Monday, May 30, 2011

Langner calls US a Cyber Bully. I hope he's right.

Score: 5 balloons

German security researcher Ralph Langner was the first to decode and publish the inner workings of Stuxnet, a Windows-based computer worm that successfully targeted Iran's nuclear enrichment facility, setting back their nuclear weapons program by three years (according to the public statements of several authoritative sources). Although no one has claimed credit for creating Stuxnet, it has been widely attributed to a collaboration between Israeli and US intelligence agencies.

I had come into his TED Talk with high expectations, but I was disappointed -- not by the science but by Ralph's political commentary. What started as an interesting (though simplified) explanation of a ground-breaking cyber weapon devolved into a naive, self righteous rant against the US that appealed to TED's liberal audience. (I normally share that liberal viewpoint, but I overcame my bias with actual knowledge, having connected with my hacker friends at the last DEFcon, and having just read two well documented books on cyber warfare by Jeff Carr and Richard Clarke.)

Langner's first pot shot was his characterization of the US as the only superpower in cyberspace. Apparently Langner is not familiar with Russia and China's far more developed and extensive cyber militaries, which they supplement with privately contracted cyber gangs. Furthermore, Russian and China have far more experience than the US in waging cyber warfare, as evidenced by repeated, successful, multi-day attacks on the government and civilian electronic infrastructures of South Korea, Chechnya and Georgia during the last decade.

Langner's second, more damning accusation was aimed at the US for unleashing Stuxnet on the world, since it can now be repurposed as a weapon against anyone, including our own computer networks. The implication was that just as we did in 1945, the US is once again developing non-conventional weapons that threaten global stability.

But Stuxnet is not what exposes our digital infrastructure to attack. No, we opened that door long ago when we put the computers in charge. Is Langner -- or anyone -- really so naive as to think that without Stuxnet we wouldn't have to defend our networks from cyber attack?

What really irked me, though, was that at no point did Ralph question the wisdom of sharing all his findings publicly (which certainly aids and abets anyone who might wish to repurpose Stuxnet). Nor did he express any hesitation in reaching out to the Iranians to help them overcome this nasty infection. Was I the only person in the audience who thought, "Wait a minute, shouldn't we be thanking the creators of Stuxnet, instead of the guy who stopped it?"

If ever there was a time when US aggression was called for, this was surely it. Ahmadinejad has stated very clearly that Iran supports Jihad on the United States, and that he fully intends for Iran to destroy "the Zionist State" at his earliest convenience. The dictator of Iran holds the Presidential title despite having lost the election, and having brutally crushed the political dissidents who protested. Now who among you really think that stopping the nuclear ambitions of a raving, rogue, belligerent madman is a poor use of our tax dollars?

International pressure has not worked. Economic sanctions have not worked. Sure, we could have used conventional missiles to disable this dictator's Jihad machine, but that would have killed Iranians, possibly spread radiation, jeopardized the lives of our soldiers, cost hundreds of millions, provoked military reprisals, and it may not have even worked.  If indeed our intelligence community helped develop and launch Stuxent, then I for one am grateful.

On the final day of the conference, one TEDster was so fired up by Langner that he got up on stage to denounce the people behind Stuxnet for their evil ways, demanding that the US bring them to justice for their illegal aggression and for exposing our country's infrastructure to Stuxnet variants. The audience applauded loudly.

Except that cyber warfare is NOT illegal. (Though unlike Russia and China, the US does prohibit citizens from computer hacking.) Cyber warfare is, however, fast, effective, precise, virtually free, stealthy and usable without loss of life. If we can't altogether rid the world of conflict, our species is surely better off fighting cyber wars than conventional ones.

 See the Guide to TED Talks 2011.


  1. Thanks for posting this David. Could not agree more with your views here. As a matter of fact I have seen a universal approval of the targeting of nuclear enrichment in Iran (Other than Syria). What is there not to like?

    Fascinating to see Ralph's career being launched by this. Of course other researchers contributed valuable understanding of Stuxnet, most notably Symantec.

    What address can I send *my* book to for your review? :-)


  2. " widely attributed to a collaboration between Israeli and US intelligence agencies."

    Stuxnet effects Seimen's programmable logic circuits (PLC's) which are made in Germany. Richard Clarke suggests that the Germans had a hand in the exploit also.

  3. "There must have been ways to test with real equipment before it was deployed. So given that, if you look at who is in the possession of such centrifuges besides Iran, there are two sites. One is in the [U.S.] Oak Ridge National Lab and the other is [Israel's] Dimona complex. There are centrifuges from the dismantled Libyan uranium enrichment program. They are identical to Iran in centrifuges because they go back to the same model. Libya and Iran bought blueprints from Pakistani nuclear scientist Abdul Qadeer Khan."

    Read more:

  4. Anand5:30 PM

    Oh my God David! You are so american! All you guys can think of is yourself. Just because a country does not function the way USA wants it to, does not warrant an attack. What do u mean by this was the correct time to be the aggressor? The US has been the aggressor any way, correct or not. It is not naive to suggest that this only aids people to affect systems more. This demonstrates the possibilities and this weapon can indeed be dangerous.
    Rogue belligerent madman? Who the hell are u to term anyone that? He is the leader of their country and they chose to do what they do. U don't have to try to destroy every country. And if at all there has been a poor use for american tax dollars then this would be it. Look at the shoddy economy and look at what people want. Peace!

  5. Anonymous4:31 AM

    Agree with you ANAND! The Americans will never Understand this...

  6. Igor R10:37 AM

    Great post, I haven't seen this talk but will have to now. Very logical dissection of his points. I think most experts would be very surprised if Iran's nuclear efforts turn out to be purely civilian.