Stuxnet cyberattack: Does new WikiLeaks cable shed light on who did it?
A document newly released by WikiLeaks shows that US officials were advised last year by a leading German expert on Iran to adopt "a policy of covert sabotage," possibly including "computer hacking" to disable Iranian nuclear fuel-enrichment facilities.
A Jan. 21, 2010, confidential cable released Tuesday by WikiLeaks reveals that Philip Murphy, US ambassador to Germany, informed American officials that the expert had advised that, from a German point of view, "covert sabotage (unexplained explosions, accidents, computer hacking etc) would be more effective than a military strike whose effects in the region could be devastating."
The Guardian newspaper on Tuesday identified the expert – whose name was blacked out in the confidential cable – as Volker Perthes, director of the Institute for Security and International Affairs, a German think tank that receives government funding. In an interview with that newspaper, Dr. Perthes confirmed the substance of the comments transmitted by the cable.
On its face, the new WikiLeaks cable seems to fall in line with recent news reports alleging US involvement in the deployment of Stuxnet, the world's first known cyber super weapon, The Stuxnet computer worm is reported to have seriously damaged about one-fifth of the centrifuge systems in Iran's nuclear fuel-enrichment program.
On Sunday, The New York Times reported that anonymous sources had confirmed that American and Israeli intelligence services were jointly responsible for developing and launching the Stuxnet worm at Iran's nuclear program. In an interview broadcast Monday, Saeed Jalili, Iran's chief nuclear negotiator, told NBC News that internal investigations had revealed US involvement in the cyberattack. "I have witnessed some documents that show [American participation]," he said.
But the new WikiLeaks revelation actually adds nothing to the news reports suggesting US involvement in a cyberattack on Iran, says Stewart Baker, a visiting fellow at the Center for Strategic and International Studies in Washington.
First, it's unknown how much weight Washington would give to Perthes's view favoring a cyberattack, Dr. Baker says. Second, Ambassador Murphy's dispatch about Perthes's advice came at least six months after the earliest versions of Stuxnet are believed to have been deployed, he notes.
"This WikiLeaks cable really does not add anything to the argument for US involvement," Baker says. "I just don't think the US would have been inspired by a diplomatic cable to take action of this sort. Beside that, the timing is all wrong. His advice comes well after Stuxnet was released."
The Wikileaks document's significance may be to show that the US would probably have had support from an ally for a cyberattack – if it chose to launch one, he says.
The notion that the US or Israel – or possibly China or India – had a motive to attempt cybersabotage of Iran's nuclear program has been detailed since September, when Stuxnet was first identified as a cyberweapon.
Like recent news reports, many early accounts of Stuxnut also conjectured that the US or Israel was responsible. In one report, for instance, Stuxnet source code was widely reported to have within it references to Myrtus, the Hebrew word for Esther, a biblical heroine that saved Israel. Other words and dates also suggested Israeli involvement.
Yet it was also possible that such "clues" were a bit of mischievous misdirection by an unknown party, cybersecurity experts have noted. As yet, there is no smoking gun tying Stuxnet to the US, even if there are many reasons an Iranian adversary might give cybersabotage a try, Baker says.
"Cyberweapons certainly do have advantages: deniability, stealth, and an ability to target facilities." he says. "But even if that's all true, the fact is that such weapons can be used by all sides. We have to ask ourselves what we will do if an equally sophisticated weapon is used against us. That's troubling because we [in the US] clearly don't have a good defense against this kind of attack."
