming weeks, and are likely to be kept under wraps, much like the policies governing the country’s controversial drone programme. 

A secret legal review into the new guidelines has already decided that President Barack Obama has the power to order such pre-emptive strikes if faced with credible evidence of a looming attack, according to the New York Times, which quoted unnamed officials involved in the review.

The revelations come just days after an array of American media organisations, including the New York Times and The Washington Post, said their computer networks had been infiltrated by Chinese hackers. The risk of digital attacks was also underlined by a recent US Department of Homeland Security (DHS) report which revealed that a computer virus had forced an unidentified US power plant to go offline for three days last year.

The US, meanwhile, is known to have conducted cyber attacks of its own, with President Obama reported to have approved a wave of assaults against Iran during his first term. The programme, code-named “Olympic Games”, targeted Iranian nuclear facilities with malicious computer worms. It began under President George W Bush, but Mr Obama is believed to have ordered an acceleration of the digital attacks when he took office. The details only came to light when the Stuxnet worm – believed to have been developed by the US and Israel – surfaced on the internet. Last month, the Iranian government officially denied it had any hand in a recent string of cyber attacks on US financial institutions.

Inside the Obama administration, John Brennan, the President’s counterterrorism chief during his first term and now his nominee to head the Central Intelligence Agency (CIA), has reportedly been a key player in crafting policies governing the drone programme and the new area of cyber warfare.

And while the American military faces deep budgets cuts, the Pentagon recently approved a major expansion of its so-called “Cyber Command”. Currently around 900-strong, the country’s cybersecurity force will swell to some 4,900 troops in the next few years, according to The Washington Post.

Given the capability of digital weapons, few decisions are likely to be taken without the nod of the President himself.

“There are very, very few instances in cyberoperations in which the decision will be made at a level below the president,” an official told the New York Times.

But concerns are already growing about the lack of transparency in the way the administration is tooling up for war in the digital world. “What concerns us is not the growth of forces but the way it is happening behind the scenes,” said a Washington Post editorial published at the weekend (Independent, 2013).

Title: US Considering Pre-Emptive Cyberattacks
Date: February 6, 2013

Abstract: Media reports claim that the US is secretly claiming the right to launch pre-emptive cyberattacks in "credible threat" scenarios, in the wake of the attacks on US media outlets. But how credible are those threats?

The damage done by cyberattacks is not always immediately apparent, even after they have been carried out. Many were surprised when the New York Times, the Wall Street Journal and the Washington Post announced recently that they had been hit for over four months by cyberattacks, in part coming from China. Perhaps more alarmingly, the US Department of Homeland Security said that one power station had been knocked out for weeks by a cyberattack, though it declined to say which.

The US has of course launched a number of digital onslaughts of its own, most notably on Iran's nuclear enrichment facilities. And that attack was not risk-free, as the so-called Stuxnet virus injected into Iranian systems ended up being leaked onto the Internet and copied millions of times.

A number of security firms and analysts have warned that cyber warfare will escalate in 2013, with some warning that it could be only a matter of time before a cyberweapon takes lives like any other weapon would. "Nation-state attackers will target critical infrastructure networks such as power grids at unprecedented scale in 2013," predicted Chiranjeev Bordoloi, CEO of US security company Top Patch, speaking to CNN. "These types of attacks could grow more sophisticated, and the slippery slope could lead to the loss of human life."

"A cyber attack perpetrated by nation states or violent extremist groups could be as destructive as the terrorist attack of 9/11," Defense Secretary Leon Panetta said last October. "Such a destructive cyber terrorist attack could paralyze the nation."

That view appeared to be confirmed by a report in the New York Times on Sunday (03.02.2013), which indicated that the arsenal of cyber weapons now at the disposal of the US and other nation-states is larger than most suspect. "There are levels of cyberwarfare that are far more aggressive than anything that has been used or recommended to be done," one official told the paper on condition of anonymity.

Defining rules of cyber engagement
That begs many questions - such as: who is able to order such attacks, and under what circumstances? According to the officials quoted in the New York Times, the answer to the first question is pretty clear - only the president. "There are very, very few instances in cyberoperations in which the decision will be made at a level below the president," the official said, and "automatic retaliation" for a cyberattack on the US has also been ruled out.

But the answer to the second question - the definition of when an attack may be carried out - remains deliberately vague. Panetta drew an ambiguous red line - once again invoking a "cyber 9/11" - but a secret legal review seen by the New York Times suggests that President Barack Obama has the power to order a pre-emptive strike, if the US has credible evidence of an imminent digital attack.

"It's not a surprise that the US wants to claim these powers," said Dave Clemente, research associate at the British Chatham House think tank. "However all the government sources cited so far have been anonymous, so it's difficult to know exactly why everyone's decided to speak of it at this moment. It's possible that it could be a well-timed leak to coincide with recent stories about hacking in the New York Times and the Washington Post and elsewhere, as an argument for more government action in this space."

It is all part of a decade-long effort to define the rules of engagement in a war where the weapons seem to be developing so rapidly that few even know what they can do. The Pentagon, along with many western defense ministries and departments, have created new cyber warfare divisions in recent years, and while defense cuts remain de rigueur, this is one military budget that is likely to expand.

But not every security analyst is convinced that cyberattacks present the apocalyptic dangers suggested by the US government. "I think it's been exaggerated," said Clemente. "We've not had very many examples to work from, in terms of what a very bad scenario might look like. It's all hypothetical. And the US government has chosen to release very, very little evidence to support these strong statements."

"There is more risk out there, but we don't understand it very well," he added. "These government announcements or anonymous leaks do follow a fairly well-established pattern of talking up various kinds of threats. And this isn't unique to cyberspace - we've seen this on and off over the course of the last 12 years. They don't mention the name of this power plant [that was supposedly attacked] or its location or anything more than 'this happened.' We're expected to take that at face value, and that's increasingly hard to do."

Nor is it at all clear that a successful cyberattack on the power grid, would have the devastating effect suggested by Panetta and others. As Clemente points out, there have been massive accidental power outages before, as in 2003, when almost 50 million people were without electricity for 48 hours. "And it wasn't a 9/11," he said. "There wasn't anarchy, there weren't riots or massive crime waves. People behaved quite sensibly. These are useful examples to look to when we talk about apocalyptic scenarios."

"A lot of things are possible - for example, switching off the power of a whole country - that is possible," Sandro Gaycken, computer science researcher at the Free University of Berlin and author of a 2012 book on Cyberwar, told DW. "But the question is whether someone would actually do it, because it's extremely time-consuming and costly and risky. So it's not really clear who would do that and with what motivation."

Potential dangers
Not that there are no increasing threats. "Attacks on financial markets, manipulating them to earn money, which are hardly talked about much, are already taking on virulent features," said Gaycken. "Also chemical attacks, gas explosions - it depends a lot on the technologies. Causing airplane crashes would also be relatively easy. Airplanes nowadays are all quite dependent on networks through basis stations, and they have very different security standards, and constantly communicate their data. And once you're in there, and you know your way around, it's relatively easy to bring systems down."

Clemente points out that the precedent set by the Stuxnet virus against Iran, which was released onto the Internet, was potentially dangerous. "Of course it gives people ideas - they can dissect it and figure out how it worked and use similar things elsewhere," he said. "But also I think it shows this contradiction between US advocacy of Internet freedom and transparency, and this use of what can be called a cyberweapon. And it will look very hypocritical" (DW, 2013).

Title: Israel’s Cyberwar Operations Against US
Date: February 22, 2013
Press TV

Abstract: A terror attack on America is in motion as I write. Defense contractors all over America are deploying their March 1st human shields. If contractors like the cyber warfare hustlers don’t get their money, we are all doomed. They are going to Samson Option us all.

After the US leading the world in cyber war development and stimulating those we have targeted to increase their own capabilities, this is now spun as ‘they are attacking us.’ And like the nuclear weapons that the Israelis don’t have, and the espionage operations they do not run here, we can now add to that list the cyber warfare that they don’t do. This is how our leaders protect us.

My instincts tell me they feel the sun is setting on their Iran attack plans so they have to replace that with something very expensive like the threat of a Pearl Harbor like cyber attack from the likes of China, Russia and Iran… but not Israel, even though Israel already has.

That’s right folks, after hours of reviewing dozens of past articles and YouTubes, sometimes listening to some really silly stuff, never once was Israel’s extensive cyber war operations mentioned.

The ‘pay up or die’ cyber war scam has been played on us before. The first big push came in 2010 with the November 60 Minutes TV show. The 2007 cyber attack on DC… the Pentagon, State Dept, NSA and others, where terabytes of classified information were taken, served as the trigger. But it also showed a huge failure on our part. Someone on the inside showed someone on the outside how to get in. Gosh, I wonder who?

It is claimed that we still don’t know who did it. But many of the top ‘War on Terror’ people from the Bush administration just happen to be major players with the big cyber warfare contractors now, and still good friends with the Israelis. So the bill was passed in 2010 and Americans began paying for having themselves monitored along with everybody else.

Going forward to February of 2012, there was some pushback to the beltway bandits as they are called, so they brought out their big guns. From FBI director Robert Mueller we had, “The cyber threat will equal or surpass the threat from counter terrorism.” Leon Panetta from the CIA was next with, “The next Pearl Harbor we confront could very well be a cyber attack that cripples our power systems.”

Cyber security had changed since the 2010 days. Jim Harper of the CATO institute said in 2012 that there was no chance whatsoever that nuclear power plants would be hacked or electrical infrastructure taken down. “The worst we would have is a disruption, and that is not terror, or a war.”

And from Congress we had Mike Rogers, Republican from Michigan, reading from his prepared script, “An attack is on its way… we will suffer a catastrophic attack…” Gosh, I wonder if he is an AIPAC man. Remember that Israel was still pushing hard at this time for a bomb attack on Iran’s IAEA-approved nuclear facilities.

This year the big guns are still some of the old faces. Ex-Homeland Security Director Michael Chertoff who we hear is also an Israeli citizen has his own cyber warfare consulting company. He left government work early to get on the War on Terror bonanza. As director he had even flown over to Israel to put on ‘fast track’ seminars for Israeli contractors. They got their pick of those wonderful communications contracts they were looking for, where they would have back door access to spy on America for many years to come.

Former Admiral and National Intelligence Director Mike McConnell is Exec. VP of Booz Allen’s cyber security division, and making good use of his former insider contacts. With the military budget looking to be cut and the only question being how much, the scramble is now on to scare the public into supporting more cyber warfare spending, or the Chinese will turn all the lights out and the Russians empty our banks. That would be payback as we did it to them once.

This made me even more suspicious of the incestuous relationships with our top government security people going instantly to work for the big security contractors when they ‘retire.’ One has to wonder whether they might have been working for them WHILE they were in government.

The DC beltway gang all know that if you want those big juicy defense contractor jobs later, you have to earn them while you are pulling the inside strings. Michael Chertoff sure did, and so did former Counter Terrorism Director Richard Clarke, who has set himself up now as a lead author on cyber warfare. He is also close to the Israelis, very close.

Our Bush administration sources revealed that after the FBI began investigating Clarke for espionage at the Pentagon, the Bush people brought him over to the White House, where the FBI could not talk to him any more without permission. But little did he know that some loyal people there wore wires for a good while to at least keep track of what he was giving the Israelis. Because these could never be used in court he never got tagged.

The ‘War on Terror’ turned out to be a war on the American people’s pocketbooks, a war on our military personnel, and a war on all the heroin addicts by keeping the supply flowing at lower prices. The reputation of FBI counterterrorism stateside program is in shambles with revelations on their industrial scale entrapment operations they ran through their network of 15,000 mostly low-life informants.

Jerry Brito of the Mercatus Center called cyber warfare hype as the new ‘yellow cake’ feint, the one so cruelly used by the scoundrels in the Bush administration to frame Iraq, with Cheney being at the top of the list.

As Jim Harper described it, “Most people in Washington, and even Congress for that matter, don’t really have the skills needed to see through the psywar smoke and mirrors that the hired gun experts throw at them. The contractors can create an artificial demand for their products and services to line their own pockets.”

I will close with one last gem of a bullet I picked up from one of these interviews. Jim Lewis from the Center for Strategic and International Studies (CSIS) described how when discussing cyber warfare with the Chinese and Russians, they would always complain that, “Well you are doing the same thing.” And Lewis acknowledged that we were. He let the cat out of the bag.

We had offensive cyber warfare deployed before anyone else, and in a bigger way. When those targeted responded by cranking up their own cyber warfare capabilities, our shysters then used media leaks, Israeli think tanks, and - I personally feel - ran some bogus hacking operations into our own institutions to herd the rest of us into shelling out the money they wanted during huge budget deficit times. It’s an old game.

I never could figure out why Obama would work so hard to get us out of Iraq finally and openly worked on disengaging from Afghanistan, just to walk into a Persian Gulf war, one which could be the last disaster.

If Romney had been elected, he was committed to an Iran attack. The Bush reprobates and their dual Israeli citizen buddies would have been right back in the saddle. We at Veterans Today knew we were on an enemies list, and for good reason. We considered them all a major national security risk.

The billions in deficit funding we provided to expand cyber warfare has built the biggest surveillance machine that has ever existed, and one that can and is being used against the American people. The Israelis had already cut themselves in on the process so they have access to it, too.

We betrayed our children and grandchildren. What our Founding Fathers gave us, we let the hoodlums steal from us in ten years, and they are still walking around. We have not been good stewards because we were a bit too easy to rob.

Romney would have finished us off. That was the plan. We can be happy for that, for a while anyway (Press TV, 2013).

Title: Pentagon Creating Teams To Launch Cyberattacks As Threat Grows
Date: March 12, 2013
Washington Post

Abstract: The Pentagon’s Cyber Command will create 13 offensive teams by the fall of 2015 to help defend the nation against major computer attacks from abroad, Gen. Keith Alexander testified to Congress on Tuesday, a rare acknowledgment of the military’s ability to use cyberweapons.

The new teams are part of a broader government effort to shield the nation from destructive attacks over the Internet that could harm Wall Street or knock out electric power, for instance.

But Alexander warned that budget cuts will undermine the effort to build up these forces even as foreign threats to the nation’s critical computer systems intensify. And he urged Congress to pass legislation to enable the private sector to share computer threat data with the government without fear of being sued.

As he moves into his eighth year as director of the National Security Agency and his third year as head of the fledgling Cyber Command, Alexander told the Senate Armed Services Committee that the strategic-threat picture is worsening. “We’ve seen the attacks on Wall Street over the last six months grow significantly,” he said, noting there were more than 160 disruptive attacks on banks in that period.

Describing an attack on Saudi Arabia’s national oil company, he said: “Last summer, in August, we saw a destructive attack on Saudi Aramco, where the data on over 30,000 systems were destroyed. And if you look at industry, especially the anti-virus community and others, they believe it’s going to grow more in 2013. And there’s a lot that we need to do to prepare for this.”

The U.S. intelligence community has indicated that the assaults on the banks and Saudi Aramco were the work of Iran in retaliation for U.S. financial sanctions imposed to deter Iran from pursuing a nuclear weapons program.

Alexander’s remarks came as U.S. intelligence officials elsewhere on Capitol Hill testified about the growing cyberthreat. At a national security threat hearing, ­Director of National Intelligence James R. Clapper Jr. called on China to stop its “cyber-stealing” of corporate secrets from U.S. networks.

Alexander said the 13 teams would defend against destructive attacks. “I would like to be clear that this team . . . is an offensive team,” he said.

Twenty-seven other teams would support commands such as the Pacific Command and the Central Command as they plan offensive cyber capabilities. Separate teams would ­focus on protecting the Defense Department’s computer networks. He said the first third of the forces, which officials have said will total several thousand civilians and uniformed personnel, will be in place by September and the second third a year later.

Some teams are already in place, Alexander said, to focus on “the most serious threats,” which he did not identify.

But he said uncertainty about the budget is affecting the ability to fill out the teams. About 25 percent of the Cyber Command’s budget is being held up by congressional wrangling over the fiscal 2013 budget, he said. And across-the-board ­cuts that took effect March 1 are forcing civilian furloughs. “By singling out the civilian workforce, we’ve done a great disservice,” said Alexander, noting that one-third of the command workforce is made up of Air Force civilians.

He said some cybersecurity recruits have taken a salary cut to work for the government, only to be faced with a furlough. “That’s the wrong message to send people we want to stay in the military acting in these career fields.”

The attacks hitting the banks are “distributed denial of service attacks” — or barrages of network traffic against Web site servers — that are best handled by the Internet service providers, he said. The issue is “when does a nuisance become a real problem” that ­forces the government to act, he said. The administration is debating that now, he said.

To detect major attacks on industry, the department needs to see them coming in real time, Alexander said. The Internet service providers are best positioned to provide that visibility, but they lack the authority to share attack data with the government, he said. In particular, he said, the companies need legal protection against lawsuits for sharing the data (Washington Post, 2013).

Title: Carnegie Mellon, Spy Agency Seek High School Hackers For Next Generation Of US Security
Date: March 15, 2013
Fox News

Abstract: Bored with classes? Carnegie Mellon University and one of the government's top spy agencies want to interest high school students in a game of computer hacking.

Their goal with "Toaster Wars" is to cultivate the nation's next generation of cyber warriors in offensive and defensive strategies. The free, online "high school hacking competition" will run from April 26 to May 6. Any U.S. student or team in grades six through 12 can apply.

The game is sponsored by the National Security Agency, which is responsible for code breaking and protecting the U.S. from cyberattack. NSA representative Vanee Vines said Friday that the U.S. increasingly needs professionals with highly technical cyber skills to help keep the country safe.

Organizers say they hope participants will see computer security as a career choice (Fox News, 2015).

Title: Obama Order Sped Up Wave Of Cyberattacks Against Iran
Date: June 1, 2013

Abstract: From his first months in office,
President Obama secretly ordered increasingly sophisticated attacks on the computer systems that run Iran’s main nuclear enrichment facilities, significantly expanding America’s first sustained use of cyberweapons, according to participants in the program.

Mr. Obama decided to accelerate the attacks — begun in the Bush administration and code-named Olympic Games — even after an element of the program accidentally became public in the summer of 2010 because of a programming error that allowed it to escape Iran’s Natanz plant and sent it around the world on the Internet. Computer security experts who began studying the worm, which had been developed by the United States and Israel, gave it a name: Stuxnet.

At a tense meeting in the White House Situation Room within days of the worm’s “escape,” Mr. Obama, Vice President Joseph R. Biden Jr. and the director of the Central Intelligence Agency at the time, Leon E. Panetta, considered whether America’s most ambitious attempt to slow the progress of Iran’s nuclear efforts had been fatally compromised.

“Should we shut this thing down?” Mr. Obama asked, according to members of the president’s national security team who were in the room.

Told it was unclear how much the Iranians knew about the code, and offered evidence that it was still causing havoc, Mr. Obama decided that the cyberattacks should proceed. In the following weeks, the Natanz plant was hit by a newer version of the computer worm, and then another after that. The last of that series of attacks, a few weeks after Stuxnet was detected around the world, temporarily took out nearly 1,000 of the 5,000 centrifuges Iran had spinning at the time to purify uranium.

This account of the American and Israeli effort to undermine the Iranian nuclear program is based on interviews over the past 18 months with current and former American, European and Israeli officials involved in the program, as well as a range of outside experts. None would allow their names to be used because the effort remains highly classified, and parts of it continue to this day.

These officials gave differing assessments of how successful the sabotage program was in slowing Iran’s progress toward developing the ability to build nuclear weapons. Internal Obama administration estimates say the effort was set back by 18 months to two years, but some experts inside and outside the government are more skeptical, noting that Iran’s enrichment levels have steadily recovered, giving the country enough fuel today for five or more weapons, with additional enrichment.

Whether Iran is still trying to design and build a weapon is in dispute. The most recent United States intelligence estimate concludes that Iran suspended major parts of its weaponization effort after 2003, though there is evidence that some remnants of it continue.

Iran initially denied that its enrichment facilities had been hit by Stuxnet, then said it had found the worm and contained it. Last year, the nation announced that it had begun its own military cyberunit, and Brig. Gen. Gholamreza Jalali, the head of Iran’s Passive Defense Organization, said that the Iranian military was prepared “to fight our enemies” in “cyberspace and Internet warfare.” But there has been scant evidence that it has begun to strike back.

The United States government only recently acknowledged developing cyberweapons, and it has never admitted using them. There have been reports of one-time attacks against personal computers used by members of Al Qaeda, and of contemplated attacks against the computers that run air defense systems, including during the NATO-led air attack on Libya last year. But Olympic Games was of an entirely different type and sophistication.

It appears to be the first time the United States has repeatedly used cyberweapons to cripple another country’s infrastructure, achieving, with computer code, what until then could be accomplished only by bombing a country or sending in agents to plant explosives. The code itself is 50 times as big as the typical computer worm, Carey Nachenberg, a vice president of Symantec, one of the many groups that have dissected the code, said at a symposium at Stanford University in April. Those forensic investigations into the inner workings of the code, while picking apart how it worked, came to no conclusions about who was responsible.

A similar process is now under way to figure out the origins of another cyberweapon called Flame that was recently discovered to have attacked the computers of Iranian officials, sweeping up information from those machines. But the computer code appears to be at least five years old, and American officials say that it was not part of Olympic Games. They have declined to say whether the United States was responsible for the Flame attack.

Mr. Obama, according to participants in the many Situation Room meetings on Olympic Games, was acutely aware that with every attack he was pushing the United States into new territory, much as his predecessors had with the first use of atomic weapons in the 1940s, of intercontinental missiles in the 1950s and of drones in the past decade. He repeatedly expressed concerns that any American acknowledgment that it was using cyberweapons — even under the most careful and limited circumstances — could enable other countries, terrorists or hackers to justify their own attacks.

“We discussed the irony, more than once,” one of his aides said. Another said that the administration was resistant to developing a “grand theory for a weapon whose possibilities they were still discovering.” Yet Mr. Obama concluded that when it came to stopping Iran, the United States had no other choice.

If Olympic Games failed, he told aides, there would be no time for sanctions and diplomacy with Iran to work. Israel could carry out a conventional military attack, prompting a conflict that could spread throughout the region.

A Bush Initiative
The impetus for Olympic Games dates from 2006, when President
George W. Bush saw few good options in dealing with Iran. At the time, America’s European allies were divided about the cost that imposing sanctions on Iran would have on their own economies. Having falsely accused Saddam Hussein of reconstituting his nuclear program in Iraq, Mr. Bush had little credibility in publicly discussing another nation’s nuclear ambitions. The Iranians seemed to sense his vulnerability, and, frustrated by negotiations, they resumed enriching uranium at an underground site at Natanz, one whose existence had been exposed just three years before.

Iran’s president, Mahmoud Ahmadinejad, took reporters on a tour of the plant and described grand ambitions to install upward of 50,000 centrifuges. For a country with only one nuclear power reactor — whose fuel comes from Russia — to say that it needed fuel for its civilian nuclear program seemed dubious to Bush administration officials. They feared that the fuel could be used in another way besides providing power: to create a stockpile that could later be enriched to bomb-grade material if the Iranians made a political decision to do so.

Hawks in the Bush administration like Vice President Dick Cheney urged Mr. Bush to consider a military strike against the Iranian nuclear facilities before they could produce fuel suitable for a weapon. Several times, the administration reviewed military options and concluded that they would only further inflame a region already at war, and would have uncertain results.

For years the C.I.A. had introduced faulty parts and designs into Iran’s systems — even tinkering with imported power supplies so that they would blow up — but the sabotage had had relatively little effect. General James E. Cartwright, who had established a small cyberoperation inside the United States Strategic Command, which is responsible for many of America’s nuclear forces, joined intelligence officials in presenting a radical new idea to Mr. Bush and his national security team. It involved a far more sophisticated cyberweapon than the United States had designed before.

The goal was to gain access to the Natanz plant’s industrial computer controls. That required leaping the electronic moat that cut the Natanz plant off from the Internet — called the air gap, because it physically separates the facility from the outside world. The computer code would invade the specialized computers that command the centrifuges.

The first stage in the effort was to develop a bit of computer code called a beacon that could be inserted into the computers, which were made by the German company Siemens and an Iranian manufacturer, to map their operations. The idea was to draw the equivalent of an electrical blueprint of the Natanz plant, to understand how the computers control the giant silvery centrifuges that spin at tremendous speeds. The connections were complex, and unless every circuit was understood, efforts to seize control of the centrifuges could fail.

Eventually the beacon would have to “phone home” — literally send a message back to the headquarters of the National Security Agency that would describe the structure and daily rhythms of the enrichment plant. Expectations for the plan were low; one participant said the goal was simply to “throw a little sand in the gears” and buy some time. Mr. Bush was skeptical, but lacking other options, he authorized the effort.

Breakthrough, Aided by Israel
It took months for the beacons to do their work and report home, complete with maps of the electronic directories of the controllers and what amounted to blueprints of how they were connected to the centrifuges deep underground.

Then the N.S.A. and a secret Israeli unit respected by American intelligence officials for its cyberskills set to work developing the enormously complex computer worm that would become the attacker from within.

The unusually tight collaboration with Israel was driven by two imperatives. Israel’s Unit 8200, a part of its military, had technical expertise that rivaled the N.S.A.’s, and the Israelis had deep intelligence about operations at Natanz that would be vital to making the cyberattack a success. But American officials had another interest, to dissuade the Israelis from carrying out their own pre-emptive strike against the Iranian nuclear facilities. To do that, the Israelis would have to be convinced that the new line of attack was working. The only way to convince them, several officials said in interviews, was to have them deeply involved in every aspect of the program.

Soon the two countries had developed a complex worm that the Americans called “the bug.” But the bug needed to be tested. So, under enormous secrecy, the United States began building replicas of Iran’s P-1 centrifuges, an aging, unreliable design that Iran purchased from Abdul Qadeer Khan, the Pakistani nuclear chief who had begun selling fuel-making technology on the black market. Fortunately for the United States, it already owned some P-1s, thanks to the Libyan dictator, Col. Muammar el-Qaddafi.

When Colonel Qaddafi gave up his nuclear weapons program in 2003, he turned over the centrifuges he had bought from the Pakistani nuclear ring, and they were placed in storage at a weapons laboratory in Tennessee. The military and intelligence officials overseeing Olympic Games borrowed some for what they termed “destructive testing,” essentially building a virtual replica of Natanz, but spreading the test over several of the Energy Department’s national laboratories to keep even the most trusted nuclear workers from figuring out what was afoot.

Those first small-scale tests were surprisingly successful: the bug invaded the computers, lurking for days or weeks, before sending instructions to speed them up or slow them down so suddenly that their delicate parts, spinning at supersonic speeds, self-destructed. After several false starts, it worked. One day, toward the end of Mr. Bush’s term, the rubble of a centrifuge was spread out on the conference table in the Situation Room, proof of the potential power of a cyberweapon. The worm was declared ready to test against the real target: Iran’s underground enrichment plant.

“Previous cyberattacks had effects limited to other computers,” Michael V. Hayden, the former chief of the C.I.A., said, declining to describe what he knew of these attacks when he was in office. “This is the first attack of a major nature in which a cyberattack was used to effect physical destruction,” rather than just slow another computer, or hack into it to steal data.

“Somebody crossed the Rubicon,” he said.

Getting the worm into Natanz, however, was no easy trick. The United States and Israel would have to rely on engineers, maintenance workers and others — both spies and unwitting accomplices — with physical access to the plant. “That was our holy grail,” one of the architects of the plan said. “It turns out there is always an idiot around who doesn’t think much about the thumb drive in their hand.”

In fact, thumb drives turned out to be critical in spreading the first variants of the computer worm; later, more sophisticated methods were developed to deliver the malicious code.

The first attacks were small, and when the centrifuges began spinning out of control in 2008, the Iranians were mystified about the cause, according to intercepts that the United States later picked up. “The thinking was that the Iranians would blame bad parts, or bad engineering, or just incompetence,” one of the architects of the early attack said.

The Iranians were confused partly because no two attacks were exactly alike. Moreover, the code would lurk inside the plant for weeks, recording normal operations; when it attacked, it sent signals to the Natanz control room indicating that everything downstairs was operating normally. “This may have been the most brilliant part of the code,” one American official said.

Later, word circulated through the International Atomic Energy Agency, the Vienna-based nuclear watchdog, that the Iranians had grown so distrustful of their own instruments that they had assigned people to sit in the plant and radio back what they saw.

“The intent was that the failures should make them feel they were stupid, which is what happened,” the participant in the attacks said. When a few centrifuges failed, the Iranians would close down whole “stands” that linked 164 machines, looking for signs of sabotage in all of them. “They overreacted,” one official said. “We soon discovered they fired people.”

Imagery recovered by nuclear inspectors from cameras at Natanz — which the nuclear agency uses to keep track of what happens between visits — showed the results. There was some evidence of wreckage, but it was clear that the Iranians had also carted away centrifuges that had previously appeared to be working well.

But by the time Mr. Bush left office, no wholesale destruction had been accomplished. Meeting with Mr. Obama in the White House days before his inauguration, Mr. Bush urged him to preserve two classified programs, Olympic Games and the drone program in Pakistan. Mr. Obama took Mr. Bush’s advice.

The Stuxnet Surprise
Mr. Obama came to office with an interest in cyberissues, but he had discussed them during the campaign mostly in terms of threats to personal privacy and the risks to infrastructure like the electrical grid and the air traffic control system. He commissioned a major study on how to improve America’s defenses and announced it with great fanfare in the East Room.

What he did not say then was that he was also learning the arts of cyberwar. The architects of Olympic Games would meet him in the Situation Room, often with what they called the “horse blanket,” a giant foldout schematic diagram of Iran’s nuclear production facilities. Mr. Obama authorized the attacks to continue, and every few weeks — certainly after a major attack — he would get updates and authorize the next step. Sometimes it was a strike riskier and bolder than what had been tried previously.

“From his first days in office, he was deep into every step in slowing the Iranian program — the diplomacy, the sanctions, every major decision,” a senior administration official said. “And it’s safe to say that whatever other activity might have been under way was no exception to that rule.”

But the good luck did not last. In the summer of 2010, shortly after a new variant of the worm had been sent into Natanz, it became clear that the worm, which was never supposed to leave the Natanz machines, had broken free, like a zoo animal that found the keys to the cage. It fell to Mr. Panetta and two other crucial players in Olympic Games — General Cartwright, the vice chairman of the Joint Chiefs of Staff, and Michael J. Morell, the deputy director of the C.I.A. — to break the news to Mr. Obama and Mr. Biden.

An error in the code, they said, had led it to spread to an engineer’s computer when it was hooked up to the centrifuges. When the engineer left Natanz and connected the computer to the Internet, the American- and Israeli-made bug failed to recognize that its environment had changed. It began replicating itself all around the world. Suddenly, the code was exposed, though its intent would not be clear, at least to ordinary computer users.

“We think there was a modification done by the Israelis,” one of the briefers told the president, “and we don’t know if we were part of that activity.”

Mr. Obama, according to officials in the room, asked a series of questions, fearful that the code could do damage outside the plant. The answers came back in hedged terms. Mr. Biden fumed. “It’s got to be the Israelis,” he said. “They went too far.”

In fact, both the Israelis and the Americans had been aiming for a particular part of the centrifuge plant, a critical area whose loss, they had concluded, would set the Iranians back considerably. It is unclear who introduced the programming error.

The question facing Mr. Obama was whether the rest of Olympic Games was in jeopardy, now that a variant of the bug was replicating itself “in the wild,” where computer security experts can dissect it and figure out its purpose.

“I don’t think we have enough information,” Mr. Obama told the group that day, according to the officials. But in the meantime, he ordered that the cyberattacks continue. They were his best hope of disrupting the Iranian nuclear program unless economic sanctions began to bite harder and reduced Iran’s oil revenues.

Within a week, another version of the bug brought down just under 1,000 centrifuges. Olympic Games was still on.

A Weapon’s Uncertain Future
American cyberattacks are not limited to Iran, but the focus of attention, as one administration official put it, “has been overwhelmingly on one country.” There is no reason to believe that will remain the case for long. Some officials question why the same techniques have not been used more aggressively against North Korea. Others see chances to disrupt Chinese military plans, forces in Syria on the way to suppress the uprising there, and Qaeda operations around the world. “We’ve considered a lot more attacks than we have gone ahead with,” one former intelligence official said.

Mr. Obama has repeatedly told his aides that there are risks to using — and particularly to overusing — the weapon. In fact, no country’s infrastructure is more dependent on computer systems, and thus more vulnerable to attack, than that of the United States. It is only a matter of time, most experts believe, before it becomes the target of the same kind of weapon that the Americans have used, secretly, against Iran (NYT, 2013).

Title: Head Of US Cyber-Attack On Iran Probed Over Leak Of Details – Source
Date: June 28, 2013

Abstract: The four-star general who headed the reported cyber-attack by American and Israeli hackers on an Iranian nuclear site is under a DoJ investigation over leaking the details of the operation to the press, reports NBC News.

Retired Marine Gen. James ‘Hoss’ Cartwright, who was deputy chairman of the Joint Chiefs of Staff between 2007 and 2011, was the one responsible for the ‘Olympic Games’, a massive attack on Iranian uranium enrichment facilities conducted under the Bush and the Obama administrations, the New York Times reported last July.

At the time the newspaper broke details of the top secret operation, including collaboration of Israeli hackers in development of the Stuxnet computer worm, which was used to infect Iranian computer networks and damage hundreds of centrifuges at the Natanz enrichment facility.

The leak caused outrage in the Congress, as some Republican politicians alleged that it was sanctioned high in the Obama administration to bolster his national security record ahead of the 2012 election campaign.

Legal sources told NBC News that the FBI investigating the leak zeroed on Cartwright, once the second-highest ranking officer in the Pentagon, as the source that provided the newspaper with the sensitive information. Agents identified the former general without resorting to a secret subpoena of the phone records of New York Times reporters, the report says.

Cartwright, 63, received a target letter informing him that he’s under the investigation, but so far the DoJ hasn’t made a final decision on whether to charge him, according to the sources.

Cartwright and his lawyer did not comment to NBC.

If indicted, Cartwright would join Bradley Manning, Edward Snowden and six others charged under the 1917 Espionage Act by the Obama administration. The current US government has invoked the law more than all previous administrations combined (RT, 2013).