More cyber attacks for the US in Stuxnet fallout

Anti-virus industry spectacularly failed.

Political analysts have forecast potential consequences for the United States after it was confirmed to have been involved in the creation of the Stuxnet malware that attacked Iranian uranium enrichment facilities.

The New York Times piece released last week revealed direct involvement by US President Barack Obama in ordering the creation and spread of the malware to the Iranian facilities, which largely succeeded before the virus was discovered outside of the country.

But the United States, seen as one of the most vulnerable countries to “cyber-attacks” due to its heavy reliance on computers, could become highly prone to similar attacks in future as retaliation to its actions.

SANS Institute director of research Alan Paller said news of the US' involvement meant businesses and infrastructure operators would be required to bolster their own defences against such attacks.

"We are now going to be the target of massive attacks," Paller told Computerworld US.

"For a long time everything has been under the radar ... the US has acted like it was an innocent victim. But behavior will change when there's no longer an argument."

Ohers called it the "end of plausible deniability" for the US regarding its involvement in the attacks.

Though first created during the Bush administration under the code name 'Olympic Games', the Obama government continued using new variants of Stuxnet to sabotage the Iranian uranium refinement site, Natanz. Using a worm to sabotage Iran’s nuclear weapons programme was deemed preferable to Israeli air strikes on the facility.

Stuxnet’s existence became known in June 2010 after a programming error made the worm spread to an engineer’s computer that was connected to a centrifuge, and from there, around the world.

The Stuxnet worm and recently discovered Flame malware represent “a spectacular failure for our company and the antivirus industry in general” according to Mikko Hyppönen, the chief research office of Finnish security firm F-Secure in an article written for Wired.com’s Threat Level blog.

According to Hyppönen, Stuxnet wasn’t detected until well over a year after it was unleashed. F-Secure had samples of Flame dating back to 2010 and 2011 that were collected through its automated reporting systems, but Hyppönen said his company was unaware their existence.

Flame, Stuxnet and Duqu were most likely written by a Western intelligence agency and hidden in plain sight, according to Hyppöne, using standard code libraries that made them look more like a business database system than pieces of malware.

Hyppönen said there were likely to be more variants of politically motivated malware not yet detected.