Crossroads Blog | CYBER SECURITY LAW AND POLICY

cyber attack, Cyber Exploitation, Stuxnet

Conficker, Duqu, And Stuxnet In Cahoots? Reuters

It's like the Miami Heat of computer viruses.  On Dec. 2nd, 2011, Jim Finkle reported for Reuters on a fascinating account of how a cyber expert has linked Conficker to Stuxnet (and sprinkled in a little Duqu along the way).  The article quoted John Bumgarner, a retired US Army special ops veteran and former intel officer, as saying that "Conficker was a door kicker" for Stuxnet, and Conficker "built out an elaborate smoke screen around the whole world to mask the real operation, which was to deliver Stuxnet."  Bumgarner won't comment as to whether the US and Israel are behind Conficker, but it's widely speculated that the US and Israel are behind Stuxnet.  According to the article, the White House, FBI, and PM Netanyahu declined to comment, and Bumgarner's findings haven't been independently verified.  However, the article notes that this news may show that "the United States and Israel may have a far more sophisticated cyber-warfare program than previously thought."

The article recounts how Bumgarner puts together a fascinating timeline of Stuxnet/Conficker.  Paraphrasing quickly, in 2007, Stuxnet's operators used variants of Duqu to spy on component makers for the Iranian nuclear program.  In 2008, Conficker was released to mark strategic Iranian facilities.  In 2009, Conficker downloaded Stuxnet onto those infected Iranian PC's.  In a humorous turn, Bumgarner says that Stuxnet's attack dates coincided with April Fool's day 2009, the date Ahmadinejad declared that Iran would pursue its nuclear program despite international condemnation, and the date of Ahmadinejad's visit to Columbia University in NYC…

 

800px-Mahmoud_Ahmadinejad_Columbia"You cheeky bastards!"

Source: Public Domain/Wikimedia Commons


There's much more to the timeline, and I highly recommend you check the article out.  It's important to note that Bumgarner's work is not yet verified (if it can ever be), but the article explains that Bumgarner is a highly respected cyber expert who "wrote a highly praised analysis of Russia's 2008 cyber attack on Georgia."  However, it really calls into question the extent of US/Israel involvement in this whole episode, and just how advanced the US cyber capability might be.

The rest of the article can be found here.

Leave a Reply