Row breaks out in US over Stuxnet worm leaks

Republicans accuse White House of using malware leaks to bolster President's image

A row has broken out in Washington over leaks suggesting that the US government was responsible for creating the Stuxnet worm and, perhaps by implication, the recently discovered Flame virus.

The two items of malware, which appear to be aimed at spying on and sabotaging Iran's nuclear programme, were widely believed to be the work of a government-sponsored agency due to their sophistication – with Israel seen as the number one suspect.

But according to weekend reports in the New York Times, the US Central Intelligence Agency (CIA) created the Stuxnet worm in about 2006 with the specific intent of attacking Iran's nuclear research. Later, President Obama ordered cyber attacks against Iran to be stepped up – even after Stuxnet had been uncovered in 2010.

However, the leaks have caused a backlash in the US, with President Obama's political opponents accusing him of leaking the news in order to beef-up his own security credentials in advance of the presidential elections in November 2012.

"We know the leaks have to come from the administration. And so we're at the point where perhaps we need an investigation," Senator John McCain, the former Republican presidential candidate, told the AFP newswire in Singapore.

"So this is kind of a pattern in order to hype the national security credentials of the president. Every administration does it, but I think this administration has taken it to a new level," said McCain.

Even though Stuxnet was discovered in 2010, it was not fully eliminated by Iranian computer security teams. The worm was implicated in the mass failure of centrifuges at Iran's nuclear fuel-enrichment facility at Natanz in 2010, and a number of other industrial failures in Iran.

Stuxnet targets Siemens industrial software and equipment. It was the first malware discovered that spies on and subverts industrial systems and the first to include a programmable logic controller rootkit, making it especially potent.

According to computer security software supplier Symantec, the worm initially spreads indiscriminately, but includes a highly specialised malware payload that is designed to target only Siemens supervisory control and data acquisition systems configured to control and monitor specific industrial processes. Stuxnet infects the Siemens programmable logic controller by subverting the built-in software application used to reprogram these devices.

Flame was discovered in May 2012 by Iran's MAHER Computer Emergency Response Team (CERT). In contrast to Stuxnet, Flame is not destructive but instead is designed to eavesdrop on Skype and other communications. However, it also has the capability of downloading additional modules at the behest of its controller.

"It does not replicate and spread automatically, which is certainly so that its controllers can target it better and evade detection longer," said cryptographer and computer security expert Bruce Schneier, chief technology officer of BT Counterpane. Instead of self-replicating, it uses a security flaw in Windows Update, which Microsoft says it is currently addressing.

Although the latest revelations over Stuxnet indicate deep US involvement in cyber warfare, Iran's CERT described Flame's encryption as having "a special pattern that you only see coming from Israel".

The leaks could also backfire by legitimating potentially crippling peace-time cyber attacks on countries' national infrastructure for political ends.