Intelligence and defense officials offered him a possible third way—a program of cyber-operations, mounted with the help of Israel and perhaps other allies, that would attack Iran’s nuclear program surreptitiously and at the very least buy some time. As with the drone program, the Obama administration inherited this plan, embraced it, and has followed through in a major way. Significant cyber-operations have been launched against Iran, and the Iranians have certainly noticed. It may be that these operations will eventually change minds in Tehran. But the aramco attack suggests that, for the moment, the target may be more interested in shooting back, and with weapons of a similar kind.
Cyberspace is now a battlespace. But it’s a battlespace you cannot see, and whose engagements are rarely deduced or described publicly until long after the fact, like events in distant galaxies. Knowledge of cyber-warfare is intensely restricted: almost all information about these events becomes classified as soon as it is discovered. The commanding generals of the war have little to say. Michael Hayden, who was director of the C.I.A. when some of the U.S. cyber-attacks on Iran reportedly occurred, declined an interview request with a one-line e-mail: “Don’t know what I would have to say beyond what I read in the papers.” But with the help of highly placed hackers in the private sector, and of current and former officials in the military and intelligence establishments and the White House, it is possible to describe the outbreak of the world’s first known cyber-war and some of the key battles fought so far. (...)
For the U.S., Stuxnet was both a victory and a defeat. The operation displayed a chillingly effective capability, but the fact that Stuxnet escaped and became public was a problem. Last June, David E. Sanger confirmed and expanded on the basic elements of the Stuxnet conjecture in a New York Times story, the week before publication of his book Confront and Conceal. The White House refused to confirm or deny Sanger’s account but condemned its disclosure of classified information, and the F.B.I. and Justice Department opened a criminal investigation of the leak, which is still ongoing. Sanger, for his part, said that when he reviewed his story with Obama-administration officials, they did not ask him to keep silent. According to a former White House official, in the aftermath of the Stuxnet revelations “there must have been a U.S.-government review process that said, This wasn’t supposed to happen. Why did this happen? What mistakes were made, and should we really be doing this cyber-warfare stuff? And if we’re going to do the cyber-warfare stuff again, how do we make sure (a) that the entire world doesn’t find out about it, and (b) that the whole world does not fucking collect our source code?”
In September 2011, another piece of malware took to the Web: later named Gauss, it stole information and login credentials from banks in Lebanon, an Iranian ally and surrogate. (The program is called Gauss, as in Johann Carl Friedrich Gauss, because, as investigators later discovered, some internal modules had been given the names of mathematicians.) Three months later, in December, yet another piece of malware began spying on more than 800 computers, primarily in Iran but also in Israel, Afghanistan, the United Arab Emirates, and South Africa. This one would eventually be named Mahdi, after a reference in the software code to a messianic figure whose mission, according to the Koran, is to cleanse the world of tyranny before the Day of Judgment. Mahdi was e-mailed to individuals who worked in government agencies, embassies, engineering firms, and financial-services companies. In some cases, the Mahdi e-mails bore a Microsoft Word file attachment containing a news article about a secret Israeli-government plan to cripple Iran’s electrical grid and telecommunications in the event of an Israeli military strike. Other Mahdi e-mails came with PowerPoint files containing slides bearing religious images and text. Anyone who received these e-mails and clicked on the attachment became vulnerable to infection that could result in their e-mails, instant messages, and other data being monitored.
Time started running out for all this malware in 2012, when a man from Mali met with a man from Russia on a spring day in Geneva. The man from Mali was Hamadoun TourĂ©, secretary-general of the International Telecommunication Union, a U.N. agency. He invited Eugene Kaspersky, the Russian C.E.O. of the cyber-security firm Kaspersky Lab, to discuss a partnership to perform forensic analysis on major cyber-attacks—“like a Stuxnet,” as Kaspersky recalls. Kaspersky says that TourĂ© made no explicit mention of Iran, even though Stuxnet was an impetus for the collaboration.
by Michael Joseph Gross, Vanity Fair | Read more:
Image: Getty Images
