Stuxnet

back to index

83 results

Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon

by Kim Zetter  · 11 Nov 2014  · 492pp  · 153,565 words

the Crown colophon are registered trademarks of Random House LLC. Portions of this work were originally published in different form in “How Digital Detectives Deciphered Stuxnet, the Most Menacing Malware in History” copyright © Wired.com. Used with permission. First published July 2011. Cataloging-in-Publication data is on file with

ve done. CONTENTS Cover Title Page Copyright Dedication Prologue: The Case of the Centrifuges 1. Early Warning 2. 500 Kilobytes of Mystery 3. Natanz 4. Stuxnet Deconstructed 5. Springtime for Ahmadinejad 6. Digging for Zero Days 7. Zero-Day Paydays 8. The Payload 9. Industrial Controls Out of Control 10.

Precision Weapon 11. A Digital Plot Is Hatched 12. A New Fighting Domain 13. Digital Warheads 14. Son of Stuxnet 15. Flame 16. Olympic Games 17. The Mystery of the Centrifuges 18. Qualified Success 19. Digital Pandora Acknowledgments PROLOGUE THE CASE OF THE CENTRIFUGES It

to be legitimate. It indicated that the driver had been compiled on July 14, two days after VirusBlokAda had gone public with news of Stuxnet. Had the Stuxnet hackers unleashed the driver in a new attack, completely oblivious to the fact that an obscure antivirus firm in Belarus had just blown their

until July 26, 2012, but once it was revoked by certificate authorities, the attackers couldn’t use it anymore. 25 Pierre-Marc Bureau, “Win32/Stuxnet Signed Binaries,” published August 9, 2010, at blog.eset.com/2010/07/19/win32stuxnet-signed-binaries. 26 Boldewin published his note at wilderssecurity.com/showthread

Normal malware executes its code in a straightforward manner by simply calling up the code and launching it. But this was too easy for Stuxnet. Instead, Stuxnet was built like a Rube Goldberg machine so that rather than calling and executing its code directly, it planted the code inside another block of

fake names and fraudulent credit cards, pointed to servers in Denmark and Malaysia that served as command-and-control stations for the attack. Each time Stuxnet infected a machine, it contacted the servers to announce its conquest and communicate intelligence about the latest victim. The communication was encrypted to prevent

of wellworn methods, others said, rather than the radical skunkworks project of an elite intelligence agency.7 But O’Murchu had a different take on Stuxnet’s inconsistencies. He believed the attackers deliberately used weak encryption and a standard protocol to communicate with the servers because they wanted the data traveling

on the PLC for about two weeks, sometimes longer, recording legitimate operations as the controller sent status reports back to monitoring stations. Then when Stuxnet’s malicious commands leapt into action, the malware replayed the recorded data back to operators to blind them to anything amiss on the machines—like

Everything Falliere and his colleagues had examined before, even the biggest threats that targeted credit card processors and Defense Department secrets, seemed minor in comparison. Stuxnet thrust them into an entirely new battlefield where the stakes were much higher than anything they had dealt with before. There had long been a

caught the attention of researchers and hackers, forcing vendors and critical-infrastructure owners to finally take note as well. THE NEWS IN August 2010 that Stuxnet was sabotaging Siemens PLCs caught the interest of a twenty-five-year-old computer security researcher in Austin, Texas, named Dillon Beresford. Beresford, like

result, they assumed it would be easy to spot any anomalies in the communication. But when they initially infected their Step 7 system with Stuxnet, nothing happened. Stuxnet, they discovered, as others had before, was on the hunt for two specific models of Siemens PLC—the S7-315 and S7-417—and

military organization chaired by Revolutionary Guard General Gholam-Reza Jalali, which is responsible for defending Iran’s nuclear facilities, contradicted these statements. It stated that Stuxnet had so thoroughly infected computers at Bushehr that work at the plant had to be halted indefinitely. The report claimed that if Bushehr went online

. See Ken Timmerman, “Computer Worm Wreaking Havoc on Iran’s Nuclear Capabilities,” Newsmax, April 27, 2011, available at newsmax.com/KenTimmerman/iran-natanz-nuclear-stuxnet/2011/04/27/id/394327. 19 Maillard, “Iran Denies Nuclear Plant Computers Hit by Worm.” 20 There were other statements made by officials that, if

since it’s intended to influence conditions—political, economic, or military—although the party responsible for the activity is hidden, such as the CIA. The Stuxnet operation involved both clandestine and covert activity. The clandestine activity involved the initial reconnaissance to gather intelligence about the plant. But the planting of malicious

and ever-expanding set of targets as more and more critical systems became computerized. The spy agency, in fact, was already contemplating, a decade before Stuxnet, the offensive opportunities presented by the world’s growing reliance on computerized control systems in critical infrastructure. Another article in the same newsletter proposed building

attackers had intentionally disabled it. In part of the code responsible for fingerprinting the 417 PLC to see if its configuration matched the target configuration Stuxnet was seeking, the attackers had inserted an exception—a programming trick that involved introducing an intentional error into the code to abort a mission

was clear the creators of the new code had developed their attack from the same source code and framework that had been used to develop Stuxnet. Stuxnet had sabotaged Iran’s uranium enrichment program but who knew what this new attack was doing and how many systems it had infected? Bencsáth dashed

for months. Six months earlier, officials in Iran had announced that computers there had been struck by a second digital attack in the wake of Stuxnet. The announcement came months after Iranian officials had finally acknowledged that computers controlling centrifuges in Iran had been attacked. Although the Iranians had never

security companies that responded differently this time. The government did as well. For some reason, during the many months the Symantec researchers had been analyzing Stuxnet and publishing pleas for help from PLC experts, ICS-CERT had remained distant, even though its analysts possessed the exact PLC expertise Symantec sought.

, so it was an indication of just how seriously Microsoft viewed the Flame exploit that it took this step. The attackers behind Duqu and Stuxnet had already struck at the underpinnings of the validation system that made the internet possible—first by stealing individual security certificates from the companies in

a specific configuration, Gauss only delivered its payload to machines that had a specific configuration. It seemed the attackers had learned from mistakes made with Stuxnet. By limiting the number of machines to which they spread the Gauss payload, they greatly reduced the chance that it would be discovered. Gauss

some in the security community who began to question their motives. Just as Symantec had been criticized for disloyalty to the United States in exposing Stuxnet and harming US national security interests, some wondered if the Moscow-based Kaspersky Lab was doing the bidding of Russian intelligence by exposing and

Unfortunately, this spreading power in later versions, and the location of patient zero in an office outside of Natanz, were the factors that got Stuxnet caught.33 Stuxnet 0.5 was completely autonomous once unleashed, so the attackers had no need to control it. But if it found itself on a machine

of new ethical and national security dilemmas for researchers caught between the needs of computer users and the interests of intelligence agencies and governments. If Stuxnet signaled the beginning of the militarization of cyberspace, it also signaled the beginning of the politicization of virus research. “There’s a new good

. 36 Author interview conducted with Chien, April 2011. CHAPTER 16 OLYMPIC GAMES In 2012, Chien may have been contemplating the dark and complicated future Stuxnet wrought, but four years earlier, the architects of the code were contemplating a different dark future if Iran succeeded in building a nuclear bomb. In

reconnaissance also might have been done around May 2006, when researchers found that code for the command-and-control servers used with later versions of Stuxnet was created. Once information about the systems was gathered, final work on the attack code could have occurred. Symantec estimated that two separate teams

enrichment process. 6 Author interview with Albright, November 2013. The first module of cascades, known as A24, is believed to have been struck by Stuxnet version 0.5, which targeted only valves on the centrifuges, not the frequency converters. Later versions that targeted the frequency converters are believed to have

temperature, and controllers on valves, heating/cooling, using specialized software.” The description closely matches what a control system for a cascade would do. 10 When Stuxnet was discovered in 2010 and it was revealed that the digital weapon was attacking Siemens controllers, many in the public wondered if Iran even had

s vendor-assessment program, whereby researchers examined various industrial control systems for security vulnerabilities. Langner first suggested the INL tests played a role in developing Stuxnet after he uncovered a PowerPoint presentation that INL had produced about the tests. But the INL tests were conducted between July and September 2008, and

we now know that the earliest-discovered version of Stuxnet—Stuxnet 0.5—had been developed before these tests occurred and was already in the wild in November 2007, when someone had uploaded it to the

, and Asia before breaking free and infecting other companies in those countries and beyond.27 Later, when the Symantec researchers analyzed various samples of Stuxnet gathered from infected computers, they were able to trace thousands of infections back to these initial infections at Behpajooh.28 Why the attackers increased their

or deciphered, the decision must have seemed completely reasonable at the time. Indeed, even the initial reaction from Symantec and other security companies after Stuxnet was exposed seemed to confirm that their covert operation was safe—every sign indicated that the security community, stymied by the malware’s complexity and

on Iranian Nuclear Facility,” the White House. 20 A year later, in September 2010, while the Symantec researchers and Ralph Langner were still deciphering Stuxnet’s payload, the Iranian dissident group that had exposed Natanz claimed it had information about yet another secret uranium enrichment plant being built near Abyek

technicians removing an unusual number of centrifuges from the underground hall at Natanz, the mystery behind the disappearing devices was at last solved. But with Stuxnet finally identified as the cause, and with details about the extensive resources behind it revealed, a couple of other questions begged to be answered:

to this level and announced plans to triple this amount. Officials began enriching the uranium to this higher percentage following the destruction of centrifuges by Stuxnet. Iranian officials claimed they needed the higher-enriched uranium for cancer treatment research. But the higher-enriched uranium created a bigger problem for those opposed

by more than half to produce weapons-grade, highly enriched uranium at about 90 percent enrichment,” noted Barzashka. In this regard, if “the purpose of [Stuxnet] was to decrease Iranian nuclear-weapons potential, it clearly failed.”8 Meanwhile, technicians also began installing more advanced centrifuges at the pilot enrichment plant at

when they do, the target for sabotage will eventually one day be in the United States. * * * 1 David Albright, Paul Brannan, and Christina Walrond, “Did Stuxnet Take Out 1,000 Centrifuges at the Natanz Enrichment Plant? Preliminary Assessment,” Institute for Science and International Security, December 22, 2010, available at isis-online

.org/isis-reports/detail/did-stuxnet-take-out-1000-centrifuges-at-the-natanz-enrichment-plant. 2 William J. Broad, John Markoff, and David E. Sanger, “Israeli Test on Worm Called

the Conficker worm, and even the Zeus banking Trojan would become quaint reminders of the days when attacks were simpler and, by comparison, more innocent. Stuxnet was a remarkable achievement, given its sophistication and single-minded focus. But it was also remarkably reckless. Because like the atomic bombs detonated over Hiroshima

technology that will have consequences for years to come. Kennette Benedict, executive director of the Bulletin of the Atomic Scientists, noted several parallels between Stuxnet and the first atomic bombs in an article she wrote for that publication about the lack of foresight that went into developing and unleashing both

Until now, the evolution of computer attacks has been driven by innovations in the criminal underground, but this will change as nation-state attacks like Stuxnet and Flame begin to drive future advancements. Instead of government hackers learning novel techniques from the underground, the underground will learn from governments. And as

digital weapons are developed, the need to produce even more advanced weapons will grow, pushing further innovations in weaponry. One US official has referred to Stuxnet as a first-generation weapon, on par with “Edison’s initial light bulbs, or the Apple II,” suggesting that more sophisticated designs have already

might have on the stability and security of the internet, and whether it would establish unwelcome norms of international behavior. Though some might argue that Stuxnet and Flame had already violated this guideline and established unwelcome norms of behavior, Herbert Lin, a cybersecurity expert with the National Research Council, points out

code that came before it represented simpler, more innocent times when the motives and ambitions of attackers were more straightforward and easier to discern. If Stuxnet was a challenge to decipher, the writing of this book was equally so. Combining a narrative structure with complex technical details and a political-

images. I’d also like to thank Dale Peterson, Perry Pederson, Joe Weiss, and Mike Assante for helping me understand the wider effects of Stuxnet and weapons like it on critical infrastructure. Dale and Perry were especially helpful in reading the chapter on industrial control systems and providing feedback. Similarly

The Hacker and the State: Cyber Attacks and the New Normal of Geopolitics

by Ben Buchanan  · 25 Feb 2020  · 443pp  · 116,832 words

spying on South Korean spies spying on North Korean spies spying on other countries. As ever, counterintelligence is messy. PART TWO ATTACK 6 Strategic Sabotage STUXNET WAS A WATERSHED, an indication of what states can do with hacking when they are extremely ambitious. The episode underscores what it takes, in terms

attack quickly became the most widely discussed hack among both cybersecurity researchers and scholars of international relations. And, remarkably, the story didn’t end there. Stuxnet was not the only tool of sabotage deployed against Iran. A larger cyber campaign against Iranian economic interests also unfolded in 2012—one that has

forever. More than anything, Bush needed time. The US government’s technical experts came up with a new option, which would eventually become known as Stuxnet. It was a targeted sabotage operation against the centrifuges at Natanz, Iran’s leading nuclear facility. These centrifuges were upright silver cylinders, taller than

the targets of their planned attack; it is unknown if human intelligence sources played a role in this infection.8 Without this extensive reconnaissance, the Stuxnet attack would have been impossible. Even with a more detailed understanding of how the Iranians configured their centrifuges, the attackers had substantial work to do

fewer than eight different propagation mechanisms.12 Infecting a broad range of computers, especially within contractors for Iran’s nuclear program, increased the odds that Stuxnet would cross the air gap and reach the centrifuges. Five contractors appear to have been the initial targets, the patient zeroes who unleashed the

version, the two copies of the worm compared notes and combined their information. Versions landing on internet-connected computers sent their information back to Stuxnet’s creators in messages disguised to look like visits to innocuous soccer websites.14 Thus, the list of machines the operation had infected across Iran

2007 manipulated the amount of uranium hexafluoride gas that flowed out of the centrifuges. By manipulating the valves that controlled the release of gas, Stuxnet could adjust the pressure inside the centrifuge. The code increased the pressure to levels five times above where they should have been for normal enrichment

that all was fine. Meanwhile, undetected, the prized centrifuges began to destroy themselves from within. For reasons that are unknown, a more aggressive version of Stuxnet superseded the pressure manipulation attack. In the new version, which appeared in 2009, the attack code manipulated the speed at which the rotors at the

detectable than manipulating pressure, but it appears the Iranians still did not figure out that they were under attack.21 The operation seemed to work. Stuxnet evidently destroyed more than a thousand centrifuges, although analysts debate the exact number. The delays the Iranians suffered in nuclear enrichment put them somewhere between

was there, the worm was inadvertently interfering with the computer, despite knowing, thanks to its target verification mechanisms, not to launch its full attack routine. Stuxnet, with its aggressive propagation tricks, had spread too far. Worse, because of its worm-like nature, the code would only continue to spread. Over

realized their project would eventually become the most famous cyber attack investigation in history. Ulasen and his colleagues dug in more deeply, uncovering many of Stuxnet’s secrets and its impressive technical accomplishments. They noticed the way it exploited previously unknown software vulnerabilities to spread from computer to computer, a propagation

certificates suggested they had access to significant resources and placed high priority on operational security. But, for all of these insights, it became clear that Stuxnet was too big and complex for VirusBlokAda to fully understand and combat on its own. The company needed help. Ulasen reached out to Microsoft.

industrial control system. By subtly and painstakingly altering this environment time and again to simulate different systems and configurations, he was able to watch how Stuxnet’s behavior varied in different circumstances. In this indirect way, and after much investigation by his firm, Langner eventually learned what he thought was the

to consider strategic dimensions, as well. Eventually, after weeks of fruitless investigation, Langner started thinking in more depth about the geopolitical implications of the Stuxnet code. In a night of web searching, he read about Bushehr, an Iranian nuclear site that had been under development but had suffered delays in

Iran. Iranian government officials recognized that the country was once more suffering the effects of a significant foreign sabotage operation, and even though, as with Stuxnet, the attackers did not claim credit, they had some pretty good guesses about who was responsible. A spokesman close to the Supreme Leader of

that, above all, the overarching goal of Wiper was to hide how the code worked, or even that it existed at all. As with Stuxnet, its creators seemed to desire devastating but erratic and inexplicable failures that would hurt Iranian operations and undermine confidence but not suggest foreign interference. In

and undermine confidence, key pillars of the United States’ strategy for dealing with Iran. No worm could delay the Iranian nuclear program forever, but Stuxnet could give the United States a better chance of overall success. As the worm tore apart Iranian centrifuges and slowed their enrichment progress, the noose

of economic sanctions tightened, aided in part by Wiper’s sabotage. As a result, Stuxnet’s creators craved secrecy. Without it, the effectiveness of the nuclear sabotage effort would diminish. If the Iranians knew that the cause of the random

its details eventually emerged for all to see. While bad luck had previously ruined covert missions and intelligence operations, this was more than misfortune. The Stuxnet outcome hinted at a pattern that would become increasingly apparent as time went on: states had tremendous power in cyber operations, but nonstate actors including

researchers and journalists were increasingly important, as well. Indeed, it was journalism that made Stuxnet famous. In the summer of 2011, Wired’s Kim Zetter wrote an in-depth profile of the affair, which she later turned into a book

United States and Israel had carried out the attack—and adding new details about its authorization and implementation.46 These accounts paint a consistent picture: Stuxnet and Wiper were mostly technical successes and likely also short-term geopolitical victories. But Iran’s leadership had learned firsthand what cyber operations could do

companies and caused tens of millions of dollars in damages. Disruptive cyber attacks were no longer a speculative threat, but an actual policy matter. While Stuxnet and Wiper tried to shape the environment, these public-facing attacks were about signaling. But they just were not very effective as signals, failing

Shamoon, every observer knew that Iran and Saudi Arabia were regional adversaries. Before Operation Ababil, it was no secret that Iran was greatly aggrieved by Stuxnet. Similarly, the mutual enmity between Iran and Sheldon Adelson was widely known, even if Adelson did escalate the rhetoric with his call for a

unfold.6 One prong manipulated the breakers that controlled the power. The hackers did not need to devise custom malicious code for this, as the Stuxnet creators had. They could, with their stolen credentials, simply log in as operators and issue commands to the industrial control systems directly. When the

make CRASHOVERRIDE so powerful, clearly its creators had studied previous attempts at targeting industrial control systems. The most infamous of these attempts was Stuxnet. As Chapter 6 showed, Stuxnet’s architects exhibited a deep understanding of the Iranians’ industrial processes for uranium enrichment. They understood how the centrifuges worked and how illicit

indiscriminate and widespread. The Russian hackers endowed the attack code with the capacity to copy and spread itself. In this sense, it was like Stuxnet, but unlike Stuxnet, it contained no target verification mechanisms to limit its force; pervasive damage was the goal. Unlike WannaCry, which might have spread by accident,

has become increasingly aggressive as modern cyber operations grow in capability. The cases in this book demonstrate the flexibility of hacking. Some of these, like Stuxnet and the 2016 election interference, are high-profile and have attracted enormous attention. Others, such as those oriented toward passive collection and counterintelligence, have not

such as passive collection, surreptitious decryption, source code manipulation, and counterintelligence—if the operations come into view. Even in some acts of sabotage, such as Stuxnet and Wiper, perpetrators have tried to remain invisible as long as possible to increase operational effectiveness. “If you know much about it, [cyber is] very

which could have caused a massive explosion. Cybersecurity defenses prevented the attack, but analysts discovered that the malicious code’s capabilities exceeded previous operations. Recalling Stuxnet and the 2016 blackout in Ukraine, the Department of Homeland Security warned that it “surpass[ed] both forerunners with the ability to directly interact with

Natanz?” YouTube, July 27, 2017. 22. For discussion of the number of centrifuges destroyed and the effects, see Ivanka Barzashka, “Are Cyber-Weapons Effective? Assessing Stuxnet’s Impact on the Iranian Enrichment Programme,” RUSI Journal 158, no. 2 (2013); Sanger, Confront and Conceal, 207. 23. Sanger, Confront and Conceal, 200.

24. For the initial infection report, see Jarrad Shearer, “W32.Stuxnet,” Symantec Security Center (website), July 13, 2010. Other firms reported greater infection numbers as time went on. 25. David Sanger, “Obama Order Sped Up Wave

of Cyberattacks against Iran,” New York Times, June 1, 2012. 26. Sanger, Confront and Conceal, 205. 27. Eugene Kaspersky, “The Man Who Found Stuxnet: Sergey Ulasen in the Spotlight,” Kaspersky Lab blog, November 2, 2011. 28. Brian Krebs, “Experts Warn of New Windows Shortcut Flaw,” Krebs on Security, July

/https://www.symantec.com/connect/symantec-blogs/security-response/11761/all/all/all/all. 32. Emphasis in the original. Kim Zetter, “How Digital Detectives Deciphered Stuxnet, the Most Menacing Malware in History,” Wired, July 11, 2011. 33. Zetter, Countdown to Zero Day, 173. 34. Zetter, Countdown to Zero Day, 177.

: Modular ICS Malware,” report, SANS Institute, Electricity Information Sharing and Analysis Center, August 2, 2017; Anton Cherepanov, “Industroyer: Biggest Threat to Industrial Control Systems Since Stuxnet,” ESET WeLiveSecurity blot, June 12, 2017; Greg Masters, “Industroyer Can Knock Out Power Grid, ESET,” SC Magazine, June 12, 2017; Joe Slowik, “Anatomy of

–55; encryption debate and, 40–41 Central Bank of Bangladesh, 272–275 Central Intelligence Agency (CIA). See CIA (Central Intelligence Agency) centrifuges. See nuclear programs; Stuxnet Chase Bank, 156 checks and balances, 55 China, 2; cyber operations by, 86–107, 313, 314; dissidents, 89–90; Google’s relationship with, 90;

Robert, 14 GCHQ (Government Communications Headquarters). See Government Communications Headquarters (GCHQ) Gemalto, 54 geography, home-field advantage and, 16–19 geopolitics: Aramco attack and, 148; Stuxnet and, 141; Ukraine blackouts and, 202–204. See also international relations; shaping; signaling Georgia, denial-of-service attacks against, 155 Germany, 33; partnership with NSA

See also hop points; operational security; secrecy Inception (film), 125 indictments, against hackers, 98–99 industrial control systems, 194, 196. See also blackouts in Ukraine; Stuxnet information, access to, 18. See also collection Inglis, Chris, 318 Innocence of Muslims, 156 intelligence: foreign versus domestic distinction, 56; targeting foreign intelligence services, 110

hacking operations, 316; financial industry attack (Operation Ababil), 153–154, 155–159, 163–164, 310; nuclear deal, 146; nuclear program, 129, 141 (see also Stuxnet); prediction of future cyber operations by, 159; relationship with Israel, 129, 160; sanctions against, 13–15, 142; Sands Casino attack, 160–164, 165; use of

(film); North Korea Krebs, Brian, 139 Langner, Ralph, 140–142 Last Week Tonight (television program), 42 law enforcement, Chinese hackers and, 98–99, 101 lawyers, Stuxnet and, 135 leaks, 262, 315. See also election interference, Russian (2016); exposure; Shadow Brokers Lee, Robert M., 194, 203, 204, 205 Libya: Benghazi attack,

; as signaling, 302–304; as warning, 302–304 NSA (National Security Agency). See National Security Agency (NSA) nuclear programs: Iran’s, 129, 141 (see also Stuxnet); Libya’s, 133–134 Obama, Barack, 134, 179, 214; Iran and, 142; NSA review commission and, 271; response to election interference, 228, 230, 246;

of Personnel Management (OPM), breach of, 104–106 oil. See Aramco attack (Shamoon); Iran Oliver, John, 42 Olympic Games (code name), 132, 134. See also Stuxnet Olympics (2004), 28–29 OPC (Open Platform Communications), 198 Open Platform Communications (OPC), 198 Open Society Foundations, 223, 226 OpenSSL, 69–70 Operation Ababil, 153

, 164, 310 Operation Aurora, 89–92, 94 operational security: in blackouts in Ukraine, 196; of GRU hackers, 222; of intrusion at DNC, 215; of Stuxnet, 139, 146, 147. See also exposure; secrecy OPM (Office of Personnel Management), 104–106 Organization for the Prohibition of Chemical Weapons, 315 Ōshima, Hiroshi, 108

153, 159, 164, 165; hacking operations of, 317; listening stations in, 33 SCADA (supervisory control and data acquisition) systems, 192. See also blackouts in Ukraine; Stuxnet Schelling, Thomas, 4, 145, 310 Schmidt, Eric, 59 Schneier, Bruce, 256 Schultz, Debbie Wasserman, 225 ScreenOS, 76. See also Juniper Networks SEA-ME-WE-4

, 34 secrecy, 101; decryption and, 60; home-field advantage and, 16; importance of, 39, 240 (see also exposure); signaling and, 308–309; Stuxnet and, 139, 146, 147. See also exposure; operational security security: firewalls, 190–192; network segmentation, 190–191 security clearance files, 104–106 selector, 26 serial

Bin, 99–102, 116 Sullivan, Margaret, 180 supernotes, 268–269, 270–271 supervisory control and data acquisition (SCADA) systems, 192. See also blackouts in Ukraine; Stuxnet surveillance, 21, 26; AT&T and, 21; checks and balances and, 55; internet companies and, 21, 26 (see also PRISM) SWIFT (Society for Worldwide

This Is How They Tell Me the World Ends: The Cyberweapons Arms Race

by Nicole Perlroth  · 9 Feb 2021  · 651pp  · 186,130 words

it burrowed deep into the offline, or “air-gapped,” computers that controlled the rotors that spun Iran’s uranium centrifuges. And then, by remote command, Stuxnet silently spun some of Iran’s centrifuges out of control, while stopping others from spinning entirely. By the time Iran’s nuclear scientists discovered that

a computer worm was responsible for the destruction of their centrifuges, Stuxnet had already destroyed a fifth of Tehran’s uranium centrifuges and set Iran’s nuclear ambitions back years. Langner had made a name for himself

nuclear plant, or a water treatment facility in the United States. In fact, Langner had mapped out “target-rich environments”—industrial systems still vulnerable to Stuxnet’s code around the globe. The bulk were not in the Middle East. They were in the United States. It was only a matter of

same time, Microsoft issued an urgent advisory to its customers. Forming an anagram from the first few letters of the code, they called the worm Stuxnet. Inside his sleek office in Hamburg, Langner stewed. For years he’d been a voice in the wilderness, warning his clients in Germany and all

day be a target for sabotage or worse—explosions, digitally-triggered tsunamis, widespread power outages. But until now these concerns had been purely hypothetical. As Stuxnet’s code and payload came into focus, Langner realized that the attack he had long dreaded was staring right back at him. Inside the confines

. Bingo! Back at the New York Times, my colleagues David Sanger, William Broad, and John Markoff were starting to piece together the mystery of the Stuxnet code as well. In January 2011 the three published a lengthy account of the worm in the Times, detailing Israeli involvement. Two months later, in

later, he delivered what was arguably the most coherent description of the world’s first digital cyberweapon of mass destruction. He ended with a warning. Stuxnet had been specifically designed for Natanz, but it was also generic, in the sense that there was nothing in the code to prevent others from

that is the United States. “Fortunately, fortunately,” he added, “because otherwise our problems would be even bigger.” The Iranians never did acknowledge the destruction that Stuxnet wrought on its enrichment programs. Ali Akbar Salehi, the head of Iran’s Atomic Energy Organization, claimed that his team had “discovered the virus exactly

revenge; and the United States and Israel had shown them a terrific shortcut. The United States may have thwarted a conventional war, but in releasing Stuxnet on the world, it opened up an entirely new battlefront. The worm had crossed the Rubicon from defensive espionage to offensive cyberweapon, and in just

on Hiroshima. “Somebody just used a new weapon, and this weapon will not be put back in the box.” CHAPTER 10 The Factory Reston, Virginia Stuxnet did a couple turns around Asia before it came home. The first American company to acknowledge that its computer systems had been infected was Chevron

pore of this new digital dimension for exploitation, surveillance, and future attack. Once Pandora’s box had been opened, there was no going back. With Stuxnet under way in June 2009, the Obama administration created a dedicated Cyber Command at the Pentagon for offensive cyberattacks. More hacking—not better defenses—was

the Pentagon’s response to the Russian attacks on its own classified networks. The success of Stuxnet, however short-lived, meant there was no going back. By 2012 the U.S.’s three-year-old Cyber Command’s annual budget had tripled

developing in-house. All this appetite for vulnerabilities and exploits created a surge in the market for offensive cyberweaponry. It wasn’t just NSA. After Stuxnet, the CIA, DEA, U.S. Air Force, U.S. Navy, and FBI started pouring more dollars into zero-day exploits and malware tools. At

will be discovered within a year and a half. Earlier studies determined that the average life-span of a zero-day is ten months. After Stuxnet opened the world’s eyes to the power of a zero-day, American allies, adversaries, and authoritarian regimes started searching for and stockpiling their own

American rules. While companies like VRL only did business with U.S. agencies, and others like Azimuth and Linchpin Labs worked exclusively within Five Eyes, Stuxnet’s darkest legacy is that it showed other countries what could be accomplished with a few zero-days strung together. After the worm was discovered

flooding the zero-day market, outbidding Western governments and front companies for zero-day exploits in pursuit of the kind of success, albeit temporary, that Stuxnet had achieved in Iran. “I think it is fair to say that no one anticipated where this was going,” one U.S. senior official told

was still its biggest customer. That year, having ironically spawned the zero-day market and launched the world into the era of cyberwar, Keith Alexander, Stuxnet’s architect, was asked what kept him up at night. “My greatest worry,” Alexander told a reporter, was the growing likelihood of zero-day exploits

, especially as authorities in Israel, Britain, Russia, India, Brazil, Malaysia, and Singapore started creating their own mandates and quotas for zero-day exploits and tools. Stuxnet had cracked Pandora’s box wide open. Suddenly governments who would never match the United States when it came to conventional warfare saw what could

told me. “To build relationships and acquire their zero-days and weapons for a rainy day.” Foreign governments were hungrier for exploits than ever before. Stuxnet had shown what was possible. Then Snowden had given every nation a blueprint for what a truly sophisticated offensive cyber program looks like. And once

conversations with the younger generation, encounters that tended to engender a mixture of disdain but also understanding. This was the way of the world post-Stuxnet, Arce told me. Selling exploits to governments were their tickets out of poverty and corporate slogs. I asked Arce the question I had asked so

the United States where it would hurt most: American access to cheap oil, the economy, and our own sense of safety and military superiority. Once Stuxnet had been discovered and unfurled, it became Tehran’s rallying cry and the single greatest recruiting tool the Ayatollahs could have ever hoped for. The

clean through-line from the American cyberweapon that had just debuted on the world stage and the timing of the Russian attacks. Not long after Stuxnet escaped, Russian officials—dismayed by what the Americans and Israelis had pulled off in the cyber realm—began agitating for an international cyberweapons ban. At

plans to fully automate its substations and transmission lines by 2030. Each new digitized node presented another inroad for attack. Following on the discovery of Stuxnet, Russian officials feared they made for an obvious American target. In a speech in 2012, Russia’s minister of telecommunications pushed for an international treaty

. It was also targeting clients of two other industrial control software makers: Siemens, the same company the United States and Israelis had hijacked in the Stuxnet attack, and Advantech, one of the leading “Internet of Things” enablers in the world. Advantech’s software was embedded in hospitals, power facilities, oil and

country, I need to find vulnerabilities in other countries,’ ” Schmidt told me before his passing. “The problem is that we all fundamentally become less secure.” Stuxnet had inspired dozens of other countries to join the zero-day hunt, and the United States was losing control over the market it had once

much larger trove of NSA tools they planned to release to the highest bidder. The Shadow Brokers followed up with another encrypted file—“better than Stuxnet!” they wrote—and this time they offered to decrypt it for anyone who bid the most Bitcoin. This time, the Shadow Brokers added a

Brokers reemerged, posting the password to the first encrypted file they had posted some eight months earlier, the trove they had advertised as “better than Stuxnet.” That proved to be false advertising. The deciphered file included exploits that affected older versions of Linux, Unix, and Solaris, hardly the cyberweapons of mass

thinking. The internet has no borders. No cyberattack can be confined to one nation’s citizens anymore. That had been the short-lived lesson from Stuxnet’s escape. These attacks were transnational. Any company that did any business in Ukraine—even those with a single employee working remotely from Ukraine—got

. The latest attacks were different. The destructive back-to-back cyberattacks that assailed the globe in 2017—WannaCry, followed by NotPetya—were defining the post-Stuxnet era. In the absence of any universally accepted cyber rules, or even definitions, the United States had set the rules itself, making it permissible to

when others are violating them.” The idea of an international cyber treaty had been pitched before, by Europeans and Russians, especially in the wake of Stuxnet. A small handful of former American officials with classified insights into the pace, scale, and destructive nature of cyberattacks had proposed similar ideas. The year

meaningful consideration for what might happen when those same attacks, zero-day exploits, and surveillance capabilities circled back on us. And in the decade after Stuxnet, invisible armies had lined up at our gates; many had seeped inside our machines, our political process, and our grid already, waiting for their own

NSA’s advantage had hugely eroded over the last decade—not just because of Snowden and the Shadow Brokers and what had been learned from Stuxnet, but because we had grossly underestimated our enemies. More unsettling was the Chinese hacking group behind the extraction and redeployment of the NSA’s exploits

seen. They were now the most active nation-state hackers in our digital orbit, more prolific even than China. Even Keith Alexander, the brains behind Stuxnet, was bracing for impact: “We’re probably one of the most automated technology countries in the world and we have a very good offense, but

directive was a turning point. It wasn’t perfect. There were missteps and setbacks along the way. Windows vulnerabilities still formed the raw matter for Stuxnet, WannaCry, and NotPetya. But in other ways, it worked. Microsoft used to be a punchline; now it is widely seen as a security leader. The

articles that are mentioned in these pages. David Sanger first revealed the real codename “Olympic Games”—for the computer worm the world knew only as Stuxnet. And it was David that pulled me into the reporting on the escalating digital Cold War between the United States and Russia that the President

Liam O’Murchu at Symantec patiently took every call and read over me as I described the zero-days that formed the entry points in Stuxnet. Fred Kaplan’s book, Dark Territory: The Secret History of Cyber War (Simon & Schuster, 2016), also provided useful context. I found myself frequently citing Joe

exploit in HP printers that sounded almost identical to the exploit he described. Printers continue to be ripe targets for hackers. Among the exploits the Stuxnet worm relied on was a zero-day in a printer spooler, the software that tells printers what to print. And in 2017, a graduate student

-tao-unit-introduces-itself-fotostrecke-105372.html. CHAPTER 9: THE RUBICON The most comprehensive window into the White House’s internal deliberations leading up to Stuxnet is detailed by David Sanger in his book, Confront and Conceal, and I owe much of the reporting in this chapter to David. I also

Zetter’s 2014 account, Countdown to Zero Day, which does an excellent job chronicling the urgency by researchers to uncover and dissect the code behind Stuxnet. Taken together, these books provide the most compelling and comprehensive looks at the world’s first cyberweapon and are more than worthy of your time

, and the 10 percent of centrifuges Iran was already replacing every year due to natural accidents, see Kim Zetter’s excellent 2014 tick tock of Stuxnet, Countdown to Zero Day. For a layman’s summary of nuclear enrichment, I relied on Charles D. Ferguson’s 2011 work, Nuclear Energy: What

Confront and Conceal and his 2010 work, The Inheritance: The World Obama Confronts and the Challenges to American Power (Crown). For a cost comparison of Stuxnet versus American bunker-buster bombers, I relied on numbers provided by the U.S. Government Accountability Office and price lists of exploits published by Zerodium

advertised for a single zero-day in 2019 was $2.5 million, though the prices continue to rise (zerodium.com/program.html). As for how Stuxnet got into Natanz, there are mixed reports. In 2019, Kim Zetter and Huib Modderkolk reported in Yahoo News that an Iranian engineer, recruited by the

) records show a gradual drop-off starting in June 2009 that continued over the next year. See David Albright, Paul Brannan, and Christina Walrond, “Did Stuxnet Take Out 1,000 Centrifuges at the Natanz Enrichment Plant?” Preliminary Assessment, Institute for Science and International Security, December 22, 2010, and David Albright, Andrea

Stricker, and Christina Walrond’s “IAEA Iran Safeguards Report: Shutdown of Enrichment at Natanz Result of Stuxnet Virus?” Institute for Science and International Security Report, November 2010. That November, Ali Akbar Salehi, the head of Iran’s Atomic Energy Organization, confirmed to

New York Times, May 29, 2009, www.nytimes.com/2009/05/29/us/politics/29obama.text.html. I also relied on the contemporary accounts of Stuxnet written by my Times colleagues, including that of John Markoff, my predecessor at the Times: “A Silent Attack, but Not a Subtle One,” September 27

opportunity to seize control of industrial control systems from afar, in much the same way the U.S. and Israel were able to use the Stuxnet computer worm in 2009 to take control of an Iranian nuclear facility.” Later researchers changed their tune. The real goal wasn’t intellectual property theft

, Janet, here, here Nasser, Moza bint, here Natanz nuclear plant (Iran), U.S.-Israeli attack on, here, here, here, here, here, here, here. See also Stuxnet (Natanz worm) National Counterterrorism Center, here National Nuclear Security Administration (DOE), here National Security Operations Center (NSA), here Navy, U.S., here, here, here, here

, here, here Stellar Wind (NSA), here Stephenson, Randall, here Stewart, Chris, here Strategic Support Force (China), here Stroud, Lori, here Studeman, William O., here, here Stuxnet (Natanz worm) comparisons to, here introduction of, here learning from, here legacy, here, here, here, here, here, here, here, here, here, here, here, here a

Cybersecurity: What Everyone Needs to Know

by P. W. Singer and Allan Friedman  · 3 Jan 2014  · 587pp  · 117,894 words

the problems can be conceptualized through the tough political issues that this “stuff” has already produced: scandals like WikiLeaks and NSA monitoring, new cyberweapons like Stuxnet, and the role that social networking plays in everything from the Arab Spring revolutions to your own concerns over personal privacy. Indeed, President Barack Obama

. Instead, we embraced this series’ core idea of “what everyone needs to know.” Everyone does not need to know the software programming secrets of Stuxnet or the legal dynamics of ISP insurance schemes. But as we all become more engaged in and dependent on cybersecurity, there are certain building blocks

to detect attacks, in the same way that complex diseases like HIV-AIDS go after the human body’s natural defenses. For instance, the Stuxnet attack (which we explore later in Part II) was so jarring because the compromised computers were telling their Iranian operators that they were functioning normally

, even as the Stuxnet virus was sabotaging them. How can we know whether a system is functioning normally if we depend on that system to tell us about its

Post urging support for their legislation. They cited a series of recent, high-profile attacks, including those against the Citigroup and RSA companies and the Stuxnet worm’s attack on Iranian nuclear research. The problem is that these three cases reflected wildly different threats. The Citigroup attack was about financial fraud

. The RSA attack was industrial theft, and Stuxnet was a new form of warfare. They had little in common other than they involved computers. When discussing cyber incidents or fears of potential incidents

an ultimate goal of financial theft. In the attack on RSA, the attackers wanted key business secrets in order to spy on other companies. For Stuxnet (a case we’ll explore further in Part II), the attackers wanted to disrupt industrial control processes involved in uranium enrichment, so as to

the environment. Similarly, maintaining an air gap is often unrealistic, as the Iranians discovered when their supposedly air-gapped systems still got infected by the Stuxnet virus. At some point, old data needs to come out, and new instructions need to go in. Systems need to be patched, updated, and

in Part I, in 2011, a group of top US senators talked about a $3 million case of credit card fraud at Citigroup and the Stuxnet worm, specially designed to cripple Iranian nuclear research, as if they were one and the same problem. Likewise, Chinese Foreign Ministry officials have talked

that bomb might also unintentionally collapse the building or explode a gas line that no one knew was inside, while, in turn, some viruses like Stuxnet are specially designed only for a specific set of targets. Moreover, the costs to conduct a physical attack are likely in the purchase of actual

’ve seen, they involve everything from “denial of service,” where the targeted system is simply flooded with too many requests from other networks, to Stuxnet, where the malware caused physical equipment in an Iranian nuclear lab to malfunction and spin out of control. It’s like categorizing everything from a

accomplish a truly violent cyberattack of major scale. It goes well beyond finding top cyber experts. Taking down hydroelectric generators or designing malware like Stuxnet that causes nuclear centrifuges to spin out of sequence doesn’t just require the skills and means to get into a computer system. It requires

do once you’re there. To cause true damage entails an understanding of the devices themselves: how they run, their engineering, and their underlying physics. Stuxnet, for example, involved cyber experts as well as experts in nuclear physics and engineers familiar with a specific kind of Siemens-brand industrial equipment. On

striking the right balance often comes down to more than how the groups are organized; the ways they operate are also important. Focus: What Was Stuxnet? Ralph Langner is a jovial fellow with a quick wit, whose sense of whimsy is perhaps best illustrated by the fact that he wears cowboy

device drivers that are trusted by the operating system. Unsigned drivers raise an alert for the user, while signed drivers do not. The drivers in Stuxnet were signed by two real companies in Taiwan, indicating that the authors had access to the secret signing keys—most likely stolen. Again, this

was the target? This was the true mystery. Here Langner’s background in working with industrial firms proved particularly useful. He figured out that Stuxnet was only going after a specific industrial controller, manufactured by Siemens, configured to run a series of nuclear centrifuges—but not just any old nuclear

this was the exact setup at the Natanz nuclear facility, a suspected site in Iran’s illicit nuclear weapons program. Things got especially tricky once Stuxnet found its way into this target (it was later revealed that the delivery mechanism was infiltration through Iranian nuclear scientists’ own laptops and memory sticks

explosives” against the facility. In fact, it was better. The victim had “no clue of being under a cyber attack.” For over a year, Stuxnet had been inside Iranian networks, but the nuclear scientists initially thought their facility was just suffering from a series of random breakdowns. The scientists just

Americans had built an atomic bomb using slide rulers, and they couldn’t even get their modern-day centrifuges to work. Overall, Langner likened the Stuxnet effect to the cyber version of “Chinese water torture.” When Ralph Langer revealed his findings on his blog, the little-known German researcher quickly

new kind of weapon long speculated about but never seen, a specially designed cyber weapon, had finally been used. What Is the Hidden Lesson of Stuxnet? The Ethics of Cyberweapons “The musket of cyberwarfare. What will be its rifle? Its AK-47? Its atomic bomb?” Judith Donath of Harvard University

kind of weapon that could only get better. But others worried that these better weapons would promote a new kind of escalation and global risk. “Stuxnet was the absolute game changer,” wrote cyber thinker Mikko Hypponen. “We are entering an arms race where countries start stocking weapons, only it isn’

economic sanctions. While it’s certainly arguable whether preemptive action against the Iranian program is justifiable, this is when the question of proportionality becomes relevant. Stuxnet broke nothing other than the nuclear centrifuges that had been illegally obtained by Iran to conduct illicit research. Moreover, it neither hurt nor killed anyone

during “Operation Opera,” leveling it and killing eleven soldiers and civilians. But discrimination also matters when judging the ethics of these attacks. At face value, Stuxnet would seem to have been incredibly indiscriminant. While limited in its promiscuity compared to prior malware, this was a worm that still got around. It

violation of “prevailing codes of international laws of conflict, as they go beyond just the original target and deliberately target civilian personnel and infrastructure.” While Stuxnet lacked discretion under the old way of thinking, its very design prevented harm to anyone and anything beyond the intended target. This kind of discrimination

was something never previously possible in a weapon. As George Lucas, a philosopher at the US Naval Academy, wrote in an assessment of Stuxnet’s ethics, “Unless you happen to be running a large array of exactly 984 Siemens centrifuges simultaneously, you have nothing to fear from this

indirect means. Many military systems like ship engines operate under SCADA programs, meaning that they can be targeted in much the same way that the Stuxnet virus caused Iranian centrifuges to spin out of control. In 2009, for instance, an employee at the Shushenskaya dam in Siberia accidentally turned on

took down over 300 other servers in the wider Middle East, Europe, and the United States, opening a whole new can of worms. Similarly, Stuxnet was specifically tailored to target just a few Iranian centrifuges and yet ended up spreading to well over 25,000 other computers around the world

it described how the Chinese military establishment viewed developments in cyberspace, from the creation of the US military’s Cyber Command to the revelation of Stuxnet. “Of late, an Internet tornado has swept across the world … massively impacting and shocking the globe. Behind all this lies the shadow of America.

2009, Mike McConnell oversaw a surge of US cyberwar capabilities, funded by tens of billions of dollars, that culminated in the development of weapons like Stuxnet. But instead of feeling more confident about where the United States stood in cybersecurity after this effort, McConnell testified to the Senate, “If the

nuisance or merely have a disruptive effect, combine sophisticated new weapons with vast economic and human resources, sometimes outside the cyber realm. What made Stuxnet so effective was that it combined multiple new exploits built into the weapon’s design and that it was specifically targeted to hit a precise

they might play out in terms of microseconds, they often take long periods of planning and intelligence gathering to lay the groundwork. Neither Rome nor Stuxnet was built in a day, so to speak. This means that crippling attacks out of the blue, the ultimate threat from the offense’s

greater resonance, when General Cartwright was reported to have been the alleged source of leaks to the media that revealed the US role in building Stuxnet, the first true use of a cyberweapon.) A New Kind of Arms Race: What Are the Dangers of Cyber Proliferation? In 280 BC, King

a “Pyrrhic victory” has come to describe accomplishments that seem to offer great benefit but ultimately sow the seeds of defeat. Many now describe Stuxnet in a similar way. The development and use of a cyber weapon seriously damaged Iran’s nuclear program in a way that avoided direct military

firm, for instance, estimates that there are only around twenty countries that actually have “advanced cyberwar programs” that could build something comparable to a new Stuxnet-like weapon. Michael Nacht, the former US Assistant Secretary of Defense for Global Strategic Affairs, told us how all this work impacts global politics: “An

to individuals are now key players in a major arms race, something that hasn’t happened before. Ralph Langner, the cybersecurity expert who discovered Stuxnet, for example, discussed with us how he would rather have ten experts of his own choosing versus all the resources of the US Cyber Command

the world, Langner and other security experts were lamenting that that a number of major public infrastructure companies had still not plugged the vulnerabilities that Stuxnet attacked. The more problematic proliferation path, however, is via inspiration. Each construction and use of a new type of cyber weapon lowers the bar

out there right now, and the level required to make this kind of thing, has dropped considerably simply because you can copy so much from Stuxnet. The booming underground black market of creating and distributing malware, in which transnational criminal groups buy and sell specialized cyber capabilities, makes this proliferation even

action do not require the kind of large-scale human, financial, or physical resources one used to need. To make a historic comparison, building Stuxnet the first time may have required an advanced team that was the cyber equivalent to the Manhattan Project. But once it was used, it was

at the time. By comparison, the proliferation of cyber weapons happens at Internet speed, so any window that first users had with weapons like Stuxnet has already closed. This raises the question of whether some kind of stability like that during the Cold War will then set in. While the

safety. If it was so simple, the Pentagon’s Secure Internet (SIPRINET) wouldn’t have been repeatedly compromised by relatively unsophisticated cyberattacks, nor would Stuxnet have been a problem to the Iranians. These same kinds of problems strike the private side, just with added layers. Suppose your mother hears about

It is not that the government isn’t taking cybersecurity action. Indeed, time and again, major governmental programs have taken shape, from Cyber Command to Stuxnet. Rather, it is the government’s pace that is different, which matters greatly when thinking about how it can better organize for cybersecurity. One of

collateral damage beyond the intended target. This precision becomes even more important if the attack is to interfere with physical processes. In the case of Stuxnet, for example, many believe that practice was needed to understand how the software would deploy and how altering the industrial controllers would impact the targeted

needed by 2017 and beyond. The cyber people problem, however, is not just one of raw numbers. As Ralph Langner, our cybersecurity expert who unearthed Stuxnet, explains, “Right now the cyber arms race is about talent.” Indeed, one survey of chief information security officers and IT hiring managers at government

the end of the day, the individual still has to buckle up. When it comes to cybersecurity, most people are not being targeted by APTs, Stuxnet, or other high-end threats. We are, however, part of an ecosystem where we have responsibilities both to ourselves and to the broader community.

1, 2012, http://www.nytimes.com/2012/06/01/world/middleeast/obama-ordered-wave-of-cyberattacks-against-iran.html. WHAT IS THE HIDDEN LESSON OF STUXNET? THE ETHICS O CYBERWEAPONS “Its atomic bomb?” “The FP Survey: The Internet,” Foreign Policy (September–October 2011): p. 116. planes and nuclear reactors Clayton, “

able to gain access to other files or permissions on the server. Structured Query Language (SQL): A type of programming language used to manage data. Stuxnet: Created by US and Israeli intelligence agencies, a computer worm specifically designed to sabotage Iranian nuclear research facilities. supervisory control and data acquisition (SCADA): A

), 24 Internet Society (ISOC), 28 intrusion detection systems, 62 Iran as cyberattack target, 49, 63, 116–119, 152 offensive cyber operations, 65, 113 (see also Stuxnet) Iraq, 52–53, 102, 132, 150 Israel, 119, 126–128, 239 Japan, 164 Javaphile, 113 Jintao, Hu, 144 Johnson, Lyndon, 148 Joint Task Force

Language (SQL) State Department, 53–54, 107 Stop Huntingdon Animal Cruelty (SHAC), 79–80 Stop Online Piracy Act (SOPA), 107 Structured Query Language (SQL), 42 Stuxnet copycats of, 158–159 creation and effects of, 35, 38, 98, 114–118, 213 lessons of, 118–120, 132, 152, 156–158 supercomputer, 247–

Black Code: Inside the Battle for Cyberspace

by Ronald J. Deibert  · 13 May 2013  · 317pp  · 98,745 words

“Other Request” on the Line? 8. Meet Koobface: A Cyber Crime Snapshot 9. Digitally Armed and Dangerous 10. Fanning the Flames of Cyber Warfare 11. Stuxnet and the Argument for Clean War 12. The Internet Is Officially Dead 13. A Zero Day No More 14. Anonymous: Expect Us 15. Towards Distributed

. How far down this road have we gone? A 2012 New York Times report revealed that the United States and Israel were responsible for the Stuxnet virus, which sabotaged Iranian nuclear enrichment facilities in June 2010. While the two countries remained mum about the charge, they did not deny it.

facto act of war through cyberspace. The techniques used in these state-based breaches and attacks are indistinguishable from those used by cyber criminals. Indeed, Stuxnet has been described as a “Frankenstein” of existing cybercrime methods and tradecraft, and many now see cyber crime as a strategic vector for state-based

for state control. • • • It would be wrong, however, to see the growing assertion of state power in cyberspace as coming only from authoritarian regimes. As Stuxnet suggests, cyberspace controls, in fact, are being driven and legitimized just as much by liberal democratic countries. Many liberal democratic governments have enacted or are

Army would be hard pressed not to deploy its cyber warfare assets to confuse, deter, and even disable American military and civilian assets. As the Stuxnet worm aptly demonstrated in 2010, a menacing virus or trojan horse can be used to sabotage critical infrastructure. Such an attack would invariably provoke a

which Google does not have an antagonistic relationship. In June 2012 the New York Times reported that the U.S. and Israel were behind the Stuxnet virus that sabotaged nuclear enrichment facilities in Iran. Would Google give the same warning to Iranians working in critical infrastructure facilities? The new Google features

to lend support to the Russian and Chinese preferences for cyberspace governance? The possible connections between Flame and another devastating cyber weapon, Stuxnet, fanned the flames of these suspicions. Stuxnet was discovered in 2010, and had been connected to devastating setbacks at Iranian nuclear enrichment facilities. In May 2012, when Kaspersky first

made the announcement of the Flame discovery, he speculated that it belonged to the same family of malicious software as Stuxnet, and just about everyone who examined the case believed either the United States or Israel (or both acting together) were involved in its production. Only

Middle East, with most of them in Iran, and that later Kaspersky Lab claimed to have found an authorship link between a 2009 version of Stuxnet and Flame, a claim independently backed up by the security firm Symantec, and then by a supposed U.S. intelligence insider, who leaked the

story to the Washington Post. As Roel Schouwenberg of Kaspersky Lab theorized: “I think this new discovery shows that the Stuxnet team used Flame code to effectively kick-start their project. I definitely think they are two separate teams, but we do believe they are two

As former NSA Director Michael Hayden remarked, “Somebody crossed the Rubicon.” The age of cyber warfare is finally upon us. 11. Stuxnet and the Argument for Clean War News of Stuxnet first emerged in June 2010 when it was identified by a small Belarus security company, VirusBlokAda. Later, the German researcher Ralph

the specific type of Siemens-produced equipment used at the Iranian Natanz nuclear facility. Speculation quickly grew that the Israelis and/or Americans were behind Stuxnet. Who else could disrupt Iranian nuclear enrichment plants with such stealth and precision? Either the Americans or Israelis, or both acting together, most assumed, and

of the tongue at the retirement party for Lieutenant General Gabi Ashkenazi, the former head of the Israel Defense Forces, when celebrants appeared to claim Stuxnet as one of his major successes? (There was even an hilarious Israeli commercial done for a cable TV company showing what appears to be three

itself and the precedent it sets. A June 2012 New York Times article by David E. Sanger describes the planning and operational process behind the Stuxnet virus -how it began under President Bush as “Operation Olympic Games” (OOG), and was passed on to the Obama administration. Upon leaving office, Bush pressed

, the Israelis started to experiment on an industrial sabotage protocol based on a mockup they had designed of Iran’s enrichment program. The code behind Stuxnet was far larger than a typical worm, considerably more detailed, and it contained some brilliantly crafted and highly suggestive elements, including clues as to Israel

Elghanian, became the first Jew executed by the new Islamic government. Berlin-based security expert Felix Lindner then found that all manually written functions in Stuxnet’s payload bore the time stamp “September 24, 2007,” the day President Mahmoud Ahmadinejad first publicly questioned whether the Holocaust took place, during a speech

Source, published an article alleging that “former and serving U.S. intelligence officials” had said that an Iranian double agent working for Israel had inserted Stuxnet into the Iranian control systems using a corrupt memory stick. The article’s author, former United Press International journalist Richard Sale, stated that the double

, the Mujahedeen-e Khalq (MEK), a shadowy organization with Israeli government connections that is believed to be behind the assassinations of key Iranian nuclear scientists. Stuxnet was specifically designed to infect only certain types of supervisory control and data acquisition (SCADA) systems used for real-time data collection, and to control

plants, nuclear enrichment systems, and so on. The programs used to control the physical components of SCADA systems are called programmable logic controllers (PLCS), and Stuxnet was developed in such a way as to target only two types of PLC models controlled by the Siemens Step 7 software –S7–315 and

S7–417 – both of which are used in the Iranian nuclear centrifuges. Stuxnet was designed to disable the centrifuges by inducing rapid fluctuations in the rotation speed of their motors. Unchecked, this would eventually cause them to blow

apart, and one of the most remarkable aspects of the virus was a piece of deception created to confuse Iranian personnel monitoring the plants. Stuxnet secretly recorded what normal operations at the plant looked like, and then played these readings back to the plant operators (like a pre-recorded security

even the U.S., a leak that occurred through an error in the code of a new variant of Stuxnet sent into the Natanz nuclear enrichment facility. This error allowed the Stuxnet worm to spread into an engineer’s computer when it was hooked up to the centrifuges, and when he

left the facility and connected his computer to the Internet the worm did not realize that its environment had changed. Stuxnet began spreading and replicating itself around the world. The Americans blamed the Israelis, who admitted nothing, but whoever was at fault, the toothpaste was out

of the tube. The real significance of Stuxnet lies not in its complexity, or in the political intrigue involved (including the calculated leaks), but in the threshold that it crossed: major governments taking

at the conclusion that it needs, out of its sense of national interest or national security, to deliver an effect against an adversary … arguably this [Stuxnet] is quite a civilized option.” The appeal of this argument is intuitive. If we can undertake acts of sabotage without killing or physically harming people

concentrated dispersal of radioactive material. (Soviet General Secretary Leonid Brezhnev memorably described it as a “capitalist bomb” because it would destroy people, but not property.) Stuxnet-type weapons, on the other hand, are more like something inspired by Unabomber Ted Kaczynski: they would target industrial-technological systems, but leave people alone

or a computer game. “Virtuous war is anything but less destructive, deadly or bloody for those on the receiving end of the big technological stick.” Stuxnet-style attacks may seem like a higher order of sanitized conflict, but the Iranians undoubtedly do not feel that way. The question is, how will

they react to Stuxnet? They may continue to develop and refine their own cyber warriors who will attack back with their own black code. In response to

Stuxnet, Brigadier General Gholamreza Jalali, the head of Iran’s Passive Defense Organization, said that the Iranian military was prepared “to fight our enemies [in] cyberspace

Kemp argues, “Each new cyberattack becomes a template for other nations – or sub-national actors – looking for ideas. Stuxnet revealed numerous clever solutions that are now part of a standard playbook. A Stuxnet-like attack can now be replicated by merely competent programmers, instead of requiring innovative hacker elites. It is as

the weak.” And the Iranians’ response may not come via cyberspace at all, but rather in a way that is as spectacular and grotesque as Stuxnet was stealthy and clean. We can now only wait and see. Apart from unintended blowback, another dynamic bears closer scrutiny: the politically calculated revelations about

Stuxnet being a U.S. and Israeli operation will most certainly fan arguments for the legitimacy – indeed, the urgency – of governments developing their own cyber warfare

capabilities, or risk being left behind. Stuxnet did not start the cyber arms race, but it marks a major milestone and raises the bar considerably. And this is only the beginning. In

. A 2011 study undertaken by James A. Lewis and Katrina Timlin of the Center for Strategic and International Studies – notably, done prior to the 2012 Stuxnet revelations – found that thirty-three states included cyber warfare in their military planning and organization, with twelve already having plans to establish cyber commands in

forces. Some, like India, boast about developing offensive cyber attack capabilities, while others are no doubt just being more discreet. • • • A few weeks after the Stuxnet revelations hit the news, there was a brief event that passed quickly through the news cycle but deserved more attention. Twitter went dark for a

planes, in the U.S. Navy’s P-8A Poseidon plane. A July 2012 article in Ars Technica noted that “more than 500 days after Stuxnet the Siemens S7 has not been fixed.” That same month, Wired reported on a Canadian company, RuggedCom, that makes equipment and software for critical industrial

script he has engineered to log in to those industrial control systems. This is a far cry from the elaborate operational planning that went into Stuxnet: all that is involved is one person, one search, and one script, and the result is total access! Clarke quietly notified RuggedCom, which did

was a news update related to Flame. Researchers at Symantec noticed that the virus, which Kaspersky’s team had now linked to the authors of Stuxnet, had begun silently removing itself from infected computers. They discovered the “suicide” commands by monitoring their own honeypot computer infected with the Flame virus, which

on U.S. and Israeli computer network operations that sabotaged Iranian nuclear enrichment facilities took few by surprise, as many suspected their hands in the Stuxnet virus in the first place. What was surprising was the calculated admission itself, the first instance of a government acknowledging – or at least not denying

responsibility – an attack on critical infrastructure through cyberspace. Indeed, Stuxnet did cross the Rubicon. Other countries are seeking advantage from the cyber criminal underground, stirring a hornet’s nest of data theft and espionage from

​ikist​an-pro​pose-u​n-cod​e-of-con​duct-fo​r-th​e-net. 6 connections between Flame and another devastating cyber weapon, Stuxnet: The Kaspersky Flame FAQ is available at: “The Flame: Questions and Answers,” Secure List, May 28, 2012, http​://www​.secur​elist​.com/en​/blog​/

20​8193​522. The connection between Flame and Stuxnet is discussed in Jim Finkle and Joseph Menn, “Some Flame Code Found in Stuxnet Virus: Experts,” Reuters, June 12, 2012, htt​p://www.r​euter​s.com​/art​icle​/201​2/0

eff​orts-offi​cials-sa​y​/201​2/​06​/​19​/ gJQA​6xB​PoV_s​tor​y.html; and Kenneth Rapoza, “Kaspersky Lab: Same Countries Behind Stuxnet and Flame Malware,” Forbes, June 11, 2012, http​://ww​w.for​bes.co​m/si​tes/ke​nrap​oza/2​012​/06​/1​1​/kas

June 1, 2012, the New York Times reported that anonymous current and former government officials of the U.S., Europe, and Israel had confirmed that Stuxnet was indeed the work of American and Israeli experts, under orders of President Obama, who wanted to slow Iran’s progress towards building an atomic

​_respon​se/whi​tepapers​/​w32​_​stuxn​et​_​doss​ier.pdf. 5 an obscure date in the worm’s code: The clues of Israeli involvement in Stuxnet’s code have been reported by Michael Joseph Gross in “A Declaration of Cyberwar,” Vanity Fair, April 2011, http​://www.v​anityfair.​com/cultur​

e/feature​s/2011/​04/st​uxnet-2​01104, 4; Paul Roberts, “Stuxnet Analysis Supports Iran-Israel Connections,” Threat Post, September 30, 2010, http​://thr​eatpo​st.com/e​n_​us/​blog​s​/stux​net-anal​ysis-sup

/​middl​eeast​/19​stu​xnet.html. 6 an Iranian double agent working for Israel: Richard Sale reported on how Iranian control systems were infected by Stuxnet in, “Stuxnet Loaded by Iran Double Agents,” Industrial Safety and Security Source, April 11, 2012, http://ww​w.iss​source.co​m/stu​xnet-loa​ded

-by-i​ran-dou​ble-agen​ts. See also Dorothy E. Denning, “Stuxnet: What Has Changed,” Future Internet 4, no.3 (2012): 672–687. 7 high-tech means of fighting clean wars: James Der Derian writes about “

Army of None: Autonomous Weapons and the Future of War

by Paul Scharre  · 23 Apr 2018  · 590pp  · 152,595 words

, some have crossed into physical space. In 2010, a worm came to light that crossed a cyber-Rubicon, turning 1s and 0s into physical destruction. STUXNET: THE CYBERSHOT HEARD ROUND THE WORLD In the summer of 2010, word began to spread through the computer security world of something new, a worm

years to design. It was a form of malware that security professionals have long speculated was possible but had never seen before: a digital weapon. Stuxnet, as the worm came to be called, could do more than spy, steal things, and delete data

. Stuxnet could break things, not just in cyberspace but in the physical world as well. Stuxnet was a serious piece of malware. Zero-day exploits take advantage of vulnerabilities that software developers are unaware of. (Defenders

are a prized commodity in the world of computer security, worth as much as $100,000 on the black market. Stuxnet had four. Spreading via removable USB drives, the first thing Stuxnet did when it spread to a new a system was to give itself “root” access in the computer, essentially unlimited

access. Then it hid, using a real—not fake—security certificate from a reputable company to mask itself from antivirus software. Then Stuxnet began searching. It spread to every machine on the network, looking for a very particular type of software, Siemens Step 7, which is used to

in industrial applications. PLCs control power plants, water valves, traffic lights, and factories. They also control centrifuges in nuclear enrichment facilities. Stuxnet wasn’t just looking for any PLC. Stuxnet operated like a homing munition, searching for a very specific type of PLC, one configured for frequency-converter drives, which are used

to control centrifuge speeds. If it didn’t find its target, Stuxnet went dead and did nothing. If it did find it, then

Stuxnet sprang into action, deploying two encrypted “warheads,” as computer security specialists described them. One of them hijacked the PLC

side of the PLC, like a fake surveillance video in a bank heist. While secretly sabotaging the industrial facility, Stuxnet told anyone watching: “everything is fine.” Computer security specialists widely agree that Stuxnet’s target was an industrial control facility in Iran, likely the Natanz nuclear enrichment facility. Nearly 60 percent of

Stuxnet infections were in Iran and the original infections were in companies that have been tied to Iran’s nuclear enrichment

program. Stuxnet infections appear to be correlated with a sharp decline in the number of centrifuges operating at Natanz. Security specialists have further speculated that the United

States, Israel, or possibly both, were behind Stuxnet, although definitive attribution can be difficult in cyberspace. Stuxnet had a tremendous amount of autonomy. It was designed to operate on “air-gapped” networks, which aren’t connected to the

internet for security reasons. In order to reach inside these protected networks, Stuxnet spread via removable USB flash drives. This also meant that

once Stuxnet arrived at its target, it was on its own. Computer security company Symantec described how this likely influenced

Stuxnet’s design: While attackers could control Stuxnet with a command and control server, as mentioned previously the key computer was unlikely to have outbound Internet access. Thus, all the functionality required to

sabotage a system was embedded directly in the Stuxnet executable. Unlike other malware, it wasn’t enough for Stuxnet to give its designers

access. Stuxnet had to perform the mission autonomously. Like other malware, Stuxnet also had the ability to replicate and propagate, infecting other computers

. Stuxnet spread far beyond its original target, infecting over 100,000 computers. Symantec referred to these additional computers

as “collateral damage,” an unintentional side effect of Stuxnet’s “promiscuous” spreading that allowed it to infiltrate air-gapped networks. To compensate for these

collateral infections, however, Stuxnet had a number of safety features. First, if Stuxnet found itself on a computer that did not have the specific type of PLC it was looking for, it did nothing. Second, each copy of

Stuxnet could spread via USB to only three other machines, limiting the extent of its proliferation. Finally, Stuxnet had a self-termination date. On June 24, 2012, it was designed to erase all copies of

Western government.) By using software to actively sabotage an industrial control system, something cybersecurity specialists thought was possible before Stuxnet but had not yet happened, Stuxnet was the first cyberweapon. More will inevitably follow. Stuxnet is an “open-source weapon” whose code is laid bare online for other researchers to tinker with, modify

, and repurpose for other attacks. The specific vulnerabilities Stuxnet exploited will have been fixed, but its design is already being used as a blueprint for cyberweapons to come. AUTONOMY IN CYBERSPACE Autonomy is essential

to offensive cyberweapons, such as Stuxnet, that are intended to operate on closed networks separated from the internet. Once it arrives at its target, Stuxnet carries out the attack on its own. In that sense, Stuxnet is analogous to a homing munition. A human chooses the target

and Stuxnet conducts the attack. Autonomy is also essential for cyberdefense. The sheer volume of attacks

computer virus. The ship Galactica survives only because it has an older computer system that is not networked to the rest of the fleet. As Stuxnet demonstrated, however, in the real world operating off-network complicates cyberattacks but is no guarantee of immunity. The second key intersection between cyberspace and autonomy

and target vulnerable users. As in other areas, greater intelligence will allow offensive cyberweapons to operate with greater autonomy. Stuxnet autonomously carried out its attack, but its autonomy was highly constrained. Stuxnet had a number of safeguards in place to limit its spread and effects on computers that weren’t its target

adapt in response to environmental conditions. They evolve. Malware, at least today, is static. Once malware is deployed, it can spread, it can hide (as Stuxnet did), but it cannot modify itself. Malware can be designed to look for updates and spread these updates among copies of itself via peer-to

-peer sharing (Stuxnet did this as well), but new software updates originate with humans. In 2008, a worm called Conficker spread through the internet, infecting millions of computers

.senate.gov/imo/media/doc/Alexander_11-03-15.pdf. 213 team of professional hackers months if not years: David Kushner, “The Real Story of Stuxnet,” IEEE Spectrum: Technology, Engineering, and Science News, February 26, 2013, http://spectrum.ieee.org/telecom/security/the-real-story-of

-stuxnet. 213 “zero days”: Kim Zetter, “Hacker Lexicon: What Is a Zero Day?,” WIRED, November 11, 2014, https://www.wired.com/2014/11/what-is-a-zero-day/. 213 Stuxnet had four: Michael Joseph Gross, “A Declaration of Cyber War.” Vanity

Fair, March 2011, https://www.vanityfair.com/news/2011/03/stuxnet-201104. 214 programmable logic controllers: Gross, “A Declaration of Cyber War.” Nicolas Falliere, Liam

O Murchu, and Eric Chien, “W32.Stuxnet Dossier,” Symantec Security Response, February 2011, https://www.symantec.com/content/en/us/enterprise/media

/security_response/whitepapers/w32_stuxnet_dossier.pdf. 214 two encrypted “warheads”: Gross, “A Declaration of Cyber War.” 214 Computer security specialists

widely agree: Falliere et al., “W32.Stuxnet Dossier,” 2, 7. 214 Natanz nuclear enrichment facility: Gross, “A Declaration of Cyber War

.” Ralph Langner, “Stuxnet Deep Dive,” S4x12, https://vimeopro.com/s42012/s4-2012/video/35806770. Kushner, imeopro.com/s42012

/Stuxnet.t 214 Nearly 60 percent of Stuxnet infections: Falliere et al., “W32.Stuxnet Dossier,” 5–7. Kim Zetter, “An Unprecedented Look at Stuxnet, the World’s First Digital Weapon,” WIRED, November 3, 2014, https://www.wired.com/2014/11

/countdown-to-zero-day-stuxnet/. 214 sharp decline in the number of centrifuges: John Markoff and David E. Sanger, “In a Computer Worm, a Possible Biblical Clue,” New York Times,

/30/world/middleeast/30worm.html. 214 Security specialists have further speculated: Ibid. Gross, “A Declaration of Cyber War.” 215 “While attackers could control Stuxnet”: Falliere et al., “W32.Stuxnet Dossier,” 3. 215 “collateral damage”: Ibid, 7. 215 spread via USB to only three other machines: Ibid, 10. 215 self-terminate date: Ibid

, 18. 215 Some experts saw these features as further evidence: Gross, “A Declaration of Cyber War.” 215 “open-source weapon”: Patrick Clair, “Stuxnet: Anatomy of a Computer Virus,” video, 2011, https://vimeo.com/25118844. 215 blueprint for cyber-weapons to come: Josh Homan, Sean McBride, and Rob Caldwell

, 222–27 autonomy in, 215–16 Cyber Grand Challenge, 217–22 DoD policy on cyberweapons, 227–28 malware, 211–13 speed in cyberwarfare, 229–30 Stuxnet worm, 213–16 Danks, David, 310, 316 Danzig, Richard, 247 DARPA (Defense Advanced Research Projects Agency), 76–88 ACTUV, 78–79 CODE program, 72–76

(IoT), 219–20 Internet Worm (1988), 212, 225 Introduction to Artificial Intelligence, 245 introspective systems, 226 Iran cyberattacks by, 213 RQ-170 drone incident, 209 Stuxnet attack on nuclear facilities, 214 swarming of U.S. ships, 22, 107 U.S. military and, 207 Iran Air Flight 655, 169–70, 262 Iran

(SAC), 307 strategic corporal problem, 309 Strategic Defense Initiative, 1, 309–10 strategic stability, 297–302 Strategic Stability (Colby), 299 Strategy of Conflict (Schelling), 341 Stuxnet worm, 213–16, 223, 224 Submarine Safety (SUBSAFE) program, 161–62 submarine warfare, 101 suffering, unnecessary, 257–58 Sullivan, Paul, 162 Sun Tzu, 229 Superintelligence

Our Final Invention: Artificial Intelligence and the End of the Human Era

by James Barrat  · 30 Sep 2013  · 294pp  · 81,292 words

power plants, oil and gas pipelines, water treatment facilities, and factory assembly lines. SCADA has become almost a household acronym because of the phenomenon called Stuxnet. Stuxnet, and its cousins Duqu and Flame, have convinced even the most hardened skeptics that the energy grid can be attacked

. Stuxnet is to malware what the atomic bomb is to bullets. It’s the computer virus IT people refer to in hushed tones as a “digital

virus isn’t just smarter than any other, it has completely different goals. While other malware campaigns stole credit card numbers and jet fighter plans, Stuxnet was created to destroy machinery. Specifically, it was built to kill industrial machines connected to a Siemens S7-300 logic controller, a component of a

, as well as three other locations in the country. In Iran, one or more spies carried flash drives infected with three versions of Stuxnet into secure plants. Stuxnet can travel across the Internet (though at a half megabyte of code it’s much larger than most malware) but in this case it

into one node. At the Natanz plant PCs were running software that permits users to visualize, monitor, and control plant operations from their computers. Once Stuxnet got access to one computer, phase one of its invasion began. It used four zero day vulnerabilities in the Microsoft Windows operating system to take

open market. Using four at the same time was extravagant, but it greatly enhanced the virus’s chances of success. That’s because in between Stuxnet’s deployment and when the attacks took place, one or more of the exploits could have been discovered and patched. For phase two of the

invasion, two digital signatures stolen from legitimate companies came into play. These signatures told the computers that Stuxnet was approved by Microsoft to probe and alter the system software at its root level. Now Stuxnet unpacked and installed the program it carried inside it, the malware payload that targeted S7-300 controllers

running gas centrifuges. The PCs running the plant and their operators didn’t sense anything wrong as Stuxnet reprogrammed the SCADA controllers to periodically speed up

and slow down the centrifuges. Stuxnet hid the instructions from monitoring software, so the visual representation of the plant operations showing on the PCs

, one after another, the Iranians blamed the machines. The invasion went on for ten months. When a newer version of Stuxnet encountered an older version, it updated it. At Natanz, Stuxnet crippled between 1,000 and 2,000 centrifuges, and allegedly set back Iran’s nuclear weapons development program two years. The

of experts and self-congratulatory remarks made by intelligence officials in the United States and Israel left little doubt that the two countries jointly created Stuxnet, and that Iran’s nuclear development program was its target. Then, in the spring of 2012, a White House source leaked to The New York

Times that Stuxnet and related malware named Duqu and Flame were indeed part of a joint U.S.-Israel cyberwar campaign against Iran called Olympic Games. Its builders

, and avoid or forestall a conventional attack by Israel against Iran’s nuclear capabilities. Until their creation was pinned on the Bush and Obama administrations, Stuxnet and its kin might have seemed to be a resounding success for military intelligence. They are not. Olympic Games is a blunder of catastrophic proportions

world, but never attacked another SCADA unit because it never again found its target—the Siemens S7-300 logic controller. A clever programmer could acquire Stuxnet, disable its suicide code, and customize it for use against virtually any industrial process. I have no doubt that operation is underway right now in

the laboratories of both friends and enemies of the United States, and that Stuxnet-grade malware will soon be available for purchase on the Internet. It’s become clear that Duqu and Flame are reconnaissance viruses—instead of destructive

payloads, the worms collect information and send it home to NSA headquarters at Fort Meade, Maryland. Both may have been released before Stuxnet, and used to help Olympic Games get the layout of sensitive facilities in Iran and throughout the Middle East. Duqu can record user keystrokes and

away to remotely control the invaded computer. Flame can record and send home data from a computer’s camera, microphone, and e-mail accounts. Like Stuxnet, Duqu and Flame can also be captured in the wild, and turned against their makers. Was Olympic Games necessary? It was at best a temporary

CBS’ 60 Minutes, Sean McGurk, the former head of cyberdefense at DHS, was asked if he would have built Stuxnet. Here’s the exchange between McGurk and correspondent Steve Kroft: MCGURK: [Stuxnet’s creators] opened up the box. They demonstrated the capability. They showed the ability and the desire to do so

against you? MCGURK: Yes. The segment ends with German industrial control systems expert Ralph Langner. Langner “discovered” Stuxnet by taking it apart in his lab and testing its payload. He tells 60 Minutes that Stuxnet dramatically lowered the dollar cost of a terrorist attack on the U.S. electrical grid to about

America, in “important facilities like power, water, and chemical facilities that process poisonous gases.” “What’s really worrying are the concepts that Stuxnet gives hackers,” said Langner. “Before, a Stuxnet-type attack could have been created by maybe five people. Now it’s more like five hundred who could do this. The

required to make this kind of thing, has dropped considerably simply because you can copy so much from Stuxnet.” According to The New York Times, Stuxnet escaped because, after early successes destroying Iran’s centrifuges, Stuxnet’s makers grew lax. … the good luck did not last. In the summer of 2010, shortly after

important. My fear is that while the White House should be hardening systems made more vulnerable by Stuxnet, nothing productive is happening. Tellingly, the Times reporter implies that the virus is intelligent. He blames Stuxnet for a cognitive mistake: it “failed to recognize” that it wasn’t in Natanz anymore. Later in

for the programming mistake. Certainly there’s plenty of blame to go around. But the reckless misuse of intelligent technology is both breathtaking and predictable. Stuxnet is the first in a series of “accidents” that we’ll be helpless against without strenuous preparation. If technologists and defense experts operating in the

suggested that our wounds would be self-inflicted, although they will be in two ways. First, as we’ve discussed, the United States cocreated the Stuxnet family, which could become the AK-47s of a never-ending cyberwar: cheap, reliable, and mass-produced. Second, I believe that damage from AI-grade

last version we’ll see because we won’t live to create 2.0. Like natural selection, we choose solutions that work first, not best. Stuxnet is an example of that. So are autonomous killing drones. With DARPA funds, scientists at Georgia Tech Research Institute have developed software that allows unmanned

I know they are. Policy makers spending public dollars will not feel they require our informed consent any more than they did before recklessly deploying Stuxnet. As I worked on this book I made the request of scientists that they communicate in layman’s terms. The most accomplished already did, and

10, 2012). it was built to kill industrial machines: Bres, Eric, “The Stuxnet Mystery Continues,” Tofino (blog), October 10, 2010, http://www.tofinosecurity.com/blog/stuxnet-mystery-continues (accessed June 14, 2012). holes that permit unauthorized access: IT Networks, “Stuxnet Things You Don’t Know,” last modified March 25, 2011, http://www.it

-networks.org/2011/03/25/stuxnet-things-you-dont-know/ (accessed December 14, 2011). their operators didn’t sense anything wrong: Poeter, Damon, “Former NSA Head

: Hitting Iran with Stuxnet Was a ‘Good Idea,’” PCMAG.COM, March 12, 2012, http://www.pcmag.com

/article2/0,2817,2401111,00.asp (accessed April 22, 2012). two countries jointly created Stuxnet: Ibid. a joint U.S.-Israel cyberwar campaign against Iran: Sanger, David, “Obama Order Sped Up Wave of Cyberattacks Against Iran,” New York Times, June

14, 2012). Duqu and Flame are reconnaissance viruses: “W32.Duqu: The Precursor to the Next Stuxnet,” Symantec Connect (blog), October 24, 2011, http://www.symantec.com/connect/w32_duqu_precursor_next_stuxnet (accessed January 14, 2012). [Stuxnet’s creators] opened up the box: Sean McGurk, former head of cybersecurity DHS, interview by Steve

Kroft, “Stuxnet: Computer worm opens new era of warfare,” CBS News, March 4, 2012, http://www.cbsnews

.com/8301-18560_162-57390124/stuxnet-computer-worm-opens-new-era-of-warfare/ (accessed June 3

, 2012). Before, a Stuxnet-type attack: Clayton, Mark, “From the man who

discovered Stuxnet, dire warnings one year later,” MinnPost, September 23, 2011, http://www.minnpost.com/christian

-science-monitor/2011/09/man-who-discovered-stuxnet-dire-warnings-one-year-later (accessed January 14, 2012). the good luck did not last: Sanger (2012). Al Qaeda’s attacks of 9/11: Carter,

Child scenario and, see Busy Child scenario defenses against lack of dialogue about malicious AI Precautionary Principle and runaway AI Safe-AI Scaffolding Approach and Stuxnet and unintended consequences robots, robotics Asimov’s Three Laws of in dangerous and service jobs in sportswriting Rosenblatt, Frank Rowling, J. K. Rubin, Andrew “Runaround

malware see also programming solar energy space exploration “Speculations Concerning the First Ultraintelligent Machine” (Good) speech recognition SRI International stealth companies Sterrit, Roy Stibel, Jeff Stuxnet subprime mortgage crisis Symantec SyNAPSE Technological Risk (Lewis) technology journalism Terminator movies terrorism 9/11 attacks Thiel, Peter Thinking Machines, Inc. Three Mile Island tightly

Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin's Most Dangerous Hackers

by Andy Greenberg  · 5 Nov 2019  · 363pp  · 105,039 words

to Donbas 8. Blackout 9. The Delegation PART II ORIGINS 10. Flashback: Aurora 11. Flashback: Moonlight Maze 12. Flashback: Estonia 13. Flashback: Georgia 14. Flashback: Stuxnet PART III EVOLUTION 15. Warnings 16. Fancy Bear 17. FSociety 18. Poligon 19. Industroyer/Crash Override PART IV APOTHEOSIS 20. Maersk 21. Shadow Brokers 22

the country off-line, that blitz hinted at the potential scale of geopolitically motivated hacking. Two years later, when the NSA’s malicious software called Stuxnet silently accelerated Iran’s nuclear enrichment centrifuges until they destroyed themselves, the operation demonstrated another preview of what was in store: It showed that tools

Keesler, he suddenly found that his niche interest was at the center of a buzzing new field of conflict: A mysterious piece of malware called Stuxnet had begun to appear in thousands of computers across the Middle East and South Asia. No one knew what exactly it was designed to do

with programmable logic controllers, something no one had ever seen before. (Like most of the rest of the world, Lee didn’t yet know that Stuxnet was, in fact, an American creation. It had been built by Lee’s future employers at the NSA along with Israeli intelligence and aimed directly

. “The path to making the world a better place was control systems. Someone was jeopardizing that, and it pissed me off.” As more information about Stuxnet trickled out to the public, Lee’s interest in industrial control system security was elevated to an obsession. He’d spend his time between classes

was no devoted group with that mission. The NSA had teams tasked with finding and fixing vulnerabilities in industrial control system equipment. It had, as Stuxnet would expose, its own offensive teams that invented infrastructure exploitation techniques. It didn’t, however, have a team assigned exclusively to hunting the enemy’s

quickly,” Lee says. For the next four years, he and a small team of around six analysts spent every working hour tracking the burgeoning, post-Stuxnet world of industrial control system hackers. “Every day was hypothesis-driven hunting. We’d ask ourselves, if I were the adversary, what would I do

the operations his team tracked during that period only as “targeting” industrial control systems. Lee won’t say how many—if any—ever followed in Stuxnet’s footsteps and crossed the line to disrupting or destroying physical equipment.) Even as his team built a global view of an internet roiling with

the power? We weren’t there yet,” says Hultquist. “But whatever cyberwar would become, there’s no doubt, this is where it began.” 14 FLASHBACK: STUXNET In January 2009, just days before Barack Obama would be inaugurated, he met with President George W. Bush to discuss a subject shrouded under the

was only just beginning to come to fruition: the deployment of a piece of code that would come to be known as Stuxnet, the most sophisticated cyberweapon in history. Stuxnet’s conception, more than two years earlier, had been the result of a desperate dilemma. When Iran’s hard-liner president Mahmoud

was poised to launch its own strike against the country. “I need a third option,” Bush had repeatedly told his advisers. That option would be Stuxnet. It was a tantalizing notion: a piece of code designed to kneecap Iran’s nuclear program as effectively as an act of physical sabotage, carried

could destroy a massive diesel generator with a few lines of code. Mike Assante, who masterminded the Aurora work, declined to answer any questions about Stuxnet.) Not long after the tests began, Bush’s intelligence advisers laid out for him on a table the metal detritus of a centrifuge destroyed by

look like medieval catapults by comparison. Olympic Games was still in its early stages when the Bush presidency came to a close in early 2009. Stuxnet had only just begun to demonstrate its potential to infiltrate and degrade Iran’s enrichment processes. So Bush held an urgent transition meeting with Obama

delicacy of their cyberwarfare mission, the likes of which had never before been attempted. Obama was listening. He wouldn’t simply choose to continue the Stuxnet operation. He would vastly expand it. * * * ■ Fortunately for the continued existence of the human race, enriching uranium to the purity necessary to power the world

enrichment facility such as the one hidden deep beneath Natanz requires a vast forest of thousands of those tall, fragile, and highly engineered whirling machines. Stuxnet was designed to be the perfect, invisible wrench thrown into those works. Sometime in 2008, Natanz’s engineers began to face a mysterious problem: At

exact heart of the mechanical process that had brought the Middle East to the brink of war, and they were disrupting it with uncanny precision. Stuxnet had allowed them to pull off that coup without even tipping off their targets that they were under attack. Everything was going according to plan

Symantec picked up the thread. They would pull on it for months to come, a detective story detailed in Kim Zetter’s definitive book on Stuxnet, Countdown to Zero Day. The malware’s size and complexity alone were remarkable: It consisted of five hundred kilobytes of code, twenty to fifty times

masterful hacker tricks. No one in the security community could remember seeing a piece of malware that used four zero days in a single attack. Stuxnet, as Microsoft eventually dubbed the malware based on file names in its code, was easily the most sophisticated cyberattack ever seen in the wild. By

. That application was one form of the software that allows industrial control system operators to monitor and send commands to equipment. Somehow, the analysts determined, Stuxnet’s goal seemed to be linked to physical machines—and probably in Iran. It was only in September 2010 that the German researcher Ralph Langner

dove into the minutiae of that Siemens-targeted code and came to the conclusion that Stuxnet’s goal was to destroy a very specific piece of equipment: nuclear enrichment centrifuges. With that final discovery, the researchers could put together all of

the links in Stuxnet’s intricate kill chain. First, the malware had been designed to jump across air gaps: Iran’s engineers had been careful enough to cut off

, or the USB malware might have been more purposefully planted by a human spy working in Natanz.) Once it had penetrated that air-gapped network, Stuxnet would unfold like a ship in a bottle, requiring no interaction with its creators. It would silently spread via its panoply of zero-day techniques

, hunting for a computer running Siemens STEP 7 software. When it found one, it would lie in wait, then unleash its payload. Stuxnet would inject its commands into so-called programmable logic controllers, or PLCs—the small computers that attach to equipment and serve as the interfaces between

operators while it committed its violence so that to an operator observing the Siemens display, nothing would appear amiss until it was far too late. Stuxnet’s only flaw was that it was too effective. Among computer security researchers, it’s practically a maxim that worms spread beyond their creators’ control

. This one was no exception. Stuxnet had propagated far beyond its Natanz target to infect computers in more than a hundred countries across the world. Other than in the centrifuge caverns

. But they had blown the ultrasecret malware’s cover, along with an operation that had been millions of dollars and years in the making. Once Stuxnet’s purpose became clear, the United States and Israel quickly became the prime suspects for its creation. (It would be two more years, however, before

a front-page story in The New York Times confirmed the two countries’ involvement.) When Stuxnet’s existence went public, the Obama administration held a series of tense meetings to decide how to proceed. Should they pull the plug on the

only a matter of time, they figured, before Iran’s engineers would learn the true source of their problems and patch their software vulnerabilities, shutting Stuxnet out for good. Instead, the Americans and Israelis behind the worm decided they had nothing to lose. So in a go-for-broke initiative, they

released another, final series of Stuxnet versions that were designed to be even more aggressive than the original. Before Iran’s engineers had repaired their vulnerabilities, the malware destroyed nearly a

thousand more of their centrifuges, offering one last master class in cybersabotage. * * * ■ Stuxnet would change the way the world saw state-sponsored hacking forever. Inside Natanz’s haywire centrifuges, the leading edge of cyberwarfare had taken a giant

weighing whether Bush’s and Obama’s executive decisions to carry out that cyberattack were worth their cost. According to some U.S. intelligence analysts, Stuxnet set back the Iranian nuclear program by a year or even two, giving the Obama administration crucial time to bring Iran to the bargaining table

people something new about their government and its cybersecurity priorities. After all, the hackers who had dug up the four zero-day vulnerabilities used in Stuxnet hadn’t reported them to Microsoft so that they could be patched for other users. Instead, they had exploited them in secret and left Windows

years later, in fact, that collection of zero days would backfire in an absurd, self-destructive fiasco.) But in a broader and more abstract sense, Stuxnet also allowed the world to better imagine malware’s potential to wreak havoc. In darkened rooms all over the globe, state-sponsored hackers took notice

destroying a cascade of Iranian centrifuges is an unalloyed good—you can’t help but describe it as an attack on critical infrastructure,” Hayden concluded. Stuxnet was no “cyber 9/11” or “electronic Pearl Harbor.” It was a highly targeted operation whose damage was precisely limited to its pinpoint victim even

box.” PART III EVOLUTION The power to destroy a thing is the absolute control over it. 15 WARNINGS In late 2015, half a decade after Stuxnet opened a Pandora’s box of digital threats to the physical world, the first monster had finally emerged from it. That monster was Sandworm. The

clear that Russia’s hackers were indeed waging cyberwar—perhaps the first true, wide-scale cyberwar in history. They had crossed the same line as Stuxnet’s creators, from digital hacking to tangible sabotage. And they had also crossed a line from military to civilian, combining the unrestricted hybrid-warfare tactics

found himself marveling aloud at the brazenness of the attackers. “We’ve clearly crossed the Rubicon,” he remembers saying, echoing Michael Hayden’s comments on Stuxnet three years earlier. “This is something new.” Daniel had prided himself on the Obama administration’s work to set clear boundaries on state-sponsored hacker

—and by showing that it’s capable of penetrating the American grid—Moscow had sent a message warning the United States not to try a Stuxnet-style attack on Russia or its allies, such as the Syrian dictator, Bashar al-Assad, whose revolutionary opponents the United States was supporting in the

a single, concrete piece of programming. “This was the first piece of malware to cause disruption to civilian infrastructure,” he marveled, pointing out that even Stuxnet limited itself to a military target. “It was a huge deal.” Lee asked for the complete code, but ESET refused. Unfortunately for ESET, they had

sensitive files. Specifically, they wrote that they’d hacked “Equation Group,” using the name the Russian security firm Kaspersky had given to the creators of Stuxnet. The Shadow Brokers, whoever they were, were claiming not simply to have hacked the NSA but to have hacked the NSA’s top hackers, the

free “proof” files as samples, along with another encrypted file that supposedly contained a collection of secret hacking tools that they bragged were “better than Stuxnet.” The Shadow Brokers demanded that anyone who wanted to see the contents of that file send bitcoin bids to a certain address. None of those

the better part of a decade, as the world’s state-sponsored hackers slowly progressed toward cyberwar, the apex of that arms race had been Stuxnet. That specimen of rarefied malware had proved the promise of digital dark arts to achieve the impossible in U.S. intelligence and military operations, as

again, posting the thirty-two-character password to the original encrypted file they’d first released, the one they’d originally claimed was “better than Stuxnet.” When hackers around the world decrypted that file, they found a vast collection of hacking tools, all targeting operating systems like Linux, Unix, and Solaris

rather than Windows. Many were more than a decade old. The secret programs were not, it seemed, better than Stuxnet. But they meant that the NSA’s nightmare continued, with no clear end in sight. Along with that release, the Shadow Brokers this time posted

the conclusion that WannaCry must have been released prematurely: Perhaps its creators had been testing their worm, and then, as worms tend to do—as Stuxnet had done seven years earlier—it spread beyond its creators’ control, before it was truly ready. Finally, in another critical act of carelessness, WannaCry’s

’s when the GRU said ‘aha,’ ” Galeotti said. “Something as simple as knocking down and defacing websites can make a difference in war.” (In 2010, Stuxnet would demonstrate a vastly more powerful model of cyberwarfare, but one that seemed to remain beyond the GRU’s technological capabilities for years to come

.com. Only seven in a hundred: Eneken Tikk, Kadri Kaska, and Liis Vihul, “International Cyber Incidents: Legal Considerations,” 2010, 68, ccdcoe.org/. CHAPTER 14 FLASHBACK: STUXNET On most matters of national security: Sanger, Confront and Conceal, 201. But on this, he felt the need: David Sanger, “Obama Order Sped Up Wave

Dark Territory: The Secret History of Cyber War

by Fred Kaplan  · 1 Mar 2016  · 383pp  · 105,021 words

al Qaeda militants in Pakistan. The other involved a very tightly held, astonishingly bold cyber offensive campaign—code-named Operation Olympic Games, later known as Stuxnet—to delay and disable what seemed to be a nuclear weapons program in Iran. Coming so soon after Mike McConnell’s briefing on America’s

of all time. Microsoft issued an advisory to its customers, and, forming an anagram from the first few letters on the code, called the virus “Stuxnet”—a name that caught on. By August, Symantec had uncovered enough evidence to release a statement of its own, warning that

Stuxnet was designed not for mischievous hacking or even for espionage, but rather for sabotage. In September, a German security researcher named Ralph Langner inferred, from

public about a loose and possibly damaging computer virus—did have that effect. Shortly after Symantec’s statement, even before Langner’s educated guess about Stuxnet’s true aim, the Iranians drew the proper inference (so this was why their centrifuges were spinning out of control) and cut off all links

inner workings, that no one had thought through the implications of this new kind of weapon and new vision of war. During the planning for Stuxnet, there had been debates, within the Bush and Obama administrations, over the precedent that the attack might establish. For more than a decade, dozens of

to a cyber attack—and now America was launching the first cyber attack on another nation’s critical infrastructure. Almost no one outright opposed the Stuxnet program: if it could keep Iran from developing nuclear weapons, it was worth the risk; but several officials realized that it was a risk, that

York Stock Exchange, and NASDAQ, as well as dozens of South Korean banks, affecting at least 60,000, possibly as many as 160,000 computers. Stuxnet spurred the Iranians to create their own cyber war unit, which took off at still greater levels of funding a year and a half later

, the image of a burning American flag. Keith Alexander learned, from communications intercepts, that the Iranians had expressly developed and launched Shamoon as retaliation for Stuxnet and Flame. On his way to a conference with GCHQ, the NSA’s British counterpart, he read a talking points memo, written by an aide

. (He was removed from that post when Obama came to the White House, so he had no role in the actual operation.) Two years after Stuxnet came crashing to a halt, when details about it were leaked to the mainstream press, Hayden—by now retired from the military—voiced in public

directive, PPD-20, titled “U.S. Cyber Operations Policy,” which he signed in October 2012, a few months after the first big press leaks about Stuxnet. Eighteen pages long, it was the most explicit, detailed directive of its kind. In one sense, its approach was more cautious than its predecessors. It

noted, for instance, in an implied (but unstated) reference to Stuxnet’s unraveling, that the effects of a cyber attack can spread to “locations other than the intended target, with potential unintended or collateral consequences that

the vice president and top White House aides. In other words, the subject was getting discussed, not only in these elite circles, but also—with Stuxnet out in the open—among the public. Gingerly, officials began to acknowledge, in broad general terms, the existence and concept of cyber offensive operations. General

of Staff and who, before then, had been head of U.S. Strategic Command, which had nominal control over cyber operations, told a reporter covering Stuxnet that the extreme secrecy surrounding the topic had hurt American interests. “You can’t have something that’s a secret be a deterrent,” he said

had always done in various realms of warfare. The whole business of calling out China for hacking was particularly awkward, given the recent revelations about Stuxnet, to say nothing of Obama’s recent (though still highly classified) signing of PPD-20, the presidential directive on cyber operations. Some of Obama’s

White House aides acknowledged a certain irony in the situation; it was one reason the administration refused to acknowledge having played a role in Stuxnet, long after the operation had been blown. In May, Donilon flew to Beijing to make arrangements for a summit between President Obama and his Chinese

taken place more recently still—made little dent on the public consciousness. Not until a few years after Clarke’s book—with the revelations about Stuxnet, the Mandiant report on China’s Unit 61398, and finally Edward Snowden’s massive leak of NSA documents—did cyber espionage and cyber war become

and David E. Sanger, “Nations Buying as Hackers Sell Flaws in Computer Code,” New York Times, July 13, 2013; Kim Zetter, Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon (New York: Crown, 2014). Specific stories come from interviews. During the first few months of

, Experts Say,” CNN, Sept. 27, 2007, http://www.cnn.com/2007/US/09/27/power.at.risk/index.html; Kim Zetter, Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon (New York: Crown, 2014), Ch. 9. Almost instantly, the generator shook: For the video, see

), xii, 190, 200–203. The operation had been set in motion: Ibid., 191–93. In their probes: Ibid., 196ff; Kim Zetter, Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon (New York: Crown, 2014), Ch. 1. This would be a huge operation: Ellen Nakashima and

Joby Warrick, “Stuxnet Was Work of U.S. and Israeli Experts, Officials Say,” Washington Post, June 2, 2012. uninterruptible power supplies: Zetter, Countdown to Zero Day, 200–201

multipurpose piece of malware: Ibid., 276–79. Much of Zetter’s information comes from the computer virus specialists at Symantec and Kaspersky Lab who discovered Stuxnet. A typical malicious code took up, on average, about 175 lines. (Interviews.) To get inside the controls: Ibid., 90, 279. It took eight months: Sanger

, “Obama told me he was going to call Bush and tell him about the covert success.” Gates doesn’t say that the classified program was Stuxnet, but it’s clear from the context—and from other sections of the book where he mentions a classified program related to Iran (190–91

. In March, the NSA shifted its approach: Zetter, Countdown to Zero Day, 303. The normal speed: David Albright, Paul Brannan, and Christina Walrond, “ISIS Reports: Stuxnet Malware and Natanz” (Washington, D.C.: Institute for Science and International Security), Feb. 15, 2011, http://isis-online.org/uploads/isis-reports/documents

/stuxnet_update_15Feb2011.pdf. They’d experienced technical problems: An unclassified version of a 2007 National Intelligence Estimate noted that Iran was experiencing “significant technical problems

” centrifuges (“Key Judgments from a National Intelligence Estimate on Iran’s Nuclear Activity,” reprinted in New York Times, Dec. 4, 2007); this was well before Stuxnet was activated. By the start of 2010: Zetter, Countdown to Zero Day, 1–3. Similar estimates are in Albright et al., “ISIS Reports

: Stuxnet Malware and Natanz.” President Obama—who’d been briefed: During briefings on Olympic Games, large foldout maps of the Natanz reactor were spread across the

details, see Nicholas Falliere, Liam O. Murchu, and Eric Chien, “Symantec Security Response: W32.Stuxnet Dossier,” https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_stuxnet_dossier.pdf; David Kushner, “The Real Story of Stuxnet,” IEEE Spectrum, Feb. 26, 2013, http://spectrum.ieee.org/telecom/security/the-real-story

-of-stuxnet; Eugene Kaspersky, “The Man Who Found Stuxnet—Sergey Ulasen in the Spotlight,” Nota Bene, Nov. 2, 2011

, http://eugene.kaspersky.com/2011/11/02/the-man-who-found-stuxnet-sergey-ulasen-in-the-spotlight/. Microsoft issued an advisory: “Microsoft Security Bulletin MS10—046—Critical: Vulnerability in Windows Shell Could Allow Remote Execution,” Aug. 2,

, 2010), https://technet.microsoft.com/en-us/library/security/ms10-046.aspx; Zetter, Countdown to Zero Day, 279. By August, Symantec had uncovered: Nicolas Falliere, “Stuxnet Introduces the First Known Rootkit for Industrial Control Systems,” Symantec Security Response Blog, Aug. 6, 2010, http://www.symantec.com/connect/blogs

/stuxnet-introduces-first-known-rootkit-scada-devices. In September, a German security researcher: Sanger, Confront and Conceal, 205–6; Joseph Gross, “A Declaration of Cyber-War.”

, 189, 204, 211, 214, 231, 244, 247, 252, 253, 256 Obama information-sharing bill opposed by, 281–82 PRISM and, 247 and Snowden leaks, 231 Stuxnet attack and, 204–5, 206 Turbulence and, 157–58 al Qaeda, 140, 142–43, 147, 151, 171, 192, 197, 240–41, 245 U.S. drone

troop surge ordered by, 158, 173 McConnell’s cyber warfare briefing of, 173–75, 187 NSPD-54 of, 178, 199 Obama’s Stuxnet briefing by, 203 Stellar Wind and, 155n Stuxnet and, 203, 205, 206, 208, 209, 212, 215 in 2000 election, 103, 139–40 Bush (G.W.) administration: cyber security as

secretary, 173, 184–89, 204, 209, 214 infrastructure security and, 280 Obama’s replacing of, 220 and plan for protection of civilian infrastructure, 186–89 Stuxnet and, 206 GEDA (Gain, Exploit, Defend, Attack) concept, 123 Gellman, Barton, 229 General Accounting Office, 47 General Services Administration, 97 Georgia, Republic of: cyber attack

, 273 Internet Security Systems, 80 Interview, The (film), 269 intrusion-detection systems (IDS), 80, 81, 101, 120, 176, 177, 278, 281 Iran: attack on, see Stuxnet cyber attack on Las Vegas Sands by, 265–68 cyber warfare and, 4, 213, 265–68 nuclear weapons program of, 198, 201, 203–4, 212

. troop surge in, 158, 173 WMD inspectors expelled by, 74 Islam, Sunni-Shiite split in, 147, 160 Israel, 216 Iranian nuclear program and, 203–4 Stuxnet and, 207 Syrian reactor bombed by, 160–61, 198 Unit 8200 of, 161, 205, 207, 213 J-39, 7, 70, 81, 110–12, 120 anti

Nagasaki, atomic bombing of, 215 Napolitano, Janet, 186–89 NASDAQ, North Korean cyber attack on, 213 Natanz, Iran, 203–4, 304n cyber attack on, see Stuxnet National Bureau of Standards, 34, 36 National Geospatial-Intelligence Agency, 152 National Infrastructure Protection Center, 166 National Institute of Standards and Technology, 34, 36 National

, Sam, 46–47, 51, 59, 199 critical infrastructure hearings of, 47–48 Obama, Barack, 186, 187, 197–98, 201, 249, 259, 304n–5n Bush’s Stuxnet briefing of, 203 Chinese cyber attacks and, 221–28, 235 and cyber attack on Sony, 270–71 cyber security as priority of, 200–201 drone

of, 274 intelligence review panel appointed by, see President’s Review Group on Intelligence and Communication Technologies PPD-20 of, 217–20, 228, 314n–15n Stuxnet and, 203, 208–9, 210, 212 terrorism as priority of, 197–98 Xi’s summits with, 228–29, 308n Obama administration: cyber warfare and, 3

paper” of, 238 Odom, William, 26, 28 Office of Technology Assessment, U.S., 43 Oklahoma City bombing, 39, 40, 89, 175 Olympic Games, Operation, see Stuxnet Orchard, Operation, 161 Pace, Peter, 211 Pacific Command, U.S., 67, 80 Pacific Gas & Electric, 52–53 Pakistan, U.S. drone strikes in, 201, 208

, 84, 128 as acting CIA director, 45 as CIA deputy director, 41 information warfare as focus of, 41 as NSA director, 126–27, 275–76 Stuxnet, 201, 213, 216, 217, 218–19, 228, 242, 304n–5n Alexander and, 204–5, 206 Bush and, 203, 205, 206, 208, 209, 212, 215 centrifuges

Access Operations), 135–37, 156, 158, 182, 195, 273n hacking software of, 136 Hayden and, 135 Minihan and, 134–35 Snowden leaks and, 229–30 Stuxnet and, 205–7 tools and techniques of, 298n Technical Advisory Group, 126 telecom companies: metadata collection and, 194, 247, 248, 253, 263 Snowden leaks and

@War: The Rise of the Military-Internet Complex

by Shane Harris  · 14 Sep 2014  · 340pp  · 96,149 words

-kind cyber weapon. It would come to be known by a single name, a combination of words contained in its thousands of lines of code—Stuxnet. But the operation, which began in earnest later that year, was designed for stealth, not total destruction. The Americans, working with Israel, wanted to slowly

degrade and frustrate Iran’s ability to build a bomb, all the while giving no hint that a cyber weapon was the cause. Stuxnet was designed to close valves that regulated the flow of gas inside the centrifuges. The more pressure was increased, the closer the centrifuge was brought

’t physically connected to the outside Internet, so a human spy or some other remote means of insertion would have to be employed to deliver Stuxnet inside the plant. This was to be a quiet and delicate operation. What McConnell was proposing now in Iraq was something very different. It would

involve the widespread use of viruses, spyware, and hacking techniques. And its purpose was to kill people, not stymie mechanical processes. Stuxnet was an act of sabotage. This was an act of war. Bush was also growing to trust McConnell implicitly, asking him to deliver the daily

president had authorized a covert set of cyber attacks on an Iranian nuclear facility, using the computer worm that later came to be known as Stuxnet. Bush told Obama that the sabotage operation, code-named Olympic Games, was one of two intelligence missions that he believed the new president shouldn’t

and militants in Pakistan using armed aerial drones. Obama agreed on both counts. And for the cyber program, he ordered up a new round of Stuxnet attacks in 2009. Unlike Bush, who had opted to quietly degrade and frustrate the Iranians’ capability to make a nuclear weapon, Obama wanted to cause

penetrate different software programs through hidden flaws that the Iranians hadn’t detected. The new features made it a more destructive weapon. Researchers generally credit Stuxnet with destroying one thousand centrifuges between 2009 and 2010. This was only about 20 percent of the total number operating at the plant, and the

Iranians had more centrifuges in reserve to replace the damaged equipment. But Obama administration officials have said that Stuxnet set back Iran’s weapons program by up to two years. That’s precious and valuable time if, as appears to be the case

, Stuxnet was designed to forestall a war, not to start one. But those aggressive programming features also increased the chances that Stuxnet would be discovered, which eventually it was, in June 2010, when an obscure security company

in Belarus discovered the first evidence of a computer virus that would later be dubbed Stuxnet. Researchers initially speculated that a flaw in the worm’s code (which of course was now more complex, and thus more prone to error) had

Internet. But what’s not generally known is that this leaping aspect was perhaps not a bug but a feature. In addition to breaking centrifuges, Stuxnet was also designed for reconnaissance. It sent the Internet address and host names of infected computers back to its command center. Why would any of

for a weapon that was built to attack machines behind an air gap, where they were separated from the Internet? The obvious answer is that Stuxnet’s designers knew it wouldn’t stay behind the air gap for long. And perhaps they didn’t want it to

. Stuxnet was also designed to scout out networks and computers inside Natanz as it looked for the right target to attack. The contractors inside the plant

worked for other clients as well. If their laptops became infected with Stuxnet, and they carried those computers to their other work sites, the worm might perform this reconnaissance function at other nuclear facilities in Iran

. Stuxnet could tell the United States who those nuclear contractors were working for, where other nuclear facilities in Iran were located, and perhaps how far along

. It could potentially give the Americans more insight into Iran’s nuclear program than any human spies ever had. Obama’s decision to escalate the Stuxnet attack wasn’t without risk, but the potential upside to US intelligence-gathering efforts was too tempting to ignore. No wonder McConnell and Bush took

in technologies sold and used around the world allow the NSA to spy without being detected and, if need be, disable the technologies themselves. The Stuxnet computer worm that destroyed centrifuge equipment in the Iranian nuclear facility relied on a previously unknown weakness in a control system used by Siemens. Computer

and agreed to keep it undefended. In any event, the NSA clearly had inside knowledge of some kind about the weakness and rolled it into Stuxnet’s design. The military also trains its cyber warriors, who work through US Cyber Command, to hack some of the most widely used communications equipment

-ranking government official who was told about the cache in a classified meeting with NSA officials. That is an astonishingly large number of exploits. The Stuxnet computer worm, which the United States built in conjunction with Israel to disable the Iranian nuclear facility, contained four zero day exploits, which is itself

and to governments that don’t suppress civil rights and activism. There is also no regime for controlling the proliferation of cyber weapons such as Stuxnet. Foreign policy officials in the United States, Russia, China, and elsewhere have publicly broached the idea of a cyber arms treaty in recent years, but

well as patriotic “hacktivists.” Reportedly, the Iranian regime had spent more than $1 billion since 2011 on offense and defensive capabilities, in response to the Stuxnet attack as well as two other computer viruses that infected systems in Iran and were widely presumed to be the work of American and Israeli

could severely wound a company by obliterating its stores of corporate information. Some US officials suspected that Iran mounted the attack in retaliation for the Stuxnet worm. If that was so, it marked an escalation in intentional cyber warfare and showed that the United States couldn’t expect to launch cyber

president had already okayed: In addition to the author’s own interviews with current and former US officials and computer security experts, information about the Stuxnet campaign was drawn from voluminous research papers and news articles, of which the following provided key details: Ralph Langner

, “Stuxnet’s Secret Twin,” Foreign Policy, November 21, 2013, http://www.foreignpolicy.com/articles/2013/11/19/stuxnets_secret_twin_iran_nukes_cyber_attack#sthash.nq7VuMAC.8FWcquMx.dpbs; David Sanger, “Obama Order Sped Up Wave

Bamford, “The Secret War,” Wired, June 12, 2013, http://www.wired.com/threatlevel/2013/06/general-keith-alexander-cyberwar/all/; and Jim Finkle, “Researchers Say Stuxnet Was Deployed Against Iran in 2007,” Reuters, February 26, 2013, http://www.reuters.com/article/2013/02/26/us-cyberwar

-stuxnet-idUSBRE91P0PP20130226. [>] The prior year had been one of the bloodiest: Casualty statistic from iCasualties.org, http://icasualties.org/Iraq/index.aspx. [>] Iraqi civilian deaths: Ibid.,

/articles/2013-02-14/a-chinese-hackers-identity-unmasked. [>] “There aren’t enough”: Davis speech. [>] “Universities don’t want to touch”: Jason Koebler, “NSA Built Stuxnet, but Real Trick Is Building Crew of Hackers,” US News & World Report, June 8, 2012, http://www.usnews.com/news/articles/2012/06/08/nsa

-built-stuxnet-but-real-trick-is-building-crew-of-hackers. 4. The Internet Is a Battlefield [>] The agency’s best-trained: For more on TAO, see the

bank cyber breach, [>], [>]; CIA installation of spyware, [>]; concerns working with US government, [>], [>], [>]–[>]; and the NSA, [>]–[>], [>]–[>], [>], [>], [>], [>], [>]; as Tier [>], [>] IOC. See Information Operations Center Iran, [>], [>], [>], [>], [>]–[>]. See also Stuxnet program Iraq, [>], [>], [>]–[>], [>], [>], [>], [>], [>], [>]–[>], [>] Ironavenger operation, [>] Israel, [>], [>] Italy, [>]–[>] Izz ad-Din al-Qassam Brigades, [>], [>] Johnson & Johnson, [>] Joint Chiefs of Staff, [>], [>]–[>], [>] Joint Special Operations Command (JSOC), [>], [>], [>]–[>], [>] Joint Strike

Institute of Standards and Technology North Africa, [>]–[>], [>] North Korea, [>], [>], [>], [>], [>] Northrop Grumman, [>], [>], [>], [>] NSA. See National Security Agency NSC. See National Security Council nuclear facilities, [>], [>], [>], [>], [>], [>]. See also Stuxnet program Obama, Barack: China relations, [>], [>]–[>]; critical infrastructure executive orders, [>]–[>], [>], [>]; cyber security as a top priority, [>], [>], [>]–[>], [>]; homeland security executive order, [>]; and the Mandiant report, [>]–[>], [>]–[>]; and the

Yankee, [>]–[>], [>]; Flatliquid, [>]–[>], [>] n. [>]; Freedomnet, [>]; Ironavenger, [>]; natural gas system investigation, [>]–[>], [>]; Operation Aurora (see China, cyber campaign against the US); Operation b54, [>], [>]; Operation Byzantine Foothold, [>]; Shifting Shadow, [>]–[>]; Stuxnet, [>], [>]–[>], [>], [>], [>], [>]; Tranche 2 plan, [>]–[>], [>]; Turbulence program, [>] Outlook e-mail, [>], [>] Packeteer software, [>] Pakistan, [>], [>], [>], [>]–[>] Palantir Technologies, [>], [>] Panetta, Leon, [>], [>], [>]–[>] password security: bypass of (see backdoors); capture of, [>], [>], [>], [>], [>], [>], [>], [>]; flimsy password

-phishing, [>], [>], [>], [>], [>]; used by FBI, [>], [>]–[>]; used by TAO, [>]–[>] spyware, vehicles for: e-mail, [>], [>], [>], [>], [>]–[>]; links, [>]; software updates, [>]–[>], [>], [>]; thumb drive, [>], [>], [>]–[>] Stasio, Bob, [>]–[>], [>]–[>], [>], [>]–[>] Stellar Wind program, [>], [>]–[>] Stokes, Bruce, [>]–[>] Stratfor, [>]–[>] Stuxnet program, [>], [>]–[>], [>], [>], [>], [>], [>] surveillance technology, [>], [>], [>], [>] Sweden, [>] Syria, [>], [>], [>]–[>], [>] tactics: botnets, [>], [>], [>], [>]; changing nature of, [>], [>], [>]; clock skew, [>]; crashes, [>]–[>], [>]–[>], [>], [>], [>], [>]; cyber kill chain, [>]–[>]; defense, [>], [>]–[>], [>], [>]–[>], [>], [>]–[>]; denial-of-service attacks, [>], [>], [>], [>], [>]; e-mail, posing as

also spear-phishing); firmware crash, [>]; fuzzing, [>]–[>]; hijacking computers/servers, [>], [>], [>], [>], [>]; keystroke monitoring, [>], [>], [>], [>]; quarantine, [>], [>]; redirection of traffic to NSA-controlled server, [>]; tagging specific computers, [>]; worms, [>], [>], [>], [>]–[>], [>] (see also Stuxnet program). See also hack-backs; viruses; zero day exploits Tailored Access Operations (TAO), [>]–[>], [>], [>], [>], [>]–[>], [>]–[>], [>], [>], [>] Taiwan, [>] Taliban, [>], [>]–[>] TAO. See Tailored Access Operations Target, [>], [>], [>] TASC, [>]–[>] Team Themis, [>]–[>] telecommunications

, [>]–[>], [>]–[>] warrant issues, [>], [>], [>], [>], [>] water utilities, [>], [>] weapons systems, [>], [>], [>], [>] Weatherford, Mark, [>], [>], [>] Wells Fargo, [>], [>], [>] Wen Jiabao, [>] White House, [>], [>], [>], [>], [>], [>]–[>] WikiLeaks, [>]–[>], [>] The Wire (television series), [>], [>] World War II, [>], [>] worms, [>], [>], [>], [>]–[>], [>]. See also Stuxnet program Yahoo, [>], [>], [>], [>] YouTube, [>] Yugoslavia, [>] zero, patient, [>], [>] zero day exploits: against Adobe, [>]; each can only be used once, [>]; and Endgame, [>], [>], [>]; installed by China, [>]; produced by the

The New Digital Age: Transforming Nations, Businesses, and Our Lives

by Eric Schmidt and Jared Cohen  · 22 Apr 2013  · 525pp  · 116,295 words

The Perfect Weapon: War, Sabotage, and Fear in the Cyber Age

by David E. Sanger  · 18 Jun 2018  · 394pp  · 117,982 words

Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World

by Bruce Schneier  · 2 Mar 2015  · 598pp  · 134,339 words

When Computers Can Think: The Artificial Intelligence Singularity

by Anthony Berglas, William Black, Samantha Thalind, Max Scratchmann and Michelle Estes  · 28 Feb 2015

Smart Cities: Big Data, Civic Hackers, and the Quest for a New Utopia

by Anthony M. Townsend  · 29 Sep 2013  · 464pp  · 127,283 words

The Fifth Domain: Defending Our Country, Our Companies, and Ourselves in the Age of Cyber Threats

by Richard A. Clarke and Robert K. Knake  · 15 Jul 2019  · 409pp  · 112,055 words

Future Crimes: Everything Is Connected, Everyone Is Vulnerable and What We Can Do About It

by Marc Goodman  · 24 Feb 2015  · 677pp  · 206,548 words

Engineering Security

by Peter Gutmann

Spies, Lies, and Algorithms: The History and Future of American Intelligence

by Amy B. Zegart  · 6 Nov 2021

Click Here to Kill Everybody: Security and Survival in a Hyper-Connected World

by Bruce Schneier  · 3 Sep 2018  · 448pp  · 117,325 words

There's a War Going on but No One Can See It

by Huib Modderkolk  · 1 Sep 2021  · 295pp  · 84,843 words

Underground

by Suelette Dreyfus  · 1 Jan 2011  · 547pp  · 160,071 words

DarkMarket: Cyberthieves, Cybercops and You

by Misha Glenny  · 3 Oct 2011  · 274pp  · 85,557 words

The New Rules of War: Victory in the Age of Durable Disorder

by Sean McFate  · 22 Jan 2019  · 330pp  · 83,319 words

Exponential: How Accelerating Technology Is Leaving Us Behind and What to Do About It

by Azeem Azhar  · 6 Sep 2021  · 447pp  · 111,991 words

Fancy Bear Goes Phishing: The Dark History of the Information Age, in Five Extraordinary Hacks

by Scott J. Shapiro  · 523pp  · 154,042 words

Whiplash: How to Survive Our Faster Future

by Joi Ito and Jeff Howe  · 6 Dec 2016  · 254pp  · 76,064 words

Pax Technica: How the Internet of Things May Set Us Free or Lock Us Up

by Philip N. Howard  · 27 Apr 2015  · 322pp  · 84,752 words

The Future of War

by Lawrence Freedman  · 9 Oct 2017  · 592pp  · 161,798 words

Mossad: The Greatest Missions of the Israeli Secret Service

by Michael Bar-Zohar and Nissim Mishal  · 1 Jan 2010  · 427pp  · 127,496 words

Cult of the Dead Cow: How the Original Hacking Supergroup Might Just Save the World

by Joseph Menn  · 3 Jun 2019  · 302pp  · 85,877 words

The Second Machine Age: Work, Progress, and Prosperity in a Time of Brilliant Technologies

by Erik Brynjolfsson and Andrew McAfee  · 20 Jan 2014  · 339pp  · 88,732 words

The Stack: On Software and Sovereignty

by Benjamin H. Bratton  · 19 Feb 2016  · 903pp  · 235,753 words

The Autonomous Revolution: Reclaiming the Future We’ve Sold to Machines

by William Davidow and Michael Malone  · 18 Feb 2020  · 304pp  · 80,143 words

Demystifying Smart Cities

by Anders Lisdorf

Every Nation for Itself: Winners and Losers in a G-Zero World

by Ian Bremmer  · 30 Apr 2012  · 234pp  · 63,149 words

The Seventh Sense: Power, Fortune, and Survival in the Age of Networks

by Joshua Cooper Ramo  · 16 May 2016  · 326pp  · 103,170 words

The Death of Money: The Coming Collapse of the International Monetary System

by James Rickards  · 7 Apr 2014  · 466pp  · 127,728 words

The Driver in the Driverless Car: How Our Technology Choices Will Create the Future

by Vivek Wadhwa and Alex Salkever  · 2 Apr 2017  · 181pp  · 52,147 words

New Dark Age: Technology and the End of the Future

by James Bridle  · 18 Jun 2018  · 301pp  · 85,263 words

Strategy Strikes Back: How Star Wars Explains Modern Military Conflict

by Max Brooks, John Amble, M. L. Cavanaugh and Jaym Gates  · 14 May 2018  · 278pp  · 84,002 words

Four Battlegrounds

by Paul Scharre  · 18 Jan 2023

Pegasus: How a Spy in Your Pocket Threatens the End of Privacy, Dignity, and Democracy

by Laurent Richard and Sandrine Rigaud  · 17 Jan 2023  · 350pp  · 115,802 words

I, Warbot: The Dawn of Artificially Intelligent Conflict

by Kenneth Payne  · 16 Jun 2021  · 339pp  · 92,785 words

The Quest: Energy, Security, and the Remaking of the Modern World

by Daniel Yergin  · 14 May 2011  · 1,373pp  · 300,577 words

Spam Nation: The Inside Story of Organized Cybercrime-From Global Epidemic to Your Front Door

by Brian Krebs  · 18 Nov 2014  · 252pp  · 75,349 words

The System: Who Owns the Internet, and How It Owns Us

by James Ball  · 19 Aug 2020  · 268pp  · 76,702 words

Liars and Outliers: How Security Holds Society Together

by Bruce Schneier  · 14 Feb 2012  · 503pp  · 131,064 words

Age of Discovery: Navigating the Risks and Rewards of Our New Renaissance

by Ian Goldin and Chris Kutarna  · 23 May 2016  · 437pp  · 113,173 words

Bibi: The Turbulent Life and Times of Benjamin Netanyahu

by Anshel Pfeffer  · 30 Apr 2018  · 530pp  · 154,505 words

Rise and Kill First: The Secret History of Israel's Targeted Assassinations

by Ronen Bergman  · 30 Jan 2018  · 1,071pp  · 295,220 words

The Great Firewall of China

by James Griffiths;  · 15 Jan 2018  · 453pp  · 114,250 words

The Butterfly Defect: How Globalization Creates Systemic Risks, and What to Do About It

by Ian Goldin and Mike Mariathasan  · 15 Mar 2014  · 414pp  · 101,285 words

Dawn of the Code War: America's Battle Against Russia, China, and the Rising Global Cyber Threat

by John P. Carlin and Garrett M. Graff  · 15 Oct 2018  · 568pp  · 164,014 words

The Age of Radiance: The Epic Rise and Dramatic Fall of the Atomic Era

by Craig Nelson  · 25 Mar 2014  · 684pp  · 188,584 words

Connectography: Mapping the Future of Global Civilization

by Parag Khanna  · 18 Apr 2016  · 497pp  · 144,283 words

Enlightenment Now: The Case for Reason, Science, Humanism, and Progress

by Steven Pinker  · 13 Feb 2018  · 1,034pp  · 241,773 words

Digital Bank: Strategies for Launching or Becoming a Digital Bank

by Chris Skinner  · 27 Aug 2013  · 329pp  · 95,309 words

On the Future: Prospects for Humanity

by Martin J. Rees  · 14 Oct 2018  · 193pp  · 51,445 words

Warnings

by Richard A. Clarke  · 10 Apr 2017  · 428pp  · 121,717 words

Rise of the Robots: Technology and the Threat of a Jobless Future

by Martin Ford  · 4 May 2015  · 484pp  · 104,873 words

Culture & Empire: Digital Revolution

by Pieter Hintjens  · 11 Mar 2013  · 349pp  · 114,038 words

Pay Any Price: Greed, Power, and Endless War

by James Risen  · 15 Feb 2014  · 339pp  · 99,674 words

Future War: Preparing for the New Global Battlefield

by Robert H. Latiff  · 25 Sep 2017  · 158pp  · 46,353 words

Disrupt and Deny: Spies, Special Forces, and the Secret Pursuit of British Foreign Policy

by Rory Cormac  · 14 Jun 2018  · 407pp

How Long Will Israel Survive Threat Wthn

by Gregg Carlstrom  · 14 Oct 2017  · 337pp  · 100,541 words

Chokepoints: American Power in the Age of Economic Warfare

by Edward Fishman  · 25 Feb 2025  · 884pp  · 221,861 words

The Wires of War: Technology and the Global Struggle for Power

by Jacob Helberg  · 11 Oct 2021  · 521pp  · 118,183 words

The End of Big: How the Internet Makes David the New Goliath

by Nicco Mele  · 14 Apr 2013  · 270pp  · 79,992 words

The Future of Fusion Energy

by Jason Parisi and Justin Ball  · 18 Dec 2018  · 404pp  · 107,356 words

The Twittering Machine

by Richard Seymour  · 20 Aug 2019  · 297pp  · 83,651 words

We Are Anonymous: Inside the Hacker World of LulzSec, Anonymous, and the Global Cyber Insurgency

by Parmy Olson  · 5 Jun 2012  · 478pp  · 149,810 words

What to Think About Machines That Think: Today's Leading Thinkers on the Age of Machine Intelligence

by John Brockman  · 5 Oct 2015  · 481pp  · 125,946 words

The Silk Roads: A New History of the World

by Peter Frankopan  · 26 Aug 2015  · 1,042pp  · 273,092 words

The Best Business Writing 2013

by Dean Starkman  · 1 Jan 2013  · 514pp  · 152,903 words

The Complacent Class: The Self-Defeating Quest for the American Dream

by Tyler Cowen  · 27 Feb 2017  · 287pp  · 82,576 words

To Save Everything, Click Here: The Folly of Technological Solutionism

by Evgeny Morozov  · 15 Nov 2013  · 606pp  · 157,120 words

Building Secure and Reliable Systems: Best Practices for Designing, Implementing, and Maintaining Systems

by Heather Adkins, Betsy Beyer, Paul Blankinship, Ana Oprea, Piotr Lewandowski and Adam Stubblefield  · 29 Mar 2020  · 1,380pp  · 190,710 words

The Fourth Industrial Revolution

by Klaus Schwab  · 11 Jan 2016  · 179pp  · 43,441 words

50 Future Ideas You Really Need to Know

by Richard Watson  · 5 Nov 2013  · 219pp  · 63,495 words

Reset

by Ronald J. Deibert  · 14 Aug 2020

The Age of AI: And Our Human Future

by Henry A Kissinger, Eric Schmidt and Daniel Huttenlocher  · 2 Nov 2021  · 194pp  · 57,434 words

Doing Time Like a Spy

by John Kiriakou  · 11 May 2017  · 299pp  · 96,608 words