'Stuxnet' Leaks Lead Straight to White House

Editor’s Note – Eventually, every story about leaks keeps ending up back at the White House itself. Why, because everything they do has a political goal in mind, especially when they need to ‘spike’ another football.

As we have been saying for years now, the current administration is the team that will say and do anything to achieve an end. Not only do they ‘spike the football’, repeatedly, they conflate the event to be solely as a result of their prowess. Allies be damned, sources get burned, methods are exposed, and it matters little, unless it sullies their image. This applies to all things domestic as well.

The Constitution and our nation-of-laws are just something to avoid, circumvent, or just ignore. If that cannot be achieved, they create or contrive some loophole, set up a list of talking points, couch it in some greater good, and then  release their minions and sycophants to the talking head circuit.

Meanwhile, they turn the tables on their detractors and accuse everyone else of the same thing. Then the willing media echos these talking points, forgets to do any investigative journalism, or simply ignores the issue.

In classified cyberwar against Iran, trail of Stuxnet leak leads to White House

By Rowan Scarborough – The Washington Times

The Obama administration provided a New York Times reporter exclusive access to a range of high-level national security officials for a book that divulged highly classified information on a U.S. cyberwar on Iran’s nuclear program, internal State Department emails show.

The information in the 2012 book by chief Washington correspondent David E. Sanger has been the subject of a yearlong Justice Department criminal investigation: The FBI is hunting for those who leaked details to Mr. Sanger about a U.S.-Israeli covert cyberoperation to infect Iran’s nuclear facilities with a debilitating computer worm known as Stuxnet.

New York Times story adapted from the book, “Confront and Conceal: Obama’s Secret Wars and Surprising Use of American Power,” quotes participants in secret White House meetings discussing plans to unleash Stuxnet on Iran.

StuxnetExplained

The scores of State Department emails from the fall of 2011 to the spring of 2012 do not reveal which officials told Mr. Sanger, but they do show an atmosphere of cooperation within the administration for a book generally favorable toward, but not uncritical of, President Obama. For example:

“I’m getting a bit concerned about the pace of our interviews — or lack of pace, to be more precise — for the book,” Mr. Sanger said in an email Oct. 30, 2011, to Michael Hammer, a senior State Department public affairs official. “The White House is steaming away; I’ve seen [National Security Adviser Thomas E.] Donilon many times and a raft of people below. Doing well at the Pentagon. But on the list I sent you starting on Sept. 12 we’ve scheduled nothing, and chapters are getting into final form.”

Mr. Sanger’s book debuted in June 2012 and brought an immediate call from Republicans to investigate the leaks. They charged that administration officials jeopardized an ongoing secret cyberattack by tipping off Iran’s hard-line Islamic regime about war plans.

They also charged that Obama aides were leaking sensitive materials on other issues, such as the Navy SEAL-CIA raid to kill Osama bin Laden, to burnish Mr. Obama’s credentials as commander in chief as the 2012 election approached.

The nonprofit Freedom Watch acquired the State Department emails via a Freedom of Information Act request filed days after the book was published. Larry Klayman, its director, said State at first had told him it did not have any documents. He then filed suit in federal court.

In December, U.S. District Court Judge Robert L. Wilkins ordered State to turn over emails relating to its cooperation with Mr. Sanger.

Officials line up

“When you read the totality of those documents, it’s a super-close relationship they are furthering with Sanger,” Mr. Klayman said. “They were literally force-feeding him.”

He said State has yet to provide transcripts of the Sanger interviews.

“I think the thrust of this is this requires a significant investigation,” Mr. Klayman said, adding that he has provided the emails to the House Committee on Oversight and Government Reform.

State Department spokesman did not respond to emails from The Washington Times requesting comment.

In one email, a public affairs official said Mr. Sanger wanted to discuss “Cybersecurity — particularly if there’s a legal framework being developed on the offensive side.” Stuxnet would be an example of an offensive cyberweapon.cyberwar_WH

Mr. Sanger’s nudging seemed to do the trick. Over the next several months, Mr. Hammer, the senior public affairs official, arranged interviews with Secretary of State Hillary Rodham Clinton and a roster of senior aides.

By March 2012, Mr. Sanger had spoken with Deputy Secretary of State William Burns; Deputy Chief of Staff Jake Sullivan, who is now Vice President Joseph R. Biden’s national security adviser; Robert Einhorn, then a special adviser on arms control; Harold Hongju Koh, State’s legal adviser; and others.

In December 2011, Mr. Hammer sent an email summarizing Mr. Sanger’s reporting and reproducing a story from the previous month headlined “America’s Deadly Dynamics with Iran,” which reported on the Stuxnet computer worm.

It is not unusual for authors to request and sometimes win access to administration officials. Mr. Sanger’s access, however, is notable in that its subsequent disclosures prompted an FBI investigation in which agents have interviewed government officials.

The worm on the loose

Mr. Sanger wrote a June 1, 2012, article on Stuxnet that was adapted from his book, which debuted later that week. In the story, he quoted “participants” in White House meetings on whether to continue attacking Iran with Stuxnet, which somehow had broken free into the Internet.

“At a tense meeting in the White House Situation Room within days of the worm’s ‘escape,’ Mr. Obama, Vice President Joseph R. Biden Jr. and the director of the Central Intelligence Agency at the time, Leon E. Panetta, considered whether America’s most ambitious attempt to slow the progress of Iran’s nuclear efforts had been fatally compromised,” the story said.

“Should we shut this thing down?” Mr. Obama asked, according to members of the president’s national security team who were in the room.”

Republicans said those passages alone are evidence that Obama aides broke the law by publicly disclosing a covert program.

With the story and book in print, State Department public affairs on June 7 sent to department officials a transcript of a floor speech delivered by Sen. John McCain that week. The Arizona Republican accused the administration of deliberately leaking secrets to portray Mr. Obama as a “strong leader on national security issues” in an election year.

“What price did the administration apparently pay to proliferate such a presidential persona highly valued in an election year?” he said. “Access. Access to senior administration officials who appear to have served as anonymous sources divulging extremely sensitive military and intelligence information and operations.”

‘Drones and cyber’

Citing the book, Mr. McCain said: “The administration officials discussed a most highly classified operation that is both highly classified and still ongoing, an operation that was clearly one of the most tightly held national security secrets in our country until now.”

Asked on CBS’ “Face the Nation” on June 3, 2012, whether the administration leaked to him to bolster the president’s image, Mr. Sanger said:

“I spent a year working the story from the bottom up, and then went to the administration and told them what I had. Then they had to make some decisions about how much they wanted to talk about it.

“All that you read about this being deliberate leaks out of the White House wasn’t my experience. Maybe it is in other cases,” he said. “I’m sure the political side of the White House probably likes reading about the president acting with drones and cyber and so forth. National security side has got very mixed emotions about it because these are classified programs.”

Said Mr. McCain: “I don’t know how one could draw any conclusion but that senior members of this administration in the national security arena have either leaked or confirmed information of the most highly classified and sensitive nature.”

On June 5, The New York Times published a review of the Sanger book by Thomas Ricks, an author and former reporter for The Washington Post.

Mr. Sanger clearly has enjoyed great access to senior White House officials, most notably to Thomas Donilon, the national security adviser,” Mr. Ricks wrote. “Mr. Donilon, in effect, is the hero of the book, as well as the commenter of record on events. He leads the team that goes to Israel and spends ‘five hours wading through the intelligence in the basement of the prime minister’s residence.’”

Three days later, Attorney General Eric H. Holder Jr. announced that he had appointed two U.S. attorneys to investigate leaks, including the Stuxnet disclosures.

White House press secretary Jay Carney took offense to Mr. McCain’s speech.

“Any suggestion that this administration has authorized intentional leaks of classified information for political gain is grossly irresponsible,” he said.

A ‘target’ in the probe

In May, The New York Times reported: “The investigation into reporting by David E. Sanger of The Times, about efforts to sabotage the Iranian nuclear program, appears to be one of the most active inquiries.”

In June, NBC News reported that the FBI had zeroed in on one of the nation’s highest-ranking military officers at the time that Mr. Sanger was researching his book in 2011.

NBC said that retired Marine Gen. James E. Cartwright, former vice chairman of the Joint Chiefs of Staff and one of Mr. Obama’s closest military advisers, was a “target” in the probe — a designation that often means the Justice Department plans to indict the person.

Gen. Cartwright retired in August 2011.

Mr. Donilon, the national security adviser, submitted his resignation in June and left the post last month.

More than any previous president, Mr. Obama has aggressively gone after leakers — in this case possibly members of his own inner circle.

The Justice Department took the unusual step of collecting data on phone calls to and from the Washington bureau of The Associated Press in an effort to find who leaked information about a foiled terrorist attack.

The Justice Department has charged two former CIA employees and one former National Security Agency worker with providing secrets to journalists. In all three of those cases, the FBI acquired the “smoking gun” by obtaining emails between the reporters and the leakers.

In all, the Obama administration has charged eight people with leaking secrets, the most recent being former NSA contractor Edward Snowden.

Follow us: @washtimes on Twitter

Computers control everything – How safe are we?

Editor’s Note – SCADA systems (supervisory control and data acquisition) are susceptible to all manner of attacks, and as the Stxunet Worm proved as indicated in the following article, hackers and viruses can invade and take over. We think of a lot of problems that could occur but what if the prison doors just opened and the most vile and dangerous prisoners just walked out? SUA has been covering the ability of hackers like ‘Anonymous’ to search and destroy systems as well, so as we get deeper and deeper into computer controls, thinking we are safer, are we?

DHS confirms hackers could ‘remotely reprogram and manipulate’ cells at federal prisons

Daily Caller

By Jordan Bloom

A panel of experts presented some startling findings at the Hacker Halted conference, prompting the Department of Homeland Security and Federal Bureau of Prisons to re-evaluate their digital security systems. A study conducted by a former CIA officer has shown that for less than $2,500, hackers could overload the circuits in prison doors, springing them permanently open.

Federal Bureau of Prisons spokesman Chris Burke told The Washington Times that the government is “aware of this research and [is] taking it very seriously.”

John Strauchs, Teague Newman and Tiffany Rad developed attacks in the basement of a Washington, D.C. home that could bring a prison’s programmable logic controllers and industrial control systems offline.

“You could open every cell door, and the system would be telling the control room they are all closed,” Strauchs told The Washington Times.

Industrial control systems, as the software is known, are used in everything from the power grid to civic plumbing systems to prison doors, and have come under official scrutiny recently because of their vulnerability to cyber attacks. In 2010, an Israeli cyber attack on the Iran’s nuclear program brought a fifth of Iran’s centrifuges offline.

The researchers found that while the computers controlling the prison systems were not supposed to be connected to the Internet, at every prison system out of the more than 400 surveyed, they were. Guards were frequently using the prison computers to check their personal emails, exposing the system to attack. In other cases, technical support maintained Internet connections to update the prison security systems.

“In no case did we ever not find connections,” McGurk said. “They were always there.”

But even in the absence of an Internet connection, the industrial control system could still be compromised by bribing a security guard to upload a virus via a USB drive.

The team took their findings directly to federal agencies, briefing them at the CIA headquarters at Langley, so they could have time to evaluate and respond to the threat.

Sean McGurk led the Department of Homeland Security’s efforts to secure ICS before his departure in September, and confirmed to the Washington Times that ”we validated the researchers’ initial assertion … that they could remotely reprogram and manipulate [the industrial control system software and controllers].”

A warden contacted Strauchs about the project after an incident in which all the doors on one prison’s death row were suddenly opened.

Stuxnet Clone Duqu – Aimed back at USA?

Editorial Note – Stuxnet was installed by an operative inside Iran who plugged in a thumb drive containing the virus. Stuxnet is software that has many thresholds and layers and its source code is known only to its creators. Each time a condition is met, yet another part of the virus within the software kicks in. Well, it seems that Stuxnet has some characterics that have been cloned into a new form dubbed ‘Duqu’ and the threat is now reversed and may be employed upon our own facilities.

Stuxnet Clone ‘Duqu’ Possibly Preparing Power Plant Attacks

Fox News

By Matt Liebowitz

Security researchers have detected a new Trojan, scarily similar to the infamous Stuxnet worm, which could disrupt computers controlling power plants, oil refineries and other critical infrastructure networks.

AP Photo/IIPA, Ebrahim Norouzi Iranian technicians work at the Bushehr nuclear power plant, outside the southern city of Bushehr, Iran.

The Trojan, dubbed “Duqu” by the security firm Symantec, appears, based on its code, to have been written by the same authors as the Stuxnet worm, which last July was used to cripple an Iranian nuclear-fuel processing plant.

“Stuxnet source code is not out there,” wrote F-Secure cybersecurity expert Mikko Hyppönen on his firm’s blog. “Only the original authors have it. So, this new backdoor was created by the same party that created Stuxnet.”

The original Stuxnet was specifically designed to compromise an industrial control system by manipulating the supervisory control and data acquisition (SCADA) software on which these facilities rely on for automation. Duqu may have its sights set on the same target, but it approaches from a different angle.

“Duqu shares a great deal of code with Stuxnet; however, the payload is completely different,” researchers for the security firm Symantec wrote on its Security Response blog.

Instead of directly targeting the SCADA system, Duqu gathers “intelligence data and assets from entities, such as industrial control system manufacturers, in order to more easily conduct a future attack against another third party. The attackers are looking for information such as design documents that could help them mount a future attack on an industrial control facility.”

“Duqu is essentially the precursor to a future Stuxnet-like attack,” the researchers added.

Symantec said whoever is behind Duqu rigged the Trojan to install another information-stealing program on targeted computers that could record users’ keystrokes and system information and transmit them, and other harvested data, to a command-and-control (C&C) server. The C&C server is still operational, Symantec said.

McAfee, another prominent security firm, has a different analysis of Duqu. Two of its researchers wrote on McAfee’s blog that Duqu is actually highly sophisticated spyware designed to steal digital certificates, which are encrypted “keys” that websites use to verify their identities. (Stolen certificates, apparently purloined by a lone Iranian hacker, have become a big issue recently.)

Neither Symantec, McAfee nor F-Secure would speculate about who’s behind Duqu, but the conventional wisdom on Stuxnet is that it was created by the intelligence services of the U.S. and Israel to knock out a uranium-refinement plant in Iran.

This new entry into the Stuxnet family comes just after the Department of Homeland Security (DHS) issued a bulletin warning that the notorious hacking group Anonymous may soon start looking to bring down or disrupt industrial control facilities. Posted yesterday (Oct. 18) to publicintelligence.net, the unclassified bulletin assesses Anonymous’ ability to compromise SCADA systems that run power plants, chemical plants, oil refineries and other industrial facilities.

Government officials did not blame Anonymous for any such hacks, and the bulletin says that based on available information, Anonymous has “a limited ability to conduct attacks” on industrial control systems.

The group’s agenda could change, however. The DHS document cites several recent actions, including Anonymous’ cyberattack on the websites and servers of biotech seed company Monsanto, as proof that Anonymous could “develop capabilities to gain access and trespass on control system networks very quickly.”