Part 1
We have all heard of computer viruses. We often get emails from friends and family warning us not to open this or that message or to ignore a message with such and such in the title. Viruses can, if opened inadvertently, infect your computer and can cause the computer to malfunction or worse still send confidential information held in your computer to some criminal organisation, often overseas.
Until June 2010 the world worried about computer viruses and the damage they can cause to our increasingly computer-controlled world. Since the advent of mass computing in the 1980’s the banking sector has been a prime target for hackers, closely followed by the defence establishments. Indeed, there are many well-known stories, including the recent one of a lone hacker from Essex hacking into Pentagon’s computers, thousands of miles away, in order to find out what they hold in their files about alien encounters.
The results of maliciously accessing computers would be even more devastating to the wider population if the computers of utility companies were targeted. For example, imagine a criminal organisation targeting the computers of a water utility, which controls the sanitisation of water for a large part of the country. By changing the computer programs they could disrupt the sanitisation process, thus disrupting water supply or worse still, leaving untreated water to be delivered to the users.
Thankfully, there are a number of well-developed computer programs, called anti-virus software, which are designed to protect our computers against viruses. Problems arise when computer users do not keep their anti-virus software up-to-date and use it regularly. Furthermore, we are all lazy about managing our passwords, changing them regularly, etc. This extends even to those people at the Pentagon, responsible for protecting the secrets of America’s defence department.
However, none of what we have seen for the past 30 years can be considered as cyberwar. In June 2010, the engineers from a Belarusian antivirus company discovered the existence of a new threat, a computer worm called Stuxnet. A computer worm is different from a computer virus in that whereas a computer virus relies on an unsuspecting user installing a piece of software containing the virus and then inadvertently sending it to someone else, the computer worm can find its way from computer to computer using local computer networks or over the Internet, infecting and controlling an ever growing number of computers in the process.
The Stuxnet worm astounded the computer world and brought a new threat hitherto confined to science fiction to our everyday world. It transpired that the Stuxnet worm had infected 14 industrial sites in Iran, including their uranium enrichment plant, causing serious damage. It soon became clear that the Stuxnet worm was so advanced in its design and implementation that it could only have been developed through state-sponsorship; in other words, it was too sophisticated to have been developed by private individuals or organisations. Here what we have is a nation-state targeting the facilities of another nation-state with the intention of causing harm. This is why we call it cyberwar rather than another computer virus or hacking attack.
There are few countries in the world which possess the technology and skills to execute such a task. This, coupled with the nature of the target, has pointed the finger at Israel and the United States as the state sponsors of Stuxnet. Here we have two countries in the Premier League of computer technology, closely followed by Russia, Belarus and a few others. As we have come to expect, Israel has neither acknowledged nor denied involvement in the development and the unleashing of Stuxnet, but among experts there is little doubt that Israel has had the motivation and the skills to have carried out this audacious attack.
In Part 2 of this article we will explore the background to Stuxnet, how it works, how it infected Iran’s industrial facilities; in Part 3 we will consider the future of cyberwar , what it means for the Middle East and the wider world.
© M. Ozdamar (2013)