Recent revelations about http://www.guardian.co.uk/world/2012/jun/01/obama-sped-up-cyberattack-iran - - David Sanger's White House-authorized leak of classified information confirming US-Israeli collaboration in creating the Stuxnet and Duqu http://www.guardian.co.uk/technology/viruses - - Iran .
A former senior Israeli government minister has told us that, just as Sanger confirmed Stuxnet was created in partnership with the IDF's Unit 8200 cyber warfare unit, Flame was created by similar figures in http://www.guardian.co.uk/world/israel - - and damaged the National Iranian Oil Company's computer network last month, forcing some oil terminals to go offline.
Flame has even broader goals and capabilities. It targets specific computers and surveils the entire system, takes screenshots of instant messaging (IM) activity, and can turn on a microphone to monitor audio activity as well. Computers in a number of Arab countries deemed hostile to Israel (mostly Iran, but also Egypt, Jordan, Palestine and Russia) have been infected.
Our source also confirms that Flame is the first cyber weapon used by Israeli intelligence to target its own citizens also. For example, http://www.haaretz.co.il/news/politics/1.1725532 - - Obama administration saw cyber warfare as an inexpensive, non-lethal method of covert war against Iran that would keep Israel on a leash, preventing it from attacking Iran militarily. The US president judged a military strike as being a worse evil than computer sabotage.
But there are major problems with cyber warfare as a tool of national policy. First, if the US really does want to reduce Iran's perceived nuclear threat through negotiations, covert acts of sabotage only hinder such diplomatic efforts. The fiercely nationalist Iranians will not take kindly to such acts, particularly in light of cyber warfare being part of a broader and sometimes lethal campaign http://www.guardian.co.uk/world/julian-borger-global-security-blog/2010/dec/02/iran-nuclear-weapons - - Wall Street Journal reported a year ago that the Pentagon determined that computer sabotage may constitute an "act of war" against the http://www.guardian.co.uk/world/usa - - recent revival , then the US would be left with a bunch of sanctions and computer worms as a substitute for an articulate strategy toward Iran. If war is to be avoided, how do sanctions and cyber-attacks represent a substantive policy? As the Iraq experience taught us, failed sanctions may be merely a prelude to military operations.
There is a great danger of counterterror tactics and strategy, which includes cyber warfare, becoming a policy in and of itself. We've seen the use of drones to attack Islamist militants in http://www.guardian.co.uk/world/pakistan - - Scott Shane's New York Times investigative piece , which exposed the terror kill list personally vetted and approved by the president. Instead of having a genuine policy toward the Arab world, Obama seems to have an effective drone counterterror tactic that efficiently kills reputed Islamist terrorists in numerous Arab countries (along with several hundred innocent bystanders).
There's yet another troubling element of the Stuxnet story reported by Sanger. As http://gawker.com/secrecy/ - What defense can we then mount as we face such a tragedy, when it is we who, in effect, have unleashed this weapon upon the world? If a building, bridge, power plant or airliner fails through such sabotage, can we truly say we are innocent victims? Sanger's http://www.nytimes.com/2012/06/03/sunday-review/mutually-assured-cyberdestruction.html - When will we be ready to pursue this debate? After hundreds have been killed by a US nuclear plant explosion, or after one of our viruses runs rampant and poisons the water supply of a major Iranian city (to use but two of many possible examples)? Again, once we've used this weapon on our enemies, we've opened a Pandora's Box � which others will seek to exploit also. Are we so certain that our use of the cyber weapons has been and will continue to be just, pure and morally defensible, compared to those who follow us who may or may not have our compunctions? We should ask another question: how much benefit has the use of cyber sabotage brought us? A thousand centrifuges in Natanz (20% of Iran's inventory) destroyed. A nuclear program delayed by a few months, possibly a year. Is the potential short and long-term impact on the world worth such limited gains? Personally, we believe the national security considerations that approved the use of these cyber weapons were exceedingly short-term. We planted seeds and could reap the whirlwind.