Depuis décembre 2010, la France dispose d’un système de surveillance des échanges entre pays du Sud dans des domaines clés comme l’armement ou le nucléaire. Grâce à une sélection des données accessibles sur le Web.

—-

Les nouveaux espions ne rasent pas tous les murs et ne prennent pas toujours des risques inconsidérés. Certains sont assis derrière leur ordinateur et se contentent de fixer leur écran. Ceux-là pourraient presque être vous et moi. Ce sont juste des fonctionnaires connectés à un système inédit, baptisé Osiris.

Conçu par la CEIS (Compagnie européenne d’intelligence stratégique), une petite société française d’intelligence économique, pour la Délégation aux affaires stratégiques (DAS) du ministère de la Défense, ce système vise à surveiller rencontres à haut niveau et échanges technologiques entre pays du Sud dans les domaines clés de l’armement, de l’aéronautique et (un peu) du nucléaire civil. Quatre-vingt-seize pays sont scrutés à la loupe via 546 sources «ouvertes» : médias, ministères, think tanks et aussi blogs (grosses sources d’infos qu’on appelle ici «idiots utiles»).

Les pays du Sud, c’est quoi ? Tel que le définissent les concepteurs d’Osiris, le Sud regroupe grosso modo les pays non membres de l’Occident «otanien», sauf qu’il exclut le Japon et l’Australie, mais comprend la Turquie et Israël. Opérationnelle depuis décembre, cette base de données permet, à l’aide de mots-clés, de visualiser l’information en continu sous forme de cartes, d’histogrammes ou de tableaux.

Jeux d’alliances

Prenons un pays et des dates au hasard : l’Iran du 21 septembre au 12 octobre 2010. Avec Osiris, il suffit d’un clic pour noter une grosse activité diplomatique sur cette période. Voyez plutôt. 21 septembre : Téhéran invite Ankara à coopérer dans l’espace et l’automobile (une info du Jerusalem Post) ; Ahmadinejad rencontre le président algérien Bouteflika sur le chemin de New York (sur le site d’Afrique Actu) ; 24 septembre : Pretoria laisse filer des technologies sensibles vers Téhéran malgré le tollé américain (The Guardian) ; 4 octobre : Le Caire et Téhéran vont être à nouveau reliés par des vols directs (Gulf News) ; 5 octobre : l’Iran et l’Erythrée décident de renforcer leur coopération (Ethiopian Journal) ; 6 octobre : le chef du Parlement iranien va se rendre en visite officielle au Kazakhstan (dixit le ministère des Affaires étrangères) ; 12 octobre : un avion chinois s’est ravitaillé en carburant sur le sol iranien en chemin vers la Turquie (Hurriyet Daily News)…

Mises bout à bout, ces infos en disent long sur les jeux d’alliances de l’Iran. Idem pour d’autres pays clés de la région, tels le Yémen, la Turquie ou Israël. En vingt minutes, Osiris permet de télécharger tous les articles faisant état des liens noués par l’un ou l’autre de ces Etats avec un autre. «On voit que ça démarre souvent par des visites de courtoisie et que ça se termine par des accords stratégiques», explique un expert.

Il y a deux ans déjà, les concepteurs d’Osiris partaient du principe que, dans le monde d’aujourd’hui, ce sont bien des relations Sud-Sud que peuvent survenir les modifications majeures des équilibres régionaux. Les révolutions qui secouent depuis plusieurs semaines les pays arabes montrent qu’ils étaient sur la bonne voie. Autre exemple, très concret : si Osiris avait été mis en place plus tôt, peut-être les industriels français du nucléaire auraient-ils pu s’apercevoir de l’intensification des relations entre la Corée du Sud et Abou Dhabi. Un rapprochement qui a abouti au rejet du réacteur nucléaire français EPR par les Emirats au profit de la technologie sud-coréenne. «On a tendance à se focaliser sur la Chine et l’Inde mais on voit bien que le danger économique, pour un pays comme la France, ce sont davantage la Turquie et la Corée du Sud qui commencent à nous concurrencer sur nos créneaux. Les Sud-Coréens, on les regardait sur l’électroménager et paf ! on les voit arriver sur le nucléaire et les trains à grande vitesse», note Bertrand Slaski, l’un des concepteurs d’Osiris à la CEIS, installée à Paris.

Pourquoi mettre en place un nouveau système de collecte d’informations alors que la France compte déjà bon nombre de services – plus ou moins secrets – constitués dans ce but – la Direction générale de la sécurité extérieure (DGSE) et la Direction du renseignement militaire (DRM) pour ne citer qu’elles ? Au ministère de la Défense, on explique que ces services sont principalement conçus pour traquer l’information cachée. En gros, ils ne s’abaissent pas à fouiller dans l’info publique… Or, à l’heure où tout est ouvert et couvert, de Google à Facebook, des agences de presse aux blogs, le renseignement crucial se trouve parfois là, sous nos yeux. Si évident qu’on ne le voit plus. «Les infos arrivent bien plus vite et en plus grandes quantités. Face à cela, l’administration est un peu désarçonnée, poursuit Slaski. Or, avec une bonne méthodologie et de bons outils, on arrive à faire le tri.»

Echanges tous azimuts

Le père spirituel d’Osiris se nomme Nicolas Regaud. Il est directeur adjoint de la DAS. «On vit la fin d’une parenthèse de domination occidentale. Aujourd’hui, les choses se passent ailleurs aussi, et il faut les suivre», dit-il. Spécialiste de l’Asie, Nicolas Regaud a très vite vu, au début des années 2000, monter le bouillonnement de cette zone avec des échanges tous azimuts destinés à doper des industries stratégiques embryonnaires. Alors basé au Secrétariat général à la défense nationale (SGDN), il propose l’idée d’Osiris, mais celle-ci tombe dans un trou noir. Trop tôt. Pas assez mure. Une fois arrivé à la DAS, il repropose l’idée, et son directeur, Michel Miraillet, lance la machine à phosphorer.

Un appel d’offres est émis en 2009. Il est gagné par la CEIS, une société d’intelligence économique discrète mais bien implantée dans le réseau industriel et militaire. Un contrat d’environ 200 000 euros sur trois ans pour concevoir et alimenter l’outil dans ses propres bureaux est signé dans la foulée.

La CEIS, elle, a été créée en 1997 par un ex-député UDF des Bouches-du-Rhône, Olivier Darrason, branché sur les questions de défense, donc proche des milieux de l’armement. Quand il se fait battre aux législatives cette année-là, Darrason décide de fonder sa boîte dans le créneau naissant en France de l’intelligence économique (prospective stratégique, risques opérationnels, transferts de technologie, lobbying). Bingo ! Quinze ans plus tard, la CEIS compte 85 consultants salariés et 30 experts attachés parmi lesquels des ex-chefs d’états-majors ou d’anciens préfets. Et des bureaux à Bruxelles, Pékin, Astana (Kazakhstan), Abou Dhabi et, bientôt, Moscou.

L’emplacement de la CEIS, boulevard Saint-Germain à Paris, est révélateur des relations qu’elle est parvenue à tisser . Des fenêtres du luxueux immeuble dont il occupe près de trois étages, Olivier Darrason a vue sur le ministère de la Défense, et ne se trouve qu’à quelques centaines de mètres de la Direction des affaires stratégiques tapie derrière un magnifique cloître, en plein cœur du quartier Latin. Une situation qui devra être à repensée quand l’ensemble du ministère de la Défense partira s’installer à Balard, dans le fameux «Pentagone» à la française, en construction en bordure de la capitale.

Dans toutes les langues

«Dans le domaine de la technologie, si on n’a pas d’avance, on est mort»,affirme Darrason. Dans les locaux de la CEIS, où la moyenne d’âge tourne autour de la trentaine, on trouve un desk, vaste bureau aux murs couverts d’horloges donnant l’heure sur chaque continent, peuplé de jeunes gens assurant un système de veille vingt-quatre heures sur vingt-quatre dans toutes les langues, ou presque. Et aussi la petite équipe (cinq personnes environ) chargée d’actualiser Osiris à chaque instant. Les administrations (Affaires étrangères, Bercy, Défense, Intérieur…) ont chacune un log-in qui leur permet d’y accéder. Trois mois après sa mise en place, Osiris semble avoir trouvé son public. «On est plutôt contents. Mais Osiris ne sera un succès que si les administrations s’en emparent. Si elles continuent à utiliser leurs favoris sur Internet, c’est mort ! Le plus grand danger, dit-on à la DAS, c’est la paresse intellectuelle.»

Les bons espions ne sont pas forcément ceux que l’on croit. Ils ne rasent pas systématiquement les murs et ne prennent pas toujours de risques inconsidérés. Certains sont juste assis derrière leur ordinateur et se contentent de fixer leur écran. Ceux-là pourraient presque être vous et moi. Ce sont simplement des fonctionnaires connectés au système Osiris. Conçu par une petite société d’intelligence économique, CEIS, pour le compte de la Délégation aux affaires stratégiques (DAS) du Ministère de la Défense, Osiris est un système unique en son genre qui vise à surveiller, à partir de sources «ouvertes», rencontres à haut niveau et échanges technologiques entre pays du sud dans les domaines clés de l’armement, de l’aéronautique et (un peu) du nucléaire civil. Les pays du sud, c’est quoi ? Le Japon et l’Australie sont-ils considérés comme des pays du sud par exemple ? Non, mon général. Le sud, tel que le définissent les concepteurs d’Osiris, regroupe la plupart des pays du monde à l’exception de l’occident «otanien», sauf qu’il exclut le Japon, l’Australie et le Canada mais comprend la turquie et Israël. Opérationnelle depuis décembre, cette base de données permet, à l’aide de mots-clés, de visusaliser l’information en continu sous forme de cartes, d’histogrammes ou de tableaux. Prenons un pays et une semaine au hasard: l’Iran du 21 septembre au 12 octobre 2010. Avec Osiris, il suffit d’un clic pour noter une grosse activité diplomatique sur cette période. Voyez plutôt: 21 septembre:Téhéran invite Ankara à coopérer dans les secteurs de l’automobile et de l’espace (une info du Jerusalem Post); Ahmadinejad rencontre Bouteflika sur le chemin de New-York (AfriqueActu); 24 septembre: Pretoria laisse filer des technologies sensibles vers Teheran malgré le tollé américain (le Guardian); 4 octobre: le Caire et Teheran vont être à nouveau reliés par des vols directs (Gulfnews); 5 octobre: l’Iran et l’Erythrée vont renforcer leur coopération (Ethiopian Journal); 6 octobre: le chef du parlement iranien va se rendre en visite officielle au Kazakhstan (Ministère des affaires étrangères); 12 octobre: un avion chinois s’est ravitaillé en carburant sur le sol iranien en chemin vers la Turquie (Hurriyet Daily News)…Mises bout à bout, ces infos parfaitement «ouvertes» en disent long sur les jeux d’alliance de Téhéran. Idem pour d’autres pays clés, tels le Yemen, la Turquie ou Israël. En 20 minutes seulement, Osiris permet de télécharger tous les articles faisant état des liens noués par l’un ou l’autre de ces Etats – en termes de coopération militaire ou de transferts technologiques – avec un autre Etat du Sud. Il y a deux ans déjà , les concepteurs d’Osiris partaient du principe que, dans le monde d’aujourd’hui, ce sont bien des relations «Sud-Sud» que peuvent survenir les surprises stratégiques et les modifications majeures d’équilibres régionaux. Les révolutions qui secouent depuis plusieurs semaines les pays arabes montrent qu’ils étaient sur la bonne voie. Autre exemple, très concret cette fois: si Osiris avait été mis en place plus tôt, peut-être les industriels français du nucléaire auraient-ils pu s’apercevoir de l’intensification des relations entre la Corée du Sud et Abu Dhabi, rapprochement qui a abouti au rejet du réacteur nucléaire français EPR par les Emirats au profit du réacteur sud-coréen. On ne mettra pas notre tête sur le billot mais c’est fort possible. «On a tendance à se focaliser sur la Chine et l’Inde mais on voit bien que le danger économique, pour un pays comme la France, ce sont des pays comme la Turquie et la Corée du Sud qui commencent à nous concurrencer sur nos créneaux. Les Sud-Coréens, par exemple, on les regardait sur l’électroménager et paf! on les voit arriver sur le nucléaire et les trains à grande vitesse!» explique Bertrand Slaski, un des concepteurs d’Osiris chez CEIS. Pourquoi mettre en place un nouveau système de collecte d’informations alors que la France compte déjà bon nombre de services plus ou moins secrets constitués dans ce but (la Direction générale de la sécurité extérieure (DGSE) et la Direction du renseignement militaire (DRM) pour ne citer qu’elles)? La réponse n’est pas évidente. Au ministère de la Défense, on explique que ces services-là sont essentiellement conçus pour rechercher l’information cachée. En gros, ils ne s’abaissent pas à fouiller dans l’information publique. Or, à l’heure où tout est ouvert et couvert, de Google à Facebook, des agences de presse aux blogs, le renseignement crucial se trouve parfois là, sous nos yeux, au vu et au su de tout le monde, si évident qu’on ne le voit plus. «Les infos arrivent aujourd’hui bien plus vite et en plus grandes quantités. Or, face à ça, l’administration est un peu désarçonnée, poursuit Slaski. Or, avec une bonne méthodologie et de bons outils, on arrive à faire le tri de façon assez efficace». Le père spirituel d’Osiris se nomme Nicolas Regaud, directeur-adjoint de la Délégation aux affaires stratégiques. Spécialiste de l’Asie, il voit très vite , au début des années 2000, monter le bouillonnement de cette zone avec des échanges tous azimuths destinés à doper des industries stratégiques embryonnaires. Alors basé au Secrétariat général à la Défense Nationale (SGDN), il propose l’idée mais celle-ci tombe dans un trou noir. Trop tôt. Pas assez mûr. Une fois arrivé à la DAS, il repropose l’idée et son directeur, Michel Miraillet, enclanche la machine à phosphorer. Un appel d’offres est lancé au printemps 2009. Il est gagné par une petite société d’intelligence économique discrète mais bien implantée dans le réseau industriel et militaire: CEIS (Compagnie européenne d’Intelligence stratégique). CEIS a été créée en 1997 par un ancien député UDF des Bouches-du-Rhône, Olivier Darrason, spécialisé dans les questions de défense et donc très proche des industriels de l’armement. Quand il se fait battre, en 1997, plutôt que de revenir dans le corps préfectoral dont il est issu, il choisit de créer sa boite dans ce créneau – alors naissant en France – de l’intelligence économique (prospective stratégique, risques opérationnels, transferts de technologie, lobbying…). Bingo! Quinze ans plus tard, CEIS compte 85 consultants salariés et une trentaine d’experts attachés parmi lesquels d’ex chefs d’Etat-majors ou préfets. Ainsi que des bureaux à Bruxelles, Pekin, Astana (Kazakhstan), Abu Dhabi et bientôt Moscou, excusez du peu. Mieux encore, CEIS est basé à Paris dans un endroit stratégique : le boulevard Saint-Germain. Des fenêtres du luxueux immeuble dont il occupe près de trois étages, Olivier Darrason a vue sur…le ministère de la Défense. Et il lui suffit de faire…disons…cinq cent mètres, pour se retrouver à la Direction des affaires stratégiques tapie derrière un magnifique cloître en plein coeur de Saint-Germain des prés un magnifique cloître, en plein coeur de Saint-Germain des Prés! Certes, cet emplacement stratégique sera à revoir très vite quand l’ensemble du ministère de la Défense partira s’installer à Balard, dans le fameux «Pentagone» à l’américaine, en cours de construction en bordure de la capitale. Mais, pour l’heure, CEIS veille… «Dans le domaine de la technologie, si on n’a pas d’avance, on est mort», affirme Darrason qui travaille ainsi à sécuriser un lien entre la France et le Kazakhstan dans le domaine des terres rares, ces métaux utilisés dans tous les matériels de haute technologie sur lesquels la Chine tente de garder la haute main. Dans les locaux de CEIS, où la moyenne d’âge tourne autour de la trentaine, il a installé un «desk», un système de veille fonctionnant 24h sur 24 dans toutes les langues. Et un système de recherche automatique d’informations avec des logiciels permettant de faire un premier tri de l’information «ouverte», dans une vingtaine de langues, avant que celle-ci ne soit triée une deuxième fois par des analystes.

Written by: FPRI

In a global triangulation that would excite any conspiracy buff, the globalization of terrorism now links Colombian FARC with Hezbollah, Iran with Russia, elected governments with violent insurgencies, uranium with AK-103s, and cocaine with oil. At the center of it all, is Latin America—especially the countries under the influence of Venezuelan President Hugo Chávez.

The most publicized (and publicly contested) connection between Hugo Chávez and the Colombian narcoterrorist organization Revolutionary Armed Forces of Colombia (FARC) was revealed after the March 2008 Colombian raid on the FARC camp in Devía, inside Ecuador, where a laptop was discovered that apparently belonged to Luis Edgar Devía Silva (aka, “Raúl Reyes”), head of FARC’s International Committee (COMINTER). The Colombian government under then-President Álvaro Uribe announced that Interpol had certified the authenticity of the contents of the computer disks, whose files traced over US$ 200 million funneled to the FARC through the Venezuelan state-owned, and completely Chávez-dominated, Petróleos de Venezuela (PDVSA). On May 10th, 2011, the International Institute of Strategic Studies (IISS) will publish one of its strategic dossiers based on a study of the computer disks entitled The FARC Files: Venezuela, Ecuador and the Secret Archives of ‘Raúl Reyes’ that purports to elucidate the organization’s development and internationalization.

According to some already leaked documents, Venezuelan General Hugo Carvajal and other members of the armed forces were in direct contact with and lending financial support to the late FARC leader Antonio Marín, aka “Tirofijo” (“Sure Shot”) and “Manuel Marulanda.” Of the fact that the FARC enjoys at least ideological support from the governments of Ecuador and Venezuela, there can be no doubt: Venezuelan President Hugo Chávez and Ecuadorean President Rafael Correa have both argued that the FARC should not be considered a terrorist organization.

While support of the insurgents next door is certainly nothing new, Venezuelan military and terror alliances are spanning the globe and expanding at a worrying rate for all, especially US interests in the region.

As I wrote in The Weekly Standard last October[1], Venezuelan President Hugo Chávez and Russian President Dimitry Medvedev jointly announced that they had reached an agreement for Russia to build two 1200-megawatt nuclear reactors in Venezuela. Also part of the deal was the latest installment of $6.6 billion of conventional weapons purchases since 2005: ninety-two T-72 and T-90 tanks that will replace the aging French MX-30s, ten Ilyushin Il-76MD-90 planes, two Il-78MK refueling aircraft, as well as five S-300 missile systems. Iran had also sought the S-300 but Medvedev banned the sale for fear of violating U.N. Security Council Resolution 1929, concerning sanctions on Iran. The S-300 missiles and their attendant Smerch multiple rocket launchers are considered far more powerful than the Tor M-1 missile systems that both Venezuela and Iran have previously purchased in the past five years. Caracas has also confirmed plans to purchase up to 10 Mi-28NE attack helicopters on top of the 10 Mi-35M helicopters purchased in the past half-decade. That is an awful lot of weaponry for a country that has not fought a war since its independence from Spain in 1821.

While Chávez has said that he is arming his citizen militias, known as Bolivarian Circles, rumor has it that the weapons may also be going to agents and fighters from the Colombian FARC, the Iranian-backed terrorist group Hezbollah and Cuban security and intelligence services, whose numbers, according to many think tanks and U.S. security sources, have swelled in Venezuela. Interpol has confirmed evidence that Venezuela has funneled well over $300 million to the FARC and has built an ammunition plant to supply AK-103s, the FARC weapon of choice.

That is only one piece of the puzzle; the other is Iran, where Venezuelan money has also been flowing.

Venezuelan President Hugo Chávez and Iranian President Mahmoud Ahmadinejad publicly call each other “brothers” and last year signed 11 memoranda of understanding for, among other initiatives, joint oil and gas exploration, as well as the construction of tanker ships and petrochemical plants. Chávez’s assistance to the Islamic Republic in circumventing U.N. sanctions has got the attention of the new Republican leadership of the House Foreign Affairs Committee. Ileana Ros-Lehtinen and Connie Mack (both R-FL) have said they intend to launch a money-laundering investigation into the Venezuelan state oil company Petróleos de Venezuela, S.A. (PDVSA). In July 2010, the EU ordered the seizure of all the assets of the Venezuelan International Development Bank, an affiliate of the Export Development Bank of Iran (EDBI), one of 34 Iranian entities implicated in the development of nuclear or ballistic technology and sanctioned by the Treasury Department. In the meantime, Tehran and Caracas have announced that PDVSA will be investing $780 million in the South Pars gas field in southern Iran.

Uranium, sought by both Iran and Russia, is a key aspect of the two countries’ strategic relationship: Iran is reportedly helping Venezuela find and refine its estimated 50,000 tons of uranium reserves.

So, on one side Venezuela is funding and arming the FARC; on the other it is purchasing nuclear reactors and weapons from the Russians; on yet another, it is sending money to Iran and helping it find and enrich uranium. And then there is Hezbollah, Iran’s Lebanon-based asset.

Reports that Venezuela has provided Hezbollah operatives with Venezuelan national identity cards are so rife, they were raised in the July 27, 2010, Senate hearing for the recently nominated U.S. ambassador to Venezuela, Larry Palmer. When Palmer answered that he believed the reports, Chávez refused to accept him as ambassador in Venezuela. Meanwhile, Iran Air, the self-proclaimed “airline of the Islamic Republic of Iran,” operates a Tehran-Caracas flight commonly referred to as “Aeroterror” by intelligence officials for allegedly facilitating the access of terrorist suspects to South America. The Venezuelan government shields passenger lists from Interpol on that flight.

Iran, meanwhile, has developed significant relationships elsewhere in Latin America – most prominently with Chávez’s allies and fellow Bolivarian Revolutionaries: Bolivian President Evo Morales, Ecuadorean President Rafael Correa and Nicaraguan President Daniel Ortega.

In December 2008 the EDBI offered to deposit $120 million in the Ecuadorean Central Bank to fund bilateral trade, and Iran and Ecuador have signed a $30 million deal to conduct joint mining projects in Ecuador through the Chemical-Geotechnical-Metallurgical Research Center in Ecuador. Even as that deal carefully avoids mentioning uranium, the IAEA’s March 2009 plans to help Ecuador explore its vast uranium reserves were largely intended to highlight and preclude Iranian involvement. In February 2010 the Paris-based Financial Action Task Force, a multilateral organization that combats money laundering and terrorist financing, placed Ecuador on a list of countries that failed to comply with its regulations.

Middle Eastern terrorism, however, is not new to Latin America and has been on the US Army’s radar for many years. [2]

Latin America’s Tri-Border Area (TBA), bounded by Puerto Iguazu, Argentina; Ciudad del Este, Paraguay; and Foz do Iguacu, Brazil, has long been an ideal breeding ground for terrorist groups. The TBA, South America’s busiest contraband and smuggling center, is home to a large, active Arab and Muslim community consisting of a Shi’a majority, a Sunni minority, and a small population of Christians who emigrated from Lebanon, Syria, Egypt, and the Palestinian territories about 50 years ago. Most of these Arab immigrants are involved in commerce in Ciudad del Este but live in Foz do Iguacu on the Brazilian side of the Iguacu River.

In 2005, six million Muslims were estimated to inhabit Latin American cities. However, ungoverned areas, primarily in the Amazon regions of Suriname, Guyana, Venezuela, Colombia, Ecuador, Peru, Bolivia, and Brazil, present easily exploitable terrain over which to move people and material. The Free Trade Zones of Iquique, Chile; Maicao, Colombia; and Colón, Panama, can generate undetected financial and logistical support for terrorist groups. Colombia, Bolivia, and Peru offer cocaine as a lucrative source of income. In addition, Cuba and Venezuela have cooperative agreements with Syria, Libya, and Iran.

Argentine officials believe Hezbollah is still active in the TBA. They attribute the detonation of a car bomb outside Israel’s embassy in Buenos Aires on 17 March 1992 to Hezbollah extremists. Officials also maintain that with Iran’s assistance, Hezbollah carried out a car-bomb attack on the main building of the Jewish Community Center (AMIA) in Buenos Aires on 18 July 1994 in protest of the Israeli-Jordanian peace agreement that year.

Today, one of the masterminds of those attacks, the Iranian citizen and Shia Muslim teacher, Mohsen Rabbani, remains not only at large, but extremely active in recruiting young Brazilians, according to reports in Brazilian magazine Veja. [3] “Now based in Iran, he continues to play a significant role in the spread of extremism in Latin America,” prosecutor Alberto Nisman, head of the special unit of the Argentine prosecutors charged with investigating the attacks, said to VEJA. The enticement of Brazilians for courses abroad has been monitored for four years by the Federal Police and the ABIN, the government’s secret service.

One hundred eighty kilometers away from Recife, in rural Pernambuco, the city of Belo Jardim remains the most active center for the recruitment of extremists in Latin America. [4] Along with the recruits in Belo Jardim, youth from Argentina, Chile, Colombia, Costa Rica, and Mexico also travel to Iran for religious instruction under Rabbani.

The Federal Police has information that Rabbani has been to Brazil several times in recent years. In one of those visits, almost three years ago, he boarded the Iran Air flight from Tehran to Caracas, Venezuela and then from there, entered Brazil illegally.

So while ungovernability through either government weakness (or lack of will) to exert controls over immigration and the flows of money, drugs and weapons has always been an issue, it is the new government complicity that makes it all the more dangerous.

Even ahead of the IISS dossier’s publication, the most shocking revelations into the global interconnectedness of Latin American governments and Middle Eastern terrorist groups have come from Walid Makled, Venezuela’s latter-day Pablo Escobar, who was arrested on August 19, 2010 in Cúcuta, a town on the Venezuelan-Colombian border. A Venezuelan of Syrian descent known variously as “El Turco” (“The Turk”) or “El Arabe” (“The Arab”), he is allegedly responsible for smuggling 10 tons of cocaine a month into the US and Europe – a full 10% of the world’s supply and 60% of Europe’s supply. His massive infrastructure and distribution network make this entirely plausible, as well as entirely implausible the Venezuelan government did not know. Makled owned Venezuela’s biggest airline, Aeropostal, huge warehouses in Venezuela’s biggest port, Puerto Cabello, and bought enormous quantities of urea (used in cocaine processing) from a government-owned chemical company.

Indeed since his arrest and incarceration in the Colombian prison La Picota, Makled has given numerous interviews to various media outlets, in which he has claimed that he paid more than a million dollars a month to various high-ranking Venezuelan government officials who were his partners in trafficking FARC cocaine – amongst the named: Venezuelan Minister of the Interior and also Minister of Justice, Tarek El Aissami, the General-in-Chief of the Armed Forces Unified Command, General Henry Rangel Silva, and the Director of Military Intelligence, General Hugo Carvajal.

Although the US had issued an arrest warrant and subjected him to sanctions under the Kingpin Act, Makled is being extradited to Venezuela, not the US. While the US dithered on Colombia’s offer of extradition to the US, Venezuelan President Hugo Chávez requested Makled’s extradition to Venezuela, where he is (in the ultimate ironic twist) wanted for cocaine trafficking and at least two murders.

When asked on camera by a Univisión television reporter whether he had any relation to the FARC, he answered: “That is what I would say to the American prosecutor.” Asked directly whether he knew of Hezbollah operations in Venezuela, he answered: “In Venezuela? Of course! That which I understand is that they work in Venezuela. [Hezbollah] make money and all of that money they send to the Middle East.” [5]

Makled’s extradition to Venezuela rather than the US is thus a terrible loss for both the United States’s Global War on Terror (GWOT) and the world’s intelligence communities: in Venezuela’s heavily politicized judicial system Makled will never receive a fair trial and any testimony he might give will certainly be concealed.

The problem now is that Latin American support for terrorism has growing state support—and this should worry everyone.

————————-
Vanessa Neumann is an Associate of the University Seminar on Latin America at the School of International and Public Affairs (SIPA) at Columbia University. A native Venezuelan, Dr. Neumann has worked as a journalist in Caracas, London and the United States. She is Editor-at-Large of Diplomat, a London-based magazine to the diplomatic community and a regular contributor to The Weekly Standard on Latin American politics.

Notes
1. http://www.weeklystandard.com/blogs/hugo-ch-vezs-military-buildup-and-iranian-ties_511234.html
2. http://www.army.mil/professionalWriting/volumes/volume3/january_2005/1_05_4.html
3. http://veja.abril.com.br/blog/reinaldo/geral/brasil-vigia-suspeitos-de-elo-com-extremistas-no-ira/ http://veja.abril.com.br/blog/reinaldo/geral/quantos-sao-os-aneis-que-separam-o-pt-dos-terroristas-islamicos-que-atuam-no-brasil/ http://veja.abril.com.br/blog/reinaldo/geral/acordem-senhores-congressistas-ja-o-governo-nao-da-bola-terrorista-alicia-homens-pobres-do-interior-do-brasil-para-fazer-%E2%80%9Ccurso-de-religiao%E2%80%9D-no-ira/
4. http://interamericansecuritywatch.com/2011/04/20/the-terrorist-%E2%80%9Cprofessor%E2%80%9D/
5. http://colombiareports.com/colombia-news/news/15355-venezuela-houses-farc-and-hezbollah-drug-lord.html

About the author:  Founded in 1955, FPRI is a 501(c)(3) non-profit organization devoted to bringing the insights of scholarship to bear on the development of policies that advance U.S. national interests and seeks to add perspective to events by fitting them into the larger historical and cultural context of international politics.

by Jeremy Scahill

The team of US Special Operations Forces who killed Osama bin Laden in a pre-dawn raid on a compound in Abbottabad, Pakistan were led by elite Navy SEALS from the Joint Special Operations Command. Operators from SEAL Team Six, also known as the Naval Special Warfare Development Group, or just DevGru, are widely considered to be the most elite warriors in the US national security apparatus.

Col. W. Patrick Lang, a retired Special Forces officer with extensive operational experience throughout the Muslim world, described JSOC’s forces as “sort of like Murder, Incorporated.” He told The Nation: “Their business is killing al Qaeda personnel. That’s their business. They’re not in the business of converting anybody to our goals or anything like that.” Shortly after the operation was made public, retired Gen. Barry McCaffrey called JSOC’s operators the “most dangerous people on the face of the earth.”

“They’re the ace in the hole. If you were a card player, that’s your ace that you’ve got tucked away,” said Gen. Hugh Shelton, who was the Chair of the Joint Chiefs on 9/11, in an interview with The Nation. Shelton, who also headed the Special Operations Command during his career, described JSOC as “a surgical type of unit,” adding “if you need someone that can sky dive from thirty miles away, and go down the chimney of the castle, and blow it up from the inside—those are the guys you want to call on.” Shelton added, “they are the quiet professionals. They do it, and do it well, but they don’t brag about it. Someone has to toot their horn for them, because they won’t, normally.”

JSOC, which is headquartered at Pope Air Force Base and Fort Bragg in North Carolina, is an all star team made up of the Army’s Delta Force, SEAL Team Six, Army Rangers and the 160th Special Operations Aviation Regiment, also known as the “Night Stalkers.” JSOC performs strike operations, reconnaissance in denied areas and special intelligence missions. More recently, JSOC added a Targeting and Analysis Center in Rosslyn, Va, to its list of key facilities. For much of the Bush administration, JSOC was headed by Gen. Stanley McChrystal. Its job was to hunt down and kill individuals designated as “High Value Targets.” McChrystal’s successor at JSOC, Vice Admiral William McRaven, is himself a former SEAL. The current commander of SOCOM, Admiral Eric Olson, is a former SEAL Team Six commander. McRaven was recently been tapped to replace Olson as SOCOM commander. Several Special Operations sources have described for The Nation a very close relationship between President Obama and JSOC. Some allege Obama has used them to “hit harder” than President Bush.

Marc Ambinder described the bin Laden raid in his excellent report in the National Journal: “From Ghazi Air Base in Pakistan, the modified MH-60 helicopters made their way to the garrison suburb ofAbbottabad, about 30 miles from the center of Islamabad. Aboard were Navy SEALs, flown across the border from Afghanistan, along with tactical signals, intelligence collectors, and navigators using highly classified hyperspectral imagers. After bursts of fire over 40 minutes, 22 people were killed or captured. One of the dead was Osama bin Laden, done in by a double tap—boom, boom—to the left side of his face. His body was aboard the choppers that made the trip back. One had experienced mechanical failure and was destroyed by US forces.”

It remains unclear what, if any, role Pakistan’s military or intelligence forces played in the operation to kill bin Laden. US officials have said only that Pakistani intel aided the eventual operation. “We shared our intelligence on this bin Laden compound with no other country, including Pakistan,” said an unnamed senior Administration official. “That was for one reason and one reason alone: We believed it was essential to the security of the operation and our personnel.” The fact that bin Laden’s compound was a stone’s throw from a Pakistani military installation in an urban area raises disturbing questions about how Pakistan’s military or intelligence services would not be aware of his location. As of this writing, the White House has not commented on this fact.

The US has a lengthy history of US Special Operations Forces conducting targeted kill or capture operations inside Pakistan. “I would like to point out one sensitivity of Pakistan and its people and that it’s a violation of the sovereignty of Pakistan,” former Pakistani President Pervez Musharraf told Pakistan’s NDTV after bin Laden’s killing was announced. “American troops coming across the border and taking action in one of our towns, that is Abbotabad, is not acceptable to the people of Pakistan.” Musharraf’s comments are ironic given that he personally made a deal with Gen. McChrystal to allow US Special Ops Forces to cross into Pakistan from Afghanistan to target bin Laden or other al Qaeda leaders. The so-called “hot pursuit” agreement was predicated on Pakistan’s ability to deny it had given the US forces permission to enter Pakistan.

Both President Bush and President Obama have reserved the right for US forces to operate lethally and unilaterally in any country across the globe in pursuit of alleged high value terrorists. The Obama administration’s expansion of US Special Operations activities globally has been authorized under a classified order dating back to the Bush administration. Originally signed in early 2004 by then-Secretary of Defense Donald Rumsfeld, it is known as the “AQN ExOrd,” or Al Qaeda Network Execute Order. The AQN ExOrd was intended to cut through bureaucratic and legal processes, allowing US special forces to move into denied areas or countries beyond the official battle zones of Iraq and Afghanistan. Gen. David Petraeus, who is poised to become director of the CIA, expanded and updated that order in late 2009. “JSOC has been more empowered more under this administration than any other in recent history,” a Special Ops source told The Nation. “No question.”

SEAL Team Six also carried out the operation that killed the Somali pirates that hijacked the Maersk Alabama in April 2009. They flew from a discreet US base in Manda Bay, Kenya. “If it comes down to putting sharp shooters up on the deck of an aircraft, and making sure that first shot doesn’t miss, who do you want to do it?,” asks Gen. Shelton. Referring to Team Six, he adds: “they’re deadly accurate.”

The vast majority of JSOC’s missions are highly classified and compartmentalized. In some cases, JSOC operators have conducted operations without informing the combatant commanders of their presence. “Only a very small group of people inside our own government knew of this operation in advance,” a senior Obama Administration official said shortly after bin Laden’s killing was announced.

Col. Lawrence Wilkerson, who served as Secretary of State Colin Powell’s chief of staff from 2002 to 2005, has alleged that then-Vice President Dick Cheney and former Defense Secretary Donald Rumsfeld often circumvented the traditional military command structure in how they used JSOC. “What I was seeing was the development of what I would later see in Iraq and Afghanistan, where Special Operations forces would operate in both theaters without the conventional commander even knowing what they were doing,” Colonel Wilkerson told me in late 2009 for a story about JSOC in Pakistan. “That’s dangerous, that’s very dangerous. You have all kinds of mess when you don’t tell the theater commander what you’re doing.”

Wilkerson said that almost immediately after assuming his role at the State Department under Colin Powell, he saw JSOC being politicized and developing a close relationship with the executive branch. He saw this begin, he said, after his first Delta Force briefing at Fort Bragg. “I think Cheney and Rumsfeld went directly into JSOC. I think they went into JSOC at times, perhaps most frequently, without the SOCOM [Special Operations] commander at the time even knowing it. The receptivity in JSOC was quite good,” said Wilkerson. “I think Cheney was actually giving McChrystal instructions, and McChrystal was asking him for instructions.” He said the relationship between JSOC and Cheney and Rumsfeld “built up initially because Rumsfeld didn’t get the responsiveness. He didn’t get the can-do kind of attitude out of the SOCOM commander, and so as Rumsfeld was wont to do, he cut him out and went straight to the horse’s mouth. At that point you had JSOC operating as an extension of the [administration] doing things the executive branch–read: Cheney and Rumsfeld–wanted it to do. This would be more or less carte blanche. You need to do it, do it. It was very alarming for me as a conventional soldier.”

While JSOC–and the Navy SEALs in particular–will become legendary in a much broader circle as a result of the bin Laden killing, the secretive unit has had its share of controversy. JSOC forces were responsible for the botched rescue that ended up killing British aid worker Linda Norgrove in Afghanistan on October 8, 2010. JSOC also carried out a raid in Gardez, Afghanistan in February 2010 during which two pregnant women and an Afghan police commander trained by the US were killed. In that case, senior Afghan security officials and eyewitnesses claimed that US forces dug the bullets out of the dead women’s bodies. Initially, JSOC’s forces tried to cover up the incident by blaming the killings on a Taliban “honor killing.” Eventually, Admiral McRaven took responsibility for the botched raid and apologized to the family.

Several Special Ops sources say that President Obama has taken concrete steps to once again integrate JSOC more fully into the broader US military strategy globally. The bin Laden operation, which was done in concert with the CIA, seems to be evidence of that. The primacy of JSOC within the Obama administration’s foreign policy–from Yemen and Somalia to Afghanistan and Pakistan–indicates that he has doubled down on the Bush-era policy of targeted assassination as a staple of US foreign policy.

For links to The Nation’s complete coverage of Osama bin Laden’s death, click here.

Recently India conducted a successful ballistic missile defence test which was capable enough to intercept and kill the incoming missile. This shows that Indian ballistic missile defence program comprising of long range tracking radar, command and control system and the interceptor, is maturing at a faster pace. As a result, the South Asian strategic stability would be challenged as there are diversification of threats and limited response options, BMD adds value to the complexity of the region.

India believes in nuclear dominance in the region and aspires to have extended self defence. It aims to become a global power. The technological edge that it is struggling to acquire over Pakistan and China has been to some extent proven by the successful ballistic missile defence test it conducted on 6th March 2011. Till now India has conducted six tests out of which four were successful and two failed due to technological reasons. But now India would proudly be a part of the elite club of the ‘BMD haves’ which includes United States, Russia and Israel.

India acquired the system with the technological assistance of United States and Israel. Indian BMD program has a two-tiered system namely Prithvi Air Defence (PAD) for high altitude interception and Advanced Air Defence (AAD) for lower altitude interception. The PAD missiles are for intercepting ballistic missiles at altitudes between 50-80 km and the Advanced Air Defence (AAD) missile is for destroying them at heights ranging 15-30 km.

India’s future plans include two new anti ballistic missiles that can intercept Inter Continental Ballistic Missiles (ICBM) namely Advanced Defence (AD-1 and AD-2) which would be capable of intercepting and destroying a missile at a range around 5,000 km (3,100 mi)

India justifies its acquisition of BMD by stating that as India has a no first use policy (NFU) therefore in order to ensure its second strike capability and to be able to absorb the first strike and retaliate it needs BMD. This would add value to its deterrent capability. Indian BMD is theatre missile defence it cannot protect the entire Indian soil but can only give protection to its some land-based strategic locations. It has Nuclear submarines INS Arihant which would be inducted in Indian Navy by 2012 will protect its seas.

Another dimension that adds fuel to the fire is the Indian plan to accommodate the Anti-Satellite (ASAT) as apart of its BMD program. India believes that its high-altitude interceptors can indeed serve as Anti–Satellite weapons (ASAT) which would be capable of destroying low orbit satellites. India perceives that its space assets are not secure and are threatened from China, as China possesses Anti-Satellite weapons therefore it has all the right to acquire ASAT which will ultimately enhance its security in space. Moreover before a legally binding framework comes into being which would prohibit the acquisition of Anti-Satellite weapons India wants to be the part of the club of ‘ASAT haves’ rather than ‘have-nots’.

DRDO Director General V.K. Saraswat announced during 97th Indian Science Congress “India was developing lasers and an exo-atmospheric kill vehicle that could be combined to produce a weapon to destroy enemy satellites in orbit, kill vehicle, which is needed for intercepting the satellite, needs to be developed, and that work is going on as part of the ballistic missile defense program by 2014.”

India is on the road to acquire laser-based anti-ballistic missile systems called Directed Energy Weapons (DEWs). DEW weapons can kill incoming ballistic missiles by bombarding them with subatomic particles or electromagnetic waves. The weapons are capable of intercepting missiles soon after they are launched towards India. According to DRDO scientist the DEW laser weapon is capable of producing 25-kilowatt pulses that can destroy a ballistic missile within seven kilometers. One of these weapons is the air defense dazzler, which can engage enemy aircraft and helicopters at a range of 10 kilometers.

The Indian pursuit of BMD and its goal to accommodate ASAT will have regional implications. It not only provokes Pakistan but also China to take requisite steps in order to have counter measures to overcome Indian BMD. As a result of which China conducted successful BMD test in 2010 and is on the road to acquire effective BMD program in near future.

Whereas, Pakistan’s economy does not support it to acquire BMD program. Pakistan would feel insecure as its counter measure strike capability is not sufficient and secondly it does not possess any assured second strike capability. That is the reason that it sticks to First Use policy to equalize the deterrent equation. It would ultimately engage in acquiring additional missiles and launchers to devise a much larger attacking force which would elude the Indian interceptors, leading to triangular security dilemma in the region.

Moreover Pakistan would improve the nuclear arsenals qualitatively and quantitatively as it considers the nuclear weapons an integral part of its defence system which would result in nuclear instability.

This rapid technological inflow, aim to have a comprehensive space program and western discriminatory approaches to make India a ‘Shining India’ is very threatening for Pakistan and China also up to an extent. India has been accommodated into the four export control regimes namely Missile Technology Control Regime (MTCR), Australia Group (AG), Wassanar Arrangment (WA) and Nuclear Supplier Group (NSG) would further make India technology enabler and legitimizing India’s status.

Indian defence and space companies DRDO and ISRO respectively have been removed from entity list which would provide India hi-tech and nuclear technology access. India will further pursue its space program and struggle to get the technological edge over Pakistan and China.

This shows that India would be able to pursue its ballistic missile defence program and is planning to deploy it in near future and If India does so it will assure its second strike capability. Although BMD is defensive technology, highly expensive and technologically uncertain but its possession fortifies a state to adopt offensive policies. India has moved from deterrence to pre-emption compelling states to further improve their response option which destabilizes the strategic equation of the entire region.

———
About the author:
Rida Zeenat is working as a Research Fellow at the South Asian Strategic Stability Institute (SASSI). She holds M.Sc. degree in Defence and Diplomatic Studies from Fatima Jinnah Women University, Pakistan. Her M.Sc. dissertation was based on “Pakistan’s Nuclear Doctrine of Credible Minimum Deterrence”. She has also participated at various current affairs television programs.

Source

Qaddafi was shaken up badly Friday, Feb. 25, when many of his air force commanders decided to no longer obey his orders or those of his commanders, DEBKAfile’s exclusive military sources report. This loss deprived him at one stroke of one of the key pillars sustaining his fight for survival against the opposition since Sunday, Feb. 20. It means he is short of an essential resource for recapturing the eastern half of the country where half of Libya’s oil wealth and its main oil export terminals are situated.
Friday, NATO Council and the UN Security Council meet in separate emergency sessions to consider ways to halt the bloodletting in Libya and punish its ruler Qaddafi for his violent crackdown of protesters.
DEBKAfile reported on Feb. 22: The 22,000-strong Libyan Air Force with its 13 bases is Muammar Qaddafi’s mainstay for survival against massive popular and international dissent. The 44 air transports and a like number of helicopters swiftly lifted loyal tribal militiamen fully armed from the Sahara and dropped them in the streets of Tripoli Monday Feb. 21.
Thursday Qaddafi launched an offensive to wrest the coastal towns around Tripoli from rebel hands. Our military sources report that tanks pounded opposition positions in the towns of Misrata, 25 km to the east of Tripoli and Zawiya, 30 km west of the capital, under the command of Gen. Khweldi Hamidi, a Qaddafi kinsman.
In a bloody battle, the insurgents ousted Qaddafi’s forces from Misrata, but his troops broke through to Zawiya and captured the town at great loss of life. There are no reliable casualty figures but hundreds are believed to have been killed Thursday on both sides.
Later that day, the insurgents of Cyrenaica announced they were firmly in control of the region including Libya’s main export oil terminal in Benghazi, the country’s second largest town. Whether or not they decide to block the fuel supplies coming from Qaddafi-ruled areas, their seizure of the facility alone was enough to send oil prices shooting up again on world markets.
Thursday night, Brent crude went for $117 the barrel in London and $103 in New York.
In a 30-minute telephone interview Thursday night, Qaddafi again charged that Al Qaeda and the Muslim Brotherhood had instigated the protest uprising in Libya. He warned that the fall of Cyrenaica would open Libya to the establishment of a Muslim jihadi and radical rear base for attacks on Europe and incursions into Egypt.

SOURCE

“La Chine a toujours veillé à garder sous contrôle le montant de ses dépenses de défense”, a déclaré le porte-parole du Parlement, Li Zhaoxing, en qualifiant ces dépenses de “relativement modestes” comparativement au reste du monde. M. Li, un ancien ministre des affaires étrangères, a ajouté que le chiffre représentait 6 % du budget national de la Chine.

“Cela ne représente une menace pour aucun pays”, a-t-il souligné. L’augmentation marque cependant un retour à un nombre à deux chiffres, après une pause l’an passé, où l’augmentation avait été annoncée à + 7,5 %.

“Cela veut dire qu’ils [les Chinois] vont affirmer leurs positions en politique étrangère et de sécurité, en particulier vis-à-vis de pays comme les Etats-Unis, le Japon ou encore vis-à-vis de Taïwan, les généraux étant très écoutés”, a déclaré Willy Lam, de la Chinese University de Hongkong. En se dotant dans l’opacité de matériel militaire de plus en plus sophistiqué, la Chine menace la suprématie des Etats-Unis dans le Pacifique et inquiète ses voisins, estiment des experts.

Source: Le Monde

The alleged agents for the UAE are said to have spied on the Omani government and military.

The UAE government denies any knowledge of – or link with – such a network, according to its news agency.

The neighbouring countries are members of the Gulf Co-operation Council and normally enjoy good relations.

Government sources in Oman say the ring was discovered some months ago and that a number of Omani nationals have been arrested.

The spies may have been interested in the issue of the succession of Oman’s Sultan Qaboos, according to a security official quoted by the Agence France-Presse news agency.

The sultan is 70 years old and does not have children.

But others suggested the alleged spy ring could be more related to regional politics.

“One possibility is that the UAE wants to know more about Iran-Oman relations because of Tehran and Muscat’s long ties in security and military co-operation,” Theodore Karasik, from the Institute for Near East and Gulf Military Analysis, told Reuters news agency.

Oman has close relations with Iran, partly because the two countries are joint gatekeepers of the Strait of Hormuz, the route for 40% of the world’s oil tanker traffic.

But the sultanate also has strong military and diplomatic ties with the West.

The UAE is a staunch ally of the United States.

UAE authorities received the news with “shock and surprise” according to the Wam news agency.

“The UAE expresses its full willingness to co-operate with… Oman in any investigations that it carries out in full transparency to uncover (those) who try to mar relations between the two countries,” said a foreign ministry statement.

SOURCE: BBC (31 January 2011)

——————-
Last summer, the world’s top software-security experts were panicked by the discovery of a drone-like computer virus, radically different from and far more sophisticated than any they’d seen. The race was on to figure out its payload, its purpose, and who was behind it. As the world now knows, the Stuxnet worm appears to have attacked Iran’s nuclear program. And, as Michael Joseph Gross reports, while its source remains something of a mystery, Stuxnet is the new face of 21st-century warfare: invisible, anonymous, and devastating.

BY MICHAEL JOSEPH GROSS• VANITY FAIR

All over Europe, smartphones rang in the middle of the night. Rolling over in bed, blinking open their eyes, civilians reached for the little devices and, in the moment of answering, were effectively drafted as soldiers. They shook themselves awake as they listened to hushed descriptions of a looming threat. Over the next few days and nights, in mid-July of last year, the ranks of these sudden draftees grew, as software analysts and experts in industrial-control systems gathered in makeshift war rooms in assorted NATO countries. Government officials at the highest levels monitored their work. They faced a crisis which did not yet have a name, but which seemed, at first, to have the potential to bring industrial society to a halt.

A self-replicating computer virus, called a worm, was making its way through thousands of computers around the world, searching for small gray plastic boxes called programmable-logic controllers—tiny computers about the size of a pack of crayons, which regulate the machinery in factories, power plants, and construction and engineering projects. These controllers, or P.L.C.’s, perform the critical scut work of modern life. They open and shut valves in water pipes, speed and slow the spinning of uranium centrifuges, mete out the dollop of cream in each Oreo cookie, and time the change of traffic lights from red to green.

Although controllers are ubiquitous, knowledge of them is so rare that many top government officials did not even know they existed until that week in July. Several major Western powers initially feared the worm might represent a generalized attack on all controllers. If the factories shut down, if the power plants went dark, how long could social order be maintained? Who would write a program that could potentially do such things? And why?

As long as the lights were still on, though, the geek squads stayed focused on trying to figure out exactly what this worm intended to do. They were joined by a small citizen militia of amateur and professional analysts scattered across several continents, after private mailing lists for experts on malicious software posted copies of the worm’s voluminous, intricate code on the Web. In terms of functionality, this was the largest piece of malicious software that most researchers had ever seen, and orders of magnitude more complex in structure. (Malware’s previous heavyweight champion, the Conficker worm, was only one-twentieth the size of this new threat.) During the next few months, a handful of determined people finally managed to decrypt almost all of the program, which a Microsoft researcher named “Stuxnet.” On first glimpsing what they found there, they were scared as hell.

“Zero Day”
One month before that midnight summons—on June 17—Sergey Ulasen, the head of the Anti-Virus Kernel department of VirusBlokAda, a small information-technology security company in Minsk, Belarus, sat in his office reading an e-mail report: a client’s computer in Iran just would not stop rebooting. Ulasen got a copy of the virus that was causing the problem and passed it along to a colleague, Oleg Kupreev, who put it into a “debugger”—a software program that examines the code of other programs, including viruses. The men realized that the virus was infecting Microsoft’s Windows operating systems using a vulnerability that had never been detected before. A vulnerability that has not been detected before, and that a program’s creator does not know exists, is called a “zero day.” In the world of computer security, a Windows zero-day vulnerability signals that the author is a pro, and discovering one is a big event. Such flaws can be exploited for a variety of nefarious purposes, and they can sell on the black market for as much as $100,000.

The virus discovered by Ulasen was especially exotic, because it had a previously unknown way of spreading. Stick a flash drive with the virus into a laptop and it enters the machine surreptitiously, uploading two files: a rootkit dropper (which lets the virus do whatever it wants on the computer—as one hacker explains, “ ‘Root’ means you’re God”) and an injector for a payload of malicious code that was so heavily encrypted as to be, to Ulasen, inscrutable. The most unsettling thing about the virus was that its components hid themselves as soon as they got into the host. To do this, the virus used a digital signature, an encrypted string of bits that legitimate software programs carry to show that they come in peace. Digital signatures are like passports for software: proof of identity for programs crossing the border between one machine and the next. Viruses sometimes use forged digital signatures to get access to computers, like teenagers using fake IDs to get into bars. Security consultants have for several years expected malware writers to make the leap from forged signatures to genuine, stolen ones. This was the first time it was known to have actually happened, and it was a doozy of a job. With a signature somehow obtained from Realtek, one of the most trusted names in the business, the new virus Ulasen was looking at might as well have been carrying a cop’s badge.

What was this thing after that its creators would go to such extravagant lengths? Ulasen couldn’t figure that part out—what the payload was for. What he did understand was the basic injection system—how the virus propagated itself—which alone demanded an alert. Ulasen and Kupreev wrote up their findings, and on July 5, through a colleague in Germany, they sent a warning to the Microsoft Security Response Center, in Redmond, Washington. Microsoft first acknowledged the vulnerability the next day. Ulasen also wrote to Realtek, in Taiwan, to let them know about the stolen digital signature. Finally, on July 12, Ulasen posted a report on the malware to a security message board. Within 48 hours, Frank Boldewin, an independent security analyst in Muenster, Germany, had decrypted almost all of the virus’s payload and discovered what the target was: P.L.C.’s. Boldewin posted his findings to the same security message board, triggering the all-points bulletin among Western governments.

The next day, July 15, a tech reporter named Brian Krebs broke the news of the virus on his blog. The day after that, Microsoft, having analyzed the malware with the help of outside researchers, issued the first of several defenses against the virus. At this point it had been detected in only a few sites in Europe and the U.S. The largest number of infections by far—more than 15,000, and growing fast—was found in Asia, primarily in India, Indonesia, and, significantly, Iran.

In the process of being publicly revealed, the virus was given a name, using an anagram of letters found in two parts of its code. “Stuxnet” sounded like something out of William Gibson or Frank Herbert—it seethed with dystopian menace. Madison Avenue could hardly have picked a name more likely to ensure that the threat got attention and to take the image of a virus viral.

Yet someone, apparently, was trying to help Stuxnet dodge the bullet of publicity. On July 14, just as news of its existence was starting to spread, Stuxnet’s operators gave it a new self-defense mechanism. Although Stuxnet’s digital signature from Realtek had by now been revoked, a new version of Stuxnet appeared with a new digital signature from a different company, JMicron—just in time to help the worm continue to avoid detection, despite the next day’s media onslaught. The following week, after computer-security analysts detected this new version, the second signature, too, was revoked. Stuxnet did not attempt to present a third signature. The virus would continue to replicate, though its presence became easier to detect.

On July 15, the day Stuxnet’s existence became widely known, the Web sites of two of the world’s top mailing lists for newsletters on industrial-control-systems security fell victim to distributed-denial-of-service attacks—the oldest, crudest style of cyber-sabotage there is. One of the first known acts of cyber-warfare was a DDoS attack on Estonia, in 2007, when the whole country’s Internet access was massively disrupted. The source of such attacks can never be identified with absolute certainty, but the overwhelming suspicion is that the culprit, in that instance, was Russia. It is not known who instigated the DDoS attacks on the industrial-control-systems-security Web sites. Though one of the sites managed to weather the attack, the other was overloaded with requests for service from a botnet that knocked out its mail server, interrupting a main line of communication for power plants and factories wanting information on the new threat.

The secret of Stuxnet’s existence may have been blown, but clearly someone—someone whose timing was either spectacularly lucky or remarkably well informed—was sparing no effort to fight back.

Omens of Doomsday
The volcanoes of Kamchatka were calling to Eugene Kaspersky. In the first week of July, the 45-year-old C.E.O. and co-founder of Kaspersky Lab, the world’s fourth-largest computer-security company, had been in his Moscow office, counting the minutes until his Siberian vacation would start, when one of his engineers, who had just received a call about Stuxnet from Microsoft, came rushing in, barely coherent: “Eugene, you don’t believe, something very frightening, frightening, frightening bad.”

After VirusBlokAda found Stuxnet, and Microsoft announced its existence, Kaspersky Lab began researching the virus. Kaspersky shared its findings with Microsoft, and the two undertook an unusual collaboration to analyze the code. Symantec, ESET, and F-Secure also published extensive analyses of Stuxnet, and Symantec later joined Microsoft’s formal collaboration with Kaspersky to study the worm.

Kaspersky is a 1987 graduate of the Soviet Institute of Cryptography, Telecommunications and Computer Science, which had been set up as a joint project of the K.G.B. and the Russian Ministry of Defense. He has beetling gray eyebrows and a flair for the dramatic. He drives a Ferrari, sponsors a Formula 1 racing team, and likes Jackie Chan movies so much that he hired Chan as a company spokesman. It would be an exaggeration to say that Stuxnet thrilled him, but he and many of his colleagues had been waiting for something like this to happen for years. Computer security, like many of the fixing professions, thrives on unacknowledged miserabilism. In omens of doomsday, its practitioners see dollar signs. As one of Kaspersky’s top competitors told me, “In this business, fear is my friend.”

To help lead his Stuxnet team, Kaspersky chose Roel Schouwenberg, a bright-eyed, ponytailed Dutch anti-virus researcher who, at 26, has known Kaspersky for almost a decade. (When he was in high school, Schouwenberg took it upon himself to troll the Web for viruses and, for fun, e-mail daily reports on them to the C.E.O. he had read about online.) Analysts at Kaspersky and Symantec quickly found that Stuxnet exploited not a single zero-day flaw but in fact four of them, which was unprecedented—one of the great technical blockbusters in malware history.

As the zero days piled up, Kaspersky says, he suspected that a government had written Stuxnet, because it would be so difficult and time-consuming for an outsider to find all these flaws without access to the Windows source code. Then Kaspersky lowers his voice, chuckles, and says, “We are coming to the very dangerous zone. The next step, if we are speaking in this way, if we are discussing this in this way, the next step is that there were a call from Washington to Seattle to help with the source code.”

To Schouwenberg and many others, Stuxnet appears to be the product of a more sophisticated and expensive development process than any other piece of malware that has become publicly known. A Symantec strategist estimated that as many as 30 different people helped write it. Programmers’ coding styles are as distinctive as writers’ prose styles. One expert estimated that the worm’s development took at least six months. Once Stuxnet was released into the wild, other technicians would have maintained the command-and-control servers in Denmark and Malaysia to which Stuxnet phoned home to report its current locations and seek updates.

Most curious, there were two major variants of the worm. The earliest versions of it, which appear to have been released in the summer of 2009, were extremely sophisticated in some ways but fairly primitive in others, compared with the newer version, which seems to have first circulated in March 2010. A third variant, containing minor improvements, appeared in April. In Schouwenberg’s view, this may mean that the authors thought Stuxnet wasn’t moving fast enough, or had not hit its target, so they created a more aggressive delivery mechanism. The authors, he thinks, weighed the risk of discovery against the risk of a mission failure and chose the former.

There seemed no end to the odd surprises that Stuxnet had to offer. In a July 15 posting, Alexander Gostev, who wrote Kaspersky Lab’s blog on the worm, mysteriously quoted from a botanical entry in Wikipedia: “Myrtus (myrtle) is a genus of one or two species of flowering plants in the family Myrtaceae.”

“Why the sudden foray into botany?,” Gostev asked. His answer: “Because the rootkit driver code contains the following string: b:\myrtus\src\objfre_w2k_x86\i386\guava.pdb.” Gostev went on to raise the specter of a “Project ‘Myrtus’ ” and added portentously: “To be continued?” Although Gostev never returned to his musings on Stuxnet’s botanical allusion, he had planted a seed that would very quickly sprout.

At the end of July, just before Eugene Kaspersky came home from the volcanoes, Schouwenberg started trying to persuade a writer from The New York Times to cover Stuxnet. Without specific information on the source or the target, though, the topic was a nonstarter. Then, on September 16, an industrial-control-systems-security expert in Hamburg made a sensational blog posting about Stuxnet, whose deployment he would soon dub “operation myrtus.” And he was pretty sure he knew what the myrtle reference signified. The man had never been quoted in a newspaper before, but he was about to shift the global conversation about Stuxnet in a radically new direction.

Self-Directed Stealth Drone
‘Am I crazy, or am I a genius?” The question would not leave Ralph Langner alone. He was having trouble sleeping. Sometimes he thought the C.I.A. was watching him. Langner, a voluble man of 52, is built like a whippet, with short hair neatly parted to the side. His Hamburg-based company is a big name in the small world of industrial-control-systems security, and counts some of Germany’s largest automotive and chemical corporations among its clients. Langner had been reverse engineering the payload of Stuxnet throughout August, and he was the first analyst to announce that it contained two components that he called “warheads.” Langner had come to believe that Stuxnet was aimed at Iran’s nuclear program. Iran has been suspected of trying to build a nuclear bomb for several years, and in 2003 it failed to disclose details regarding uranium-enrichment centrifuges to inspectors from the International Atomic Energy Agency. Western governments have been trying to stop Iran’s nuclear program ever since, using diplomatic pressure, trade embargoes, and covert operations.

Stuxnet had initially grabbed the tech world’s attention as a hack of the Windows operating system—a virus that exploited an unknown vulnerability. This was like learning that someone had found his way into your house, and figuring out how they got inside. Next, Frank Boldewin had discovered what valuables the intruder was after—programmable-logic controllers. Specifically, the target was P.L.C.’s made by the German engineering conglomerate Siemens. Finally, Langner figured out the rudiments of what Stuxnet’s payload did—that is, how the intruder went about his work. When Stuxnet moves into a computer, it attempts to spread to every machine on that computer’s network and to find out whether any are running Siemens software. If the answer is no, Stuxnet becomes a useless, inert feature on the network. If the answer is yes, the worm checks to see whether the machine is connected to a P.L.C. or waits until it is. Then it fingerprints the P.L.C. and the physical components connected to the controller, looking for a particular kind of machinery. If Stuxnet finds the piece of machinery it is looking for, it checks to see if that component is operating under certain conditions. If it is, Stuxnet injects its own rogue code into the controller, to change the way the machinery works. And even as it sabotages its target system, it fools the machine’s digital safety system into reading as if everything were normal.

Industrial-control systems have been sabotaged before. But never have they been remotely programmed to be physically altered without someone’s fingers on a keyboard somewhere, pulling the virtual trigger. Stuxnet is like a self-directed stealth drone: the first known virus that, released into the wild, can seek out a specific target, sabotage it, and hide both its existence and its effects until after the damage is done. This is revolutionary. Langner’s technical analysis of the payload would elicit widespread admiration from his peers. Yet he also found himself inexorably drawn to speculation about the source of the malware, leading him to build a detailed theory about who had created it and where it was aimed.

Near the start of September, Langner Googled “Myrtus” and “Hebrew” and saw a reference to the book of Esther, a biblical story in which Jews foil a Persian plot against them. He then Googled “Iran” and “nuclear,” looking for signs of trouble, and discovered that the Bushehr power plant had been experiencing mysterious construction delays. (Although Bushehr is only a power plant, its nuclear reactor could produce plutonium in low-enriched uranium fuel that could be re-purposed for weapons.) Next, Langner sent an e-mail about Stuxnet to his friend Joe Weiss, who organizes the top industrial-control-systems cyber-security conference in the U.S. (and wrote the standard book on the topic, Protecting Industrial Control Systems from Electronic Threats). Langner would later post that e-mail to his blog: “Ask your friends in the government and in the intelligence community what they know about the reasons why Bushehr didn’t go operational last month. BTW, did somebody from Israel register to attend the conference? ” Eventually, Langner decided to just put it out there. He would post his theory that Stuxnet was the first literal cyber-weapon, and that it had been aimed by Israel at Bushehr, and see what happened.

Plenty happened. The Christian Science Monitor published a report on Langner’s theory on September 21. The next day, a German newspaper published an article by another German computer expert, Frank Rieger, claiming that, in fact, the cyber-weapon had been aimed not at Bushehr but at Iran’s Natanz uranium-enrichment facility. The Iran speculation pinged across the Web. Two days later, Riva Richmond posted a version of Langner’s theory on the Times’s technology blog, Gadgetwise. The Times’s David E. Sanger then took the ball and ran with it, suggesting that Stuxnet may have been part of a covert U.S. intelligence operation to sabotage Iran’s nuclear program that had started under President George W. Bush and had been accelerated after Barack Obama took office. One Iranian-government official reportedly admitted that the worm had been found in government systems, but another official claimed that the damage was “not serious.” Then the Iranian government announced that it had arrested “nuclear spies,” possibly in connection with the Stuxnet episode, according to the Times. Rumors swirled online that the accused spies had been executed.

“If I did not have the background that I had, I don’t think I would have had the guts to say what I said about Stuxnet,” Langner says now, finishing his second glass of wine during lunch at a Viennese restaurant in Hamburg. Langner studied psychology and artificial intelligence at the Free University of Berlin. He fell into control systems by accident and found that he loved the fiendishly painstaking work. Every control system is like a bespoke suit made from one-of-a-kind custom fabric—tailored precisely for the conditions of that industrial installation and no other. In a profession whose members have a reputation for being unable to wear matching socks, Langner is a bona fide dandy. “My preference is for Dolce & Gabbana shoes,” he says. “Did you notice, yesterday I wore ostrich?” Langner loves the attention that his theories have gotten. He is waiting, he says, for “an American chick,” preferably a blonde, and preferably from California, to notice his blog and ask him out.

Last fall Langner and I spent two days together in Hamburg, including some time in the office where he and his employees demonstrated Stuxnet’s attack method on computers and Siemens controllers they had infected with the malware. Langner’s office is comfortable but spare. Industrial-control security is not very lucrative, mostly because industry does not do much to guard the safety of its processes. A minority of industries in a minority of countries are forced to do so by regulation. The U.S. regulates systems security only for the commercial nuclear-power industry and, to a much lesser extent, the chemical industry. This laissez-faire arrangement has created vulnerabilities that Stuxnet laid bare.

Because there has as yet been no calamitous, headline-grabbing cyber-attack on critical civilian infrastructure, many corporations see Langner and his ilk as boys crying wolf. Langner, who talks with his hands, arms, and elbows, finds such criticism upsetting and confusing. He frequently stretches to full wingspan and then wiggles all 10 fingers, as if playing a piano, to emphasize a point, and many of his points amount to bewilderment that owners of critical infrastructure can be so stupid as not to see the threats he sees. Still, he is not without hope. From the moment he released his Iran story on the Web, he says, one of his fondest wishes has been that “someday the world would say, Thank you, Ralph. You were right.”

State’s Evidence
On November 12, Stuxnet analysts caught a huge break. After receiving a tip from a Dutch computer expert, a researcher at Symantec, in California, which had by now become the most prominent analyst of the virus, announced that the company had identified the specific target of one of Stuxnet’s two warheads. This warhead, as it turned out, was aimed at frequency-converter drives, which can be used to control the speed of spinning centrifuges. Specifically, when Stuxnet finds a particular configuration of frequency-converter drives made by the Iranian company Fararo Paya and the Finnish company Vacon, the worm runs rogue code to alter the drives’ speed. If the drives were connected to centrifuges, this could damage or destroy the machines. The warhead also runs another set of code, concealing the change that it has made.

For Frank Rieger, who had been the first to argue that Stuxnet was aimed at the centrifuges in Natanz, this news came as vindication. A few weeks later, in Berlin, the morning after a fresh snowfall, Rieger stomped into the Chaos Computer Club (C.C.C.) hacker space, a giant rec room on Marienstrasse full of fake surveillance cameras, beat-up leather sofas, and lots of softly whirring fans cooling lots of computer processors. Rieger’s dark-blue-gray jumpsuit was caked with ice from his morning commute, which he makes on a large tricycle regardless of the weather. Beefy and taciturn, Rieger serves as spokesman for the C.C.C., the second-largest human-rights technology group in the world (after the Electronic Frontier Foundation). The group calls itself “a galactic community of life forms, independent of age, sex, race or societal orientation, which strives across borders for freedom of information.”

Unlike Langner, who enjoys publicity, Rieger seems leery of attention. He tries not to talk about sensitive topics via cell phone or e-mail, because, he says, “I do not want to become a person of interest.” In fact, he is already a person of interest: it was a U.S. government official who urged me to visit Rieger, saying that his research “is the closest thing to the true picture of Stuxnet that has been made public yet.”

During the summer, Rieger had traveled to six European countries to meet with members of each nation’s Stuxnet-analysis group. He spoke with high-level intelligence sources in three of those countries. He told me that all three have provisionally concluded that Stuxnet was a joint operation of the U.S. and Israel.

Based on these conversations, Rieger came to believe that Stuxnet was deployed by a U.S. intelligence organization, not a military unit, because intelligence operations are more deniable and their activities are seldom regarded as overt acts of war—even if the resulting damage has war-like effects. Rieger believes Stuxnet was spread by the Israeli intelligence agency Mossad. He points out that the assassination of one Iranian nuclear scientist and the attempted killing of another in Tehran on November 29 employed techniques similar to those used in other attacks by Mossad. (Mossad could not be reached for comment.)

Stuxnet, Rieger suggests, may be a new expression of a long-standing American tradition of sabotaging enemy technology. During the Reagan administration, France gave the U.S. a cache of secret Russian documents known as the Farewell Dossier, which included a shopping list of Western computer software and hardware that the Soviets wanted. Based on this intelligence, the U.S. and Canada conspired to put faulty controllers in Russian hands, in due course causing an explosion on the trans-Siberian gas pipeline so large that it could be seen from space. In their book, Fallout, Doug Frantz and Catherine Collins describe covert joint operations involving the C.I.A., Mossad, and M.I.6 to sabotage critical components for Iran’s nuclear program, and Frantz speculates that the failure of those operations may have driven the intelligence agencies to make the leap to remote cyber-sabotage with Stuxnet.

Rieger came away from his investigation preoccupied with the many ways in which Stuxnet blurs old boundaries: “The interesting question, since it is in this gray area between military and intelligence and statecraft, is: Who controls these kinds of weapons politically? Who’s in charge of making sure they are used only against legitimate enemies?” With the arrival of weapons such as Stuxnet, Rieger says, clear lines of conflict between nations will be “grayed out into a fog of possibilities and options.”

In spite of Stuxnet’s many muddling effects, it also offers a clear answer to one of cyber-war’s most difficult problems. Academics and software developers have long wondered how cyber-attacks could be weaponized but remain side-effect-free. If you aim a cyber-weapon at a power station, how do you avoid taking out a hospital at the same time? “Stuxnet is a really good example of how to do that,” Rieger says, “how to make sure that you actually only run on the system that you’re targeting.” To Rieger, Stuxnet’s success on this point “shows that the effort put into its development has been on not just a technical level but a strategic level too, thinking through: How should the proper cyber-weapon be constructed?”

Stuxnet’s code telegraphs the inherent caution of its makers in yet another way: it has “fail-safe” features to limit its propagation. The USB-spreading code, for instance, limits the number of devices that each infected device can itself infect. (The limit is three, enough to create a moderate chain reaction, but not so many that its effects would rage out of control.) Most dramatically, on June 24, 2012, the worm will self-destruct altogether: erase itself from every infected machine and simply disappear. Analysts disagree on whether some of the code’s fail-safes actually work.

Richard Clarke, the former chief of counter-terrorism under Presidents Clinton and Bush, believes the fail-safes are an important clue to the malware’s source—they point to a Western government: “If a government were going to do something like this, a responsible government, then it would have to go through a bureaucracy, a clearance process,” he says. “Somewhere along the line, lawyers would say, ‘We have to prevent collateral damage,’ and the programmers would go back and add features that normally you don’t see in the hacks. And there are several of them in Stuxnet. It just says lawyers all over it.”

Consistency of Coincidences
Rieger’s hypothesis—that Natanz was the worm’s target—is now almost universally accepted as the explanation of Stuxnet’s purpose. Even Ralph Langner, the original Bushehr proponent, has come around to supporting it. The matter of attribution remains dicey, however, especially concerning the question of what role Israel may have played in the operation. Since last fall, those who believe Israel was involved have pointed to apparent clues in the injector’s code, such as “myrtus.” A further possible clue emerged in late December, when Felix Lindner, a Berlin security expert who goes by the nom de guerre “FX,” announced that all manually written functions in Stuxnet’s payload bear the time stamp “24 September 2007”—which happens to be the day Iranian president Mahmoud Ahmadinejad spoke at Columbia University, in New York, and questioned whether the Holocaust had in fact occurred. Many cyber-warfare and intelligence experts, such as Sandro Gaycken, of the Free University of Berlin, say such signs are so obvious that they could well be “false flags,” planted to mislead investigators and complicate attribution.

There is a marked difference in design style between Stuxnet’s injector and its payload. Tom Parker, a Washington, D.C.- based security researcher, argues from this fact that two nations were involved in the worm’s creation, implying that a major Western power, such as the U.S., may have developed the sleek warheads and that another nation, such as Israel, was responsible for the injector program.

Once the two elements were married, the entire package might then have been delivered to someone with access to Natanz (or to a related installation). Wittingly or not, this Patient Zero began the infection process, perhaps by plugging a USB flash drive into a critical network. The virus probably spread with the help of foreign contractors and engineers, whose computers were infected during visits to Iranian installations.

Those skeptical of a U.S.-Israel scenario find it implausible because, as one former intelligence officer explained, the level of trust between the two countries’ intelligence and military establishments is not high. Other former C.I.A. officers, including Reuel Marc Gerecht, now director of the Middle East Initiative at the Project for the New American Century, are more open to the possibility of an Israeli connection. Another former C.I.A. official believes that “the non-extraterritoriality” of Stuxnet would encourage the agency to engage in a joint operation. “You’re not putting a human being in harm’s way. Someone’s not personally carrying in something that could explode, spread disease, or emit radiation. It’s a totally harmless digital item.”

Indeed, it’s possible that more than one country was involved in Stuxnet’s deployment. Jordan is the object of much speculation. Majid Shahriari, the nuclear physicist who was killed in Tehran in November, was involved in a project called “Synchrotron-light for Experimental Science and Applications in the Middle East” (sesame), which aims to build an international scientific-research center in Jordan. U.S. intelligence has long had trouble making contacts among Iranian scientists, according to Gerecht, and sesame offered a possible opportunity, on friendly turf. “I wouldn’t be surprised,” he says, “if that were the primary, perhaps the only, harvesting ground for the individuals who put out the virus.” Gerecht notes that French, Israeli, and Jordanian intelligence have all monitored Iranian involvement in sesame. Any of these countries could have helped facilitate Stuxnet’s deployment.

In January, when longtime Mossad chief Meir Dagan retired, more evidence of Israel’s involvement seemed to appear. Dagan said that the Iranian nuclear-weapons program had run into technical difficulties and been set back by several years, thanks in part to “measures that have been deployed against them”—a remark that some interpreted as a veiled reference to Stuxnet. (Citing the effectiveness of economic sanctions, Secretary of State Hillary Clinton endorsed this “setback” view.) The next week, on January 16, The New York Times reported that Israel had performed crucial tests on Stuxnet at a uranium-centrifuge test bed—which may have been a mirror site of the mechanical system at Natanz—constructed at the secretive Dimona weapons complex in the Negev Desert. Though the headline was stirring—israel tests called crucial in iran nuclear setback—the evidence was shaky.

Dimona does have a collection of centrifuges, but it is not known whether they include P-1s, which were peddled on the black market throughout the Middle East and Asia by Pakistani scientist A. Q. Khan and are among those used at Natanz. The Times story cited an anonymous nuclear-intelligence expert who said that Dimona tested Stuxnet on P-1-style centrifuges. And in asserting that “Israeli intelligence had asked retired senior Dimona personnel to help” with an operation concerning Iran, the story cited Avner Cohen, an expert on Israel’s weapons program, and the author of The Worst-Kept Secret: Israel’s Bargain with the Bomb. But Cohen, when pressed, admitted to me that his own source for that information was secondhand.

Such connections do not necessarily implicate Israel in Stuxnet’s development—and the article’s better-documented evidence, though relegated to the background, actually concerned America’s involvement. The United States, too, has a cache of P-1s, and U.S. intelligence has advocated studying the machines’ vulnerabilities at least since 2004. The Times also made an argument that originated with Ralph Langner—that Siemens and the Idaho National Laboratory collaborated in 2008 on a study of some of the very same vulnerabilities in Siemens’s S7 controllers that would be exploited by Stuxnet. The Times wrote that I.N.L. refused to comment on whether it had shared information on those vulnerabilities with American intelligence. In a statement to Vanity Fair, a lab spokesman wrote, “Idaho National Laboratory was not involved in the creation of the stuxnet worm. In fact, our focus is to protect and defend control systems and critical infrastructures from cyber threats like stuxnet and we are well recognized for these efforts. We value the relationships that we have formed within the control systems industry and in no way would risk these partnerships by divulging confidential information.”

At Siemens headquarters, in Nuremberg, when I asked a technical specialist with firsthand knowledge of the company’s controller research with I.N.L. whether he or anyone else at Siemens had been involved in any way in the creation, testing, or deployment of Stuxnet, he responded, staring down into his lap, “You mean in the first place?,” and then, making eye contact not with me but with the company publicist, who was also in the room, answered, “No, to my best knowledge.”

Ralph Langner was the Times story’s only named source for technical information about Stuxnet, and one person who was interviewed for it told me that “John Markoff said that everything that was published [about the impact on Natanz] was based on Langner’s research. That’s troubling, because Ralph doesn’t know anything about centrifuges.” (Markoff, one of the story’s authors, says that he consulted multiple sources, and Langner admits, “I’m not a centrifuge expert,” but says that he regularly speaks with such experts.) Langner’s feelings about Iran sometimes color his explanations of Stuxnet to the press. In one e-mail exchange with me, he wrote, “An infection with Stuxnet doesn’t render the controller useless, [the controller] just needs to be reprogrammed and the problem is gone. I know I suggested a little bit different in my interview with the Jerusalem Post, but that was just one of my small efforts to make the situation even worse for Tehran.”

Gary Sick, a former member of the National Security Council who was the chief White House aide for Iran during the revolution and hostage crisis, was struck by the Times story’s timing. On January 20, just four days after the story was published, diplomatic negotiations on the Iranian nuclear program were scheduled to resume, this time in Istanbul. With President Obama under pressure to do more to curb Iran’s nuclear program, the Times story probably had a number of politically desirable effects, as Sick observes: “It takes the pressure off the U.S., takes some of the pressure off Israel, gives Meir Dagan a chance to pat himself on the back, makes the Israelis feel more confident of their connection with the U.S., and it gives the Americans more maneuvering room in the negotiations”—by expanding the margin of plausible deniability of U.S. involvement in Stuxnet. “What’s not to like?”

Cloak-and-dagger posturing about Stuxnet continues to swirl. According to the Israeli newspaper Haaretz, guests at a retirement party for Israel Defense Forces chief of staff Lieutenant General Gabi Ashkenazi watched a video tribute to his career highlights—which included a reference to Stuxnet.

Yet there is vanishingly little doubt that the United States played a role in creating the worm. Some of the evidence for this is lying in plain sight: a consistent pattern of coincidences ties Stuxnet’s evolutionary stages to milestones in the development of Iran’s nuclear program. At each of these points, which often led to heightened tensions between the U.S. and Iran, Stuxnet upped its game.

There is some consensus that the earliest samples of Stuxnet date to June 2009, the point of maximum instability of the government of President Ahmadinejad, when the streets of Iran were filled with protesters against his election. The next month, WikiLeaks posted a note stating that an anonymous source had reported that there had been a nuclear accident at Natanz in early July. On July 16, the director of Iran’s nuclear program resigned. Official figures from the International Atomic Energy Agency (I.A.E.A.) later confirmed that a large number of centrifuges at Natanz had ceased to function around this time.

After U.N. inspectors visited a new uranium-enrichment plant being constructed near the Iranian holy city of Qom, tensions between the U.S. and Iran built steadily. In January 2010, Iran effectively rejected an I.A.E.A. proposal that would have required that most of its uranium enrichment take place abroad. The following week, the first sample of Stuxnet bearing a stolen digital signature appeared.

In February, the I.A.E.A. reported for the first time that Iran was actively seeking to produce nuclear weapons. The following month, Stuxnet added a new propagation mechanism: the ability to spread seamlessly and invisibly via USB sticks.

In April, Iran announced that it would begin construction of another uranium-enrichment plant. That month, the third variant of Stuxnet appeared. The United Nations, the European Union, and the United States all imposed new sanctions on Iran in June and July. At this same time, Stuxnet-infection numbers ballooned. And only in September, when saber rattling over Iran’s nuclear program peaked—reportedly, Israeli government leaders had come to believe that Iran would have the bomb by March 2011—did Stuxnet’s purported attack on Iran begin to be made public.

These coincidences suggest that Stuxnet’s evolution—and the public disclosure of its existence and alleged purpose—was deliberately paced and may have been coordinated with diplomatic and economic pressures to slow the progress of Iran’s nuclear program. Such measured tactical responses add to the sense that Stuxnet’s operators were circumspect about their sabotage, in ways that seem more characteristic of the U.S. than of Israel. As of this writing, I.N.L.’s statement to Vanity Fair is the first and only definitive statement by any U.S. government body either admitting or denying involvement in Stuxnet. When directly asked whether Stuxnet was part of a covert U.S. operation to sabotage Iran’s nuclear program, a C.I.A. spokesman declined to comment. A National Security Agency representative wrote via e-mail, “I don’t have any information to provide.” A U.S. Cyber Command official wrote, “U.S. Cyber Command has nothing further to add.”

The Fog of Cyber-War
Serious questions about Stuxnet’s genesis and effects remain. Not least is the question of what damage Stuxnet may actually have done to Natanz. Ahmadinejad, for what it’s worth, has claimed that Iran’s centrifuges fell victim to cyber-attack. The physicist David Albright, president of the Institute for Science and International Security (ISIS), has studied the possible impact on Natanz and found evidence of only a temporary slowdown. He says, “It appears on the surface that if they were attacked they have recovered and are moving on.” Yet based on a tip from Ralph Langner, combined with analysis by Symantec, ISIS asserted that the code of Stuxnet’s second warhead is hunting for an installation identical to a specific kind of centrifuge cascade at Natanz. Albright co-authored a report that called this “perhaps the strongest evidence” that Stuxnet is aimed at the facility. The same study posits that the worm did some “relatively limited damage” to Natanz. As a result, Albright is concerned that Iran “will feel they’ve been attacked and they can do something in return if they want to.” Albright worries, too, that the deployment of tactics such as Stuxnet is being done without effective oversight: “The intelligence committees on the Hill don’t provide real accountability.”

The cyber-world where Stuxnet lives is so murky, so hard to know the truth about, that some experts still question certain elements of the public story. From the beginning, many have found it odd that, of all the security companies in the world, an obscure Belarusian firm should be the one to find this threat—and odder still that the serial rebooting that gave Stuxnet away has been reported nowhere else, as far as most of the worm’s top analysts have heard. Such facts moved one former C.I.A. official to suggest that perhaps Stuxnet was not actually discovered—but dropped. Maybe its limited impact on Natanz indicates that it was not fully successful as a cyber-operation. After being detected by Iran, it may have been retooled by the country as “psyops”—psychological operations—against the West. Robert Baer, the former C.I.A. officer and author of The Devil We Know: Dealing with the New Iranian Superpower, says, “The moment Iran caught Stuxnet, they could easily have put out misinformation”—to the effect that their nuclear program had been set back several years—“simply to alleviate meetings in Western capitals. So that everyone will say, ‘All right, Stuxnet worked.’ ”

Regardless of how well it worked, there is no question that Stuxnet is something new under the sun. At the very least, it is a blueprint for a new way of attacking industrial-control systems. In the end, the most important thing now publicly known about Stuxnet is that Stuxnet is now publicly known. That knowledge is, on the simplest level, a warning: America’s own critical infrastructure is a sitting target for attacks like this. That aside, if Stuxnet really did attack Iran’s nuclear program, it could be called the first unattributable act of war. The implications of that concept are confounding. Because cyber-weapons pose an almost unsolvable problem of sourcing—who pulled the trigger?—war could evolve into something more and more like terror. Cyber-conflict makes military action more like a never-ending game of uncle, where the fingers of weaker nations are perpetually bent back. The wars would often be secret, waged by members of anonymous, elite brain trusts, none of whom would ever have to look an enemy in the eye. For people whose lives are connected to the targets, the results could be as catastrophic as a bombing raid, but would be even more disorienting. People would suffer, but would never be certain whom to blame.

Stuxnet is the Hiroshima of cyber-war. That is its true significance, and all the speculation about its target and its source should not blind us to that larger reality. We have crossed a threshold, and there is no turning back.

Original: http://www.vanityfair.com/culture/features/2011/04/stuxnet-201104?printable=true#ixzz1FWTVqRwQ